LaterBox by XCore Apps

Privacy Policy

Last updated: February 6, 2025

LaterBox ("we", "our", "us") is a personal note-taking and task management app developed by XCore Apps. Your privacy is fundamental to how we build and operate LaterBox. This policy explains in detail what data we collect, why we collect it, how we use it, and the choices you have.

    Our core principle: LaterBox is designed to work fully offline and locally on your device. You are never required to create an account, share personal data, or connect to our servers to use the app. All your notes, threads, and tasks are stored locally on your device by default. Personal data is only collected if you voluntarily opt into specific features like cloud sync or account creation.
  

1. Data We Collect

1.1 Data stored locally on your device (no account required)

When you use LaterBox without an account, all data remains entirely on your device:

Notes, threads, and tasks you create
App preferences and settings (theme, font, minimal mode, etc.)
Media attachments (photos, audio, documents) you add to notes
Location data attached to notes (only when you explicitly choose to attach a location)

This data never leaves your device unless you choose to enable sync. We have no access to it.

1.2 Data collected when you create an account (optional)

If you choose to create an account to enable cloud sync, we collect:

Email address or phone number: Used solely for account verification and sign-in. We send a one-time verification code; we do not send marketing emails or promotional messages.
Display name: A name you choose to identify your account. This can be any name you like and does not need to be your real name.
Username: An optional identifier you can set for your account.

1.3 Data synced to our servers (only with sync enabled)

If you create an account and enable sync, the following data is transmitted to and stored on our servers:

Notes, threads, and tasks (content, timestamps, metadata)
Thread settings (name, icon, wallpaper, pinned status)
Task details (reminders, completion status)
Note metadata (starred, locked, edited status)

Sync is a feature you opt into. You can disable sync at any time from the app settings, and you can delete all remote data from within the app.

1.4 Data we do NOT collect

We want to be explicit about what we do not collect:

We do not collect analytics or usage tracking data
We do not collect device identifiers or advertising IDs
We do not collect browsing history or app usage patterns
We do not collect contacts (the contacts permission is only used locally if you choose to share a note, and contact data is never sent to our servers)
We do not collect location data in the background (location is only accessed when you explicitly attach it to a note)
We do not use cookies or tracking pixels

2. How We Use Your Information

The data we collect is used strictly for the following purposes:

Account verification: Your email or phone number is used to send a one-time verification code when you sign in. No other communications are sent.
Cloud sync: If enabled, your notes and threads are synced to our servers so you can access them across devices.
App functionality: Your account information is used to associate your synced data with your account.
Support: If you contact us, we may use your account information to respond to your request.

We do not use your data for advertising, profiling, recommendations, or any purpose other than providing the core app functionality you have opted into.

3. Data Storage and Security

3.1 Local storage

Data stored locally on your device is kept in a SQLite database within the app's private storage area. This data is protected by your device's built-in security (screen lock, encryption). We do not have access to locally stored data.

3.2 Server storage

If you use cloud sync, your data is stored on secure servers with the following protections:

All data in transit is encrypted using HTTPS/TLS
Database access is restricted and authenticated
Passwords are hashed using bcrypt and are never stored in plain text
Authentication is handled via JSON Web Tokens (JWT) with expiration

3.3 Data retention

We retain your synced data for as long as you have an active account. When you delete your account, all associated data is permanently removed from our servers. There is no recovery period — deletion is immediate and irreversible.

4. Third-Party Services

To provide specific functionality, we use the following third-party services. Data is shared with these services only as necessary for their specific function:

MongoDB Atlas (MongoDB, Inc.) — Cloud database hosting. Stores your synced notes, threads, and account data. Privacy Policy
Render (Render Services, Inc.) — Server hosting. Hosts our backend API. Privacy Policy
ZeptoMail (Zoho Corporation) — Email delivery. Used only to send verification codes to your email address when you sign in. Privacy Policy
Twilio (Twilio, Inc.) — SMS delivery. Used only to send verification codes to your phone number when you sign in. Privacy Policy

We do not use any analytics SDKs, crash reporting services, or advertising networks.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or share your personal data with third parties for their own purposes. Your data may only be disclosed in the following limited circumstances:

Service providers: As listed in Section 4, strictly to operate the app's features.
Legal requirements: If required by law, subpoena, or court order.
Safety: To protect the rights, safety, or property of our users or the public, if required by law.

6. Your Rights and Choices

You have full control over your data:

Use without an account: You can use LaterBox entirely offline without sharing any data with us.
Disable sync: You can turn off cloud sync at any time in the app settings. Your data will remain local only.
Delete remote data: You can delete all data stored on our servers from within the app, without deleting your account.
Delete your account: You can permanently delete your account and all associated data from within the app at any time.
Access your data: You can export your notes and threads from within the app.

7. Permissions

LaterBox may request the following device permissions. Each is optional and only used when you initiate the related feature:

Camera / Photo Library: Only accessed when you choose to attach a photo or media to a note.
Microphone: Only accessed when you choose to record an audio note.
Location: Only accessed when you choose to attach your location to a note. Never accessed in the background.
Contacts: Only accessed locally when you choose to share a note. Contact data is never sent to our servers.
Notifications: Only used for task reminders you have set.

Denying any permission will not affect the core functionality of the app. Only the specific feature requiring that permission will be unavailable.

8. Children's Privacy

LaterBox is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data through the account creation process, please contact us and we will promptly delete it.

9. International Data Transfers

Our servers may be located in regions different from your own. By using the cloud sync feature, you consent to the transfer and storage of your data in these locations. All transfers are protected by HTTPS/TLS encryption.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you through the app. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or your data, please contact us at:

Email: laterbox@xcoreapps.com

Developer: XCore Apps