Back to App
noxra Logo

Noxra - Privacy Policy

Legal Documentation

Effective Date: March 12, 2026

Noxra ("we," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our mobile application.

By using Noxra, you agree to the practices described in this policy.

Google API Limited Use Disclosure

Noxra's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1. Data Accessed (Google User Data)

To provide core productivity features, Noxra requests access to specific types of Google user data through OAuth2 authentication. We only access the minimum data necessary for the following features:

Google Calendar Events (https://www.googleapis.com/auth/calendar.events)

Data Accessed: Ability to view, create, edit, and delete events on your primary Google Calendar.

Purpose:

  • Meeting Integration: Noxra creates calendar events with Google Meet links for your scheduled tasks.
  • Status Sync: Updates event titles (e.g., adding '[DONE]') when tasks are completed to keep your schedule accurate across devices.
  • Availability Visualization: Displays upcoming appointments to help you schedule "Deep Work" sessions without conflicts.
  • Lifecycle Management: Automatically updates or removes events if the associated task is modified or deleted in the App.

2. Data Security & Protection

We take reasonable and appropriate steps to protect your data from unauthorized access, loss, or disclosure. We ensure all user data is secure both in transit and at rest:

  • Security in Transit: All communication between Noxra and Google API services is performed exclusively over encrypted channels using HTTPS with 128-bit SSL/TLS encryption. This prevents interception of your data during transmission.
  • Security at Rest:
    • Tokens: Your Google OAuth2 refresh tokens are stored using device-level encryption (specifically the Android Keystore), ensuring they cannot be accessed by other applications.
    • Local Content: Your task and schedule data is stored in a structured local database on your device. We encourage users to use device-level security (passwords, biometrics) to further protect this local storage.
  • Data Isolation: Noxra follows a "Zero-Retention" policy for Google API data. Information fetched from Google (like calendar event lists) is processed in real-time to populate the App's UI and is not persisted in long-term storage or cached beyond the current session's needs.

3. Child-Directed & Mixed Audience Policy

Noxra is a Mixed Audience application. While it is designed for general productivity, we do not intentionally target children under the age of 13.

  • No Mandatory Sign-In: Noxra does not require a Google Account sign-in for its core task management features.
  • Optional Features: Google Sign-In and Calendar integration are optional features. Users under 13 should not use these Google-connected features.

4. Data Sharing & Disclosure

Noxra does not share, sell, or trade your personal data with third parties. Your data is used exclusively to facilitate the productivity features within the App. Outside of the mandatory disclosures below regarding AI processing, we do not share your information with any external services.

5. AI-Powered Features & Data Privacy (Gemini API)

Noxra uses the Google Gemini API to power smart features such as task analysis, milestone generation, and productivity summarization. The privacy of your data during these operations depends on the API key configuration provided in the App settings:

  • Free Tier API Keys: If you use a Free (unpaid) Gemini API key, Google's terms specify that the data you submit (including task descriptions, work logs, and AI prompts) may be used by Google to improve their products, train machine learning models, and may be reviewed by human annotators.
  • Paid Tier API Keys: If you use a Paid API key (with Google Cloud Billing enabled), Google does not use your data to train its models. We strongly recommend using a Paid Tier key for maximum privacy.
  • Data Processed: Only data directly relevant to your productivity tasks (title, description, voice logs, milestones) is sent for AI analysis. We do not send your email address or other identity-related Google user data to the Gemini API.

6. Your Rights & Data Deletion

You have full control over your data at all times:

  • Revoking Access: You can disconnect your Google Account at any time through the App's settings or via your Google Account Security Dashboard.
  • Self-Service Deletion: Deleting the App from your device immediately and permanently deletes all locally stored data.

7. Contact Us

If you have any questions about our privacy practices, please contact us at bliszkot@gmail.com.

© 2026 Bliszkot. All rights reserved.