Legal document

Privacy Policy

Last updated: February 27, 2026

This Privacy Policy describes how personal data is collected, used and protected when you use the ReAnota application and this support website.

1. Data controller

Controller: Nani Green SL
Brand / app: ReAnota
Contact email: support@reanota.com

2. Data we may collect

• Account data (e.g., email, user identifiers).
• App usage data (interactions, features used, technical logs).
• Content the user chooses to save in the app (notes, annotations, texts, images or other files, depending on activated features).
• Technical device data (model, operating system, language, errors/crashes, approximate IP, depending on integrated tools).
• Support data when you contact us.

The application may request access to the device camera exclusively to allow the user to capture images of book pages or other content they wish to digitize. These images are used to process text through optical character recognition (OCR) technologies. Camera access is not used for continuous recording or advertising purposes.

3. Purposes of processing

• Provide and maintain the operation of the app and website.
• Manage user accounts, authentication and access.
• Improve the product, performance and user experience.
• Handle support requests.
• Comply with legal obligations.
• Manage subscriptions, licenses or usage limits (if applicable).
• Process images captured by the user to extract text via OCR.
• Generate automated responses through artificial intelligence services based solely on the content provided by the user.

4. Legal basis

• Performance of the contractual or pre-contractual relationship (use of the app/service).
• Legitimate interest for service improvement and security.
• Consent, when necessary.
• Compliance with legal obligations.

5. Third-party services

ReAnota uses the following third-party services:

• Firebase Authentication (Google LLC) — account management.
• Cloud Firestore (Google LLC) — data storage.
• Firebase Cloud Storage (Google LLC) — secure storage of images and files.
• Firebase Cloud Functions (Google LLC) — server-side processing.
• Artificial Intelligence Services (specialized external providers) — text processing and response generation based exclusively on the content the user decides to send.

These providers act as data processors and apply security measures in accordance with international data protection standards.

6. International transfers

Some of the aforementioned third-party services may involve data transfers to servers outside the European Economic Area (EEA). In such cases, adequate protection mechanisms are guaranteed in accordance with the GDPR (standard contractual clauses, adequacy decisions, etc.).

7. Data retention

We retain data for as long as necessary to provide the service, comply with legal obligations and resolve incidents or disputes. When you delete your account, your personal data will be removed within a reasonable period, unless there is a legal obligation to retain it.

8. User rights

In accordance with the GDPR, you may exercise the following rights:

• Access — know what personal data we process about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request the deletion of your data. Also see our data deletion page.
• Objection — object to processing in certain circumstances.
• Restriction — request restriction of processing.
• Portability — receive your data in a structured format.

To exercise your rights, contact us at: support@reanota.com

You may also file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Account deletion

Users may request account deletion by sending an email to support@reanota.com. Once the request is verified:

• Authentication data will be deleted.
• Stored annotations, texts and images will be deleted.
• Records associated with the user profile will be deleted.

Deletion will be completed within a maximum of 30 days, unless there is a legal obligation to retain the data.

10. Security

We apply reasonable technical and organizational measures to protect information against unauthorized access, loss, alteration or improper disclosure. These include: encryption in transit (TLS/SSL), secure authentication and role-based access control.

Data stored in Firebase is encrypted at rest and in transit in accordance with Google Cloud security standards.

11. Minors

ReAnota is not intended for children under 16. We do not intentionally collect data from minors without verifiable consent from their legal representatives.

12. Changes to this policy

We may update this Privacy Policy to reflect legal, technical or functional changes. The updated version will be published on this same page with the date of last modification.

13. Contact

For any questions about privacy or data processing:
support@reanota.com