This page explains what data we collect, why, and how long we keep it. The short version: as little as possible, never sold, never shared with marketing partners.
1. The Nori app
Local-first. Your screenshots, edits, OCR extractions, blur regions, saved projects — every piece of content you create with Nori lives on your machine and never reaches us. The app does not send crash reports or usage telemetry, and it contains no third-party tracking or analytics SDKs of any kind.
Update check (opt-out)
Nori checks GitHub Releases for a newer signed build when you launch the app, and again when you click Check for updates in Settings → About. The check is a single anonymous HTTP GET request to a public release manifest — the same kind of request a web browser makes for a page. No identifiers, no user data, no device fingerprint, and no cookies are sent or stored.
You can disable this entirely by toggling off Check for updates automatically in the same settings panel. Nori then never reaches the network on its own. You can still trigger a manual check on demand.
If you choose to install an offered update, the binary download is a second request (also anonymous, also to GitHub). Update bundles are verified against a cryptographic signature built into your installed copy before they are allowed to install.
Licence activation
When you paste your licence key into the app for the first time, Nori contacts our payments provider (see § 4) to verify the key. The request contains the key itself and a generated device identifier. No screenshots, no project files, no clipboard contents, no usage information is included. Once activated, no further licence checks happen unless you manually deactivate and re-enter the key.
2. This website
Server logs
Our hosting provider keeps standard access logs for technical operation: IP address, timestamp, requested URL, user-agent string. These logs are deleted after 7 days and used only to diagnose service issues or block abuse. We do not analyse them for profiling.
Cookies
This website does not set tracking cookies. We do not use Google
Analytics, Facebook Pixel, Plausible, Fathom, or any analytics tool.
The only local storage we may use is functional — for example, your
dashboard remembers your licence key in localStorage so
you don't have to re-enter it. You can clear this at any time by
clicking Clear key on the dashboard.
Fonts
Typefaces (Shippori Mincho, Murecho, Geist Mono) load from Google Fonts. Google receives your IP address as part of standard CDN delivery. Their privacy policy applies: policies.google.com/privacy.
3. When you contact us
If you email us at info@codepa.de, we store your email, your message, and any attachments for as long as is necessary to respond and — if a support context demands — for up to 24 months as part of the support history. After that, the conversation is deleted.
4. Payments & licensing
Purchases are processed by our merchant of record, Lemon Squeezy, Inc., which acts as the seller, collects taxes, and issues receipts. When you buy a Nori licence, Lemon Squeezy collects: your email address, billing address (for VAT), payment information, purchase amount, and IP address.
We receive: your email address, the product purchased, and the licence key generated for you. We never see your full payment information.
Lemon Squeezy's privacy policy: lemonsqueezy.com/privacy.
5. Newsletter (optional)
If you subscribe to our release newsletter, we store your email address and the subscription timestamp. We use it only to send release notes when something new ships — typically once every few weeks, never more than once a week. One click in any email unsubscribes you and deletes the address.
6. Your rights (GDPR)
If you are located in the EU / EEA / UK, you have the right under the GDPR to:
- Access any personal data we hold about you
- Have inaccurate data corrected
- Have your data deleted (right to be forgotten)
- Restrict processing of your data
- Receive your data in a portable format
- Object to processing on grounds of legitimate interest
- Withdraw consent at any time
- Lodge a complaint with your local supervisory authority
To exercise any of these rights, email us at info@codepa.de. We respond within 30 days, usually much sooner.
7. Changes to this policy
We will update this policy if our practices change — for example, if we add a new service. The "Last updated" date at the top of this page reflects the most recent change. Material changes will also be announced in our newsletter.
8. Operator
The data controller for the purposes of the GDPR is the operator listed in the Imprint.