AppzSight ("we," "our," or "us") operates four mobile applications: Write it (NotesK) — a comprehensive offline notes suite, ReportIt — an enterprise incident reporting app, KPI Collector — a personal KPI tracking journal, and Expense Tracker — a multi-currency personal expense manager. This Privacy Policy applies to all four applications.

Our Core Promise

All AppzSight apps are privacy-first. Your notes, reports, KPI data, images, and all personal information never leave your device and are never transmitted to us. We do not collect, store, or access any of your personal information across any of our apps. Zero personal data leaves your device. Ever.

1. Information We Do NOT Collect

Across all four apps, we do not collect, transmit, or store any of the following:

  • Personal identification information (name, email, phone number)
  • App content — notes, reports, KPI entries, or any data you create
  • Photos, images, or media attachments
  • Contact information
  • Device information or identifiers
  • Location data
  • Usage analytics or statistics
  • Crash reports or diagnostic data
  • Purchase history

2. Data Stored Locally on Your Device

All app data is stored exclusively on your device in encrypted app-private storage. No data is synchronized to the cloud or transmitted to our servers.

Write it (NotesK)

  • Text Notes: Content, formatting, text size preferences, RTL settings
  • Checklists: Items, completion status, order
  • Drawings: Base-64 encoded images from the canvas editor
  • Gallery Notes: Up to 7 photos per note with swipe pager data
  • Contact Notes: Names, multiple phone numbers, multiple emails
  • Tags & Folders: Organization metadata you create
  • Reminders: Dates, times, repeat schedules, notification data
  • Media: Photos (camera or gallery), voice recordings, PDF attachments (up to 50MB, Premium)
  • Settings: PIN/biometric settings (via Android Keystore / iOS Keychain), theme, language, premium status
  • Storage: Android: /data/data/[package]/ & MediaStore for exports  |  iOS: App sandbox & FileManager

ReportIt

  • Incident Reports: Report title, description, category, severity level, date/time
  • Photo Evidence: Photos attached to reports, stored in app-private storage
  • Report Status: Draft, submitted, and archived states
  • Email Configuration: SMTP settings stored locally if you configure email sending — never transmitted to us
  • App Settings: Preferences and notification settings

KPI Collector

  • KPI Definitions: Names, units, targets, and categories you define
  • Log Entries: Values, dates, and notes for each KPI entry
  • Goals: Target values, deadlines, and progress data
  • Chart Data: Trend data computed on-device from your entries
  • App Settings: Preferences and notification settings

Expense Tracker

  • Expense Records: Source name, amount, currency, required-by date, notes, color tag, split-payment instalments
  • Completed Records: Paid expense history with payment date and group metadata
  • Settings: Default currency, theme mode (light/dark/system), language (English/Arabic), PIN hash (SHA-256, never plain text), biometric preference
  • Storage: Android Room SQLite database in app-private sandbox (/data/data/[package]/)

We have no servers, no cloud storage, no backend infrastructure, and no ability to access your data from any of our apps.

3. App Permissions & Usage

Each app requests only the permissions necessary for its local functionality.

Write it (NotesK) Permissions

  • Camera: Capture photos for gallery notes and image attachments. Photos saved locally only.
  • Storage / Files & Media: Save notes, images, backups, and exports to device storage.
  • Notifications: Send reminder alerts for scheduled notes. No data transmitted.
  • Biometric (Fingerprint/Face ID): Optional app and per-note locking. Biometric data never leaves the secure hardware.
  • Alarm & Reminders: Schedule notification triggers for note reminders.
  • Microphone (Optional): Only requested when you first attempt to record a voice note. Audio files stay on your device and are never transmitted.
  • Read Contacts (Optional): Only used when you explicitly choose "Import from Device." 100% on-device — we never access your contacts otherwise.
  • Internet: Google Play Billing (purchases), Google Play In-App Review (ratings prompt), and on-demand link preview metadata when you paste a URL in a Link note. No personal data transmitted to us.

ReportIt Permissions

  • Camera: Capture photo evidence for incident reports. Photos stored in app-private storage only.
  • Storage / Files & Media: Save reports, photo attachments, and exported files to device storage.
  • Notifications: Local notifications for report reminders. No data transmitted.
  • Internet: Only used when you explicitly press "Send Report" to email a report via your configured SMTP server. The report content goes directly to your email recipient — not to us. No background network activity occurs.

KPI Collector Permissions

  • Storage / Files & Media: Save KPI data exports and backups to device storage.
  • Notifications: Reminder alerts for KPI logging. No data transmitted.
  • Internet (if applicable): Google Play Billing for premium features only. No KPI data is ever transmitted.

Expense Tracker Permissions

  • Biometric (Fingerprint/Face ID): Optional app lock. Authentication handled by device secure hardware via Android BiometricPrompt. No biometric data is stored by the app.
  • No Camera: Expense Tracker does not request or use the camera.
  • No Internet: Expense Tracker is fully offline — no network permission is declared. No data ever leaves your device.
  • No Contacts, No Microphone, No Location: None of these permissions are requested.

What None of Our Apps Have

  • ❌ Location services — We never track your location
  • ❌ Device identifiers (IMEI, Android ID, MAC address)
  • ❌ Advertising ID — explicitly removed from all apps
  • ❌ Background data upload of any kind
  • ❌ Analytics or telemetry SDKs
  • ❌ Crash reporting services

4. App Features Overview

Write it (NotesK) — Notes Suite

10 note types including text, checklists, drawings (Premium), photo gallery, contacts, audio, links, and tables. All work 100% offline with zero cloud sync. Supports 27 languages with full RTL support.

ReportIt — Incident Reporting

Professional incident reporting with photo capture, severity levels, and category classification. Reports are composed and stored entirely on-device. Email sending is an explicit user-triggered action; no automated data transmission ever occurs.

KPI Collector — Personal KPI Tracking

Define and track personal performance metrics with daily logging, goal setting, and trend visualization. All calculations and chart rendering happen on-device. Available on Android and iOS.

Expense Tracker — Multi-Currency Expense Manager

Track personal and business expenses with multi-currency support (20 currencies), color tagging, split-payment instalments with exact decimal arithmetic, and mark-as-paid workflow. Fully offline — no internet permission. Supports English and Arabic with full RTL layout. PIN and biometric lock available.

5. Backup, Export & Import

Write it (NotesK)

  • ZIP Backup: Export all notes + images into a single ZIP file to Downloads/NotesK/
  • Auto-Backup (Premium): Daily scheduled backups + on-change backups to device storage only
  • JSON / CSV / PDF / PNG Export: Multiple formats for full data portability
  • Print: Via Android print framework
  • Import: NotesK ZIP/JSON/CSV backups, Google Keep ZIP (via Takeout)
  • Restore: Full restore from any backup with merge or replace options

ReportIt

  • Email Export: Send a formatted report to recipients you specify — triggered only by you
  • PDF Export: Generate a PDF of any report to your device storage
  • Local Archive: Reports remain on your device until you delete them

KPI Collector

  • Data Export: Export KPI logs to CSV or JSON to your device storage
  • Backup: Backup all KPI data locally to device storage

Expense Tracker

  • JSON Export: Export all active and completed expense data as a JSON file via the Android share sheet — save locally or send to an app of your choice
  • No cloud backup: Cloud backup and device-transfer backup are explicitly disabled. Data is never backed up to Google Drive or any cloud service.

Important: All exports and backups are saved to your device's local storage only. We do not receive, process, or have access to these files. You choose where to share or store exported data.

6. Security Features

Where applicable, our apps offer on-device security:

  • Write it: App-level PIN lock (4-digit, via device Keystore), biometric lock (Fingerprint/Face ID), per-note lock, configurable auto-lock timer. No biometric data stored by the app.
  • ReportIt: Device-level access protection (OS biometric/PIN). Report data stored in app-private sandbox.
  • KPI Collector: Data stored in app-private sandbox inaccessible to other apps. Sensitive settings stored via Android Keystore / iOS Keychain.
  • Expense Tracker: Optional PIN lock (SHA-256 hashed, never stored in plain text) and biometric lock via Android BiometricPrompt. Cloud backup explicitly disabled via android:allowBackup="false" and data extraction rules. All data in app-private sandbox.

7. Data Retention

  • Write it: Deleted notes move to Recycle Bin with 30-day auto-purge via background worker. Archived notes remain indefinitely. Manual permanent deletion available.
  • ReportIt: Reports remain on device until you manually delete or archive them. No automatic deletion.
  • KPI Collector: All KPI data and logs remain until you delete them. No automatic deletion.
  • Expense Tracker: Expenses remain until you manually delete individual records or use "Clear All Data" / "Clear Completed Records" from Settings. No automatic deletion.
  • All apps: Uninstalling the app removes all app data permanently from your device.

8. Third-Party Services

We use minimal third-party services across our apps. We use no analytics, no advertising networks, no crash reporters, and no tracking SDKs in any of our apps.

AppServicePurposeData Involved
Write itGoogle Play BillingOne-time Premium purchasePurchase token sent to Google only — not to us
Write itGoogle Play In-App ReviewPrompt you to rate the appNo personal data; handled entirely by Google
Write itLink Preview (HTTPS)Fetch Open Graph metadata when you paste a URL in a Link noteOnly the URL you pasted is fetched; no data sent to us
ReportItSMTP Email (JavaMail)Send incident report to recipient you specifyReport content goes directly to your email server — not to us. Only triggered by your explicit action.
KPI CollectorGoogle Play Billing (if applicable)Premium features purchasePurchase token sent to Google only — not to us
Expense TrackerNoneFully offline — no internet permissionNo network requests of any kind. No third-party services used.

What we do not use: ❌ Firebase  |  ❌ Analytics  |  ❌ AdMob / Ads  |  ❌ Cloud storage  |  ❌ Crash reporting  |  ❌ Authentication services

For Google's data practices, see Google's Privacy Policy.

9. Data Security Measures

All four apps protect your data with multiple layers:

  • Device-Level Encryption: Your data benefits from your device's full-disk encryption (when device lock is enabled)
  • App Sandbox: All data stored in app-private directories inaccessible to other apps
  • Secure Storage: Sensitive settings stored via Android Keystore / iOS Keychain
  • Minimal Network Surface: Internet is used only for explicitly triggered actions (Google Play services, email sending, link previews) — no background sync, no telemetry, no persistent connections
  • No Account Required: No login, no email, no passwords to compromise

10. Children's Privacy

None of our apps knowingly collect any information from anyone, including children under 13. Since we collect absolutely no data and have no external data communications, all four apps are safe for all ages. Parents can confidently allow children to use our apps knowing no information leaves the device.

11. Your Rights (GDPR/CCPA/Local Laws)

Because we collect zero personal data and store everything locally, most data privacy regulations have limited application. However, you retain absolute control across all our apps:

  • Right to Access: All your data is visible and accessible within each app at all times
  • Right to Delete: Delete any item instantly within each app. Uninstall to erase all data permanently.
  • Right to Port: Export your complete dataset anytime via the export features in each app
  • Right to Rectify: Edit any data directly within each app
  • Right to be Forgotten: Uninstall the app to remove all data permanently from your device
  • Right to Restrict Processing / Right to Object: Not applicable — we perform no data processing or tracking

12. Premium Features & Billing

Where premium features exist (e.g., Write it Premium), all billing is handled via Google Play. We do not see, store, or process any payment information. Premium status is stored locally on your device, not tied to user accounts.

13. Open Source & Transparency

Our apps are built with open-source technologies including Kotlin, Jetpack Compose, SwiftUI, Room Database, and CoreData. None of our apps contain proprietary tracking or analytics code. You can verify our privacy claims by inspecting each app's network permissions.

14. Changes to This Policy

We may update this Privacy Policy as features evolve. We will notify you of changes by posting the new policy in each app's Settings → About screen and updating the "Last Updated" date on this page. Since we collect no contact information, we cannot notify you directly — please check this page periodically.

15. Contact Us

For privacy-related questions, data export assistance, or to exercise your rights:


Costing SaaS — costing.appzsight.com

The following sections (16–20) apply exclusively to the Costing web application at costing.appzsight.com. This is a cloud-based SaaS product with an entirely different data model from our mobile apps.

16. What Costing SaaS Collects

Unlike our mobile applications, Costing (costing.appzsight.com) is a cloud-based SaaS platform that requires account registration and stores data on our servers in order to function. By using Costing, you agree to the data practices described below.

Account & User Data

  • Registration information: Name, email address, username, and bcrypt-hashed password (plain-text passwords are never stored)
  • Company profile: Company name, industry, country, address, VAT number, and company logo (optional)
  • User roles & permissions: Role assignment (Admin, CFO, Finance Manager, Cost Accountant, Procurement Officer, Production Manager)
  • Session tokens: JWT tokens (stateless, expiring) stored client-side in localStorage

Business Data

  • Bills of Materials (BOMs): BOM codes, component trees, quantities, units, versions
  • Materials & Costs: Material names, unit costs, supplier data, landed cost components (freight, duty, insurance)
  • Cost Sheets: Calculated material, labor, and overhead costs per BOM version
  • Budgets & Scenarios: Budget periods, what-if scenario parameters, comparative analysis data
  • Labor Rates & Overhead Types: Hourly rates, overhead drivers, activity-based cost data
  • Supplier Quotes: Supplier names, price history, quote dates
  • Legal Entities: Entity names, codes, currencies, countries (for multi-entity reporting)

Operational Data

  • Audit Log: Every create, update, delete, and approval action is recorded with the user ID, timestamp, and action type. This is required for SOC 2 compliance and cannot be disabled.
  • IP Addresses: Recorded in audit logs for security and rate-limiting purposes. Not shared with third parties.
  • API Keys (hashed): If you generate API keys for ERP integration, we store a SHA-256 hash of the key. The plain-text key is shown once and never stored.
  • Webhook Configurations: ERP endpoint URLs, event subscriptions, and secret header values you configure

Billing Data

  • Billing is processed through Stripe (international) and Moyasar (KSA — Mada, STC Pay, Apple Pay). We do not store credit card numbers or payment credentials. Stripe and Moyasar handle PCI-DSS compliance.
  • We retain: subscription plan, billing status, payment date, and invoice references only.

17. How We Use Costing Data

  • Service delivery: To calculate costs, generate reports, run approval workflows, and deliver the SaaS features you subscribed to
  • Security & audit: Audit logs protect you and us from unauthorized changes; IP logging enables rate limiting and intrusion detection
  • ERP Integration: If you configure webhooks, we transmit BOM approval events to your ERP endpoints on your behalf
  • Support: If you contact us, we use your account data to assist you
  • We do not use your business data for advertising, profiling, or AI training. We do not sell data to third parties.

18. Data Storage & Security (Costing SaaS)

  • Hosting: Microsoft Azure — UAE North region (Dubai data center). All data stays within the UAE/GCC region.
  • Encryption in transit: TLS 1.2+ enforced on all connections (HTTPS)
  • Encryption at rest: Azure-managed encryption for all stored data
  • Database: PostgreSQL 16 with per-company data isolation (multi-tenant row-level isolation enforced by application)
  • Passwords: bcrypt-hashed with cost factor 10 — never stored in plain text
  • API Keys: SHA-256 hashed — the raw key is only shown at generation time
  • Redis Cache: In-memory only; sensitive data is not persisted to Redis
  • Backups: Automated nightly database backups retained for 7 days

19. Your Rights (Costing SaaS)

  • Access: All your data is accessible in the Costing dashboard at all times
  • Export: Export BOMs, cost sheets, and reports as PDF or Excel at any time from the Reports section
  • Deletion: Use the Settings → Danger Zone to delete specific data categories. To delete your entire account and all associated data, email [email protected]. Account deletion is completed within 30 days.
  • Audit log: The audit log cannot be deleted by users — it is a compliance requirement. Audit logs are purged after 12 months.
  • Data Portability: Contact us to request a full data export in JSON format

20. Retention (Costing SaaS)

  • Your business data is retained for the duration of your subscription plus 90 days after cancellation
  • After 90 days post-cancellation, all company data is permanently deleted
  • Audit logs are retained for 12 months regardless of subscription status
  • Billing records are retained for 7 years as required by Saudi VAT and tax regulations

Questions About Our Privacy Policy?

Contact us directly for any inquiries regarding our data practices.

Summary (Mobile Apps): All four AppzSight mobile apps — Write it (NotesK), ReportIt, KPI Collector, and Expense Tracker — are privacy-first. Your data stays on your device. We collect nothing personal. We track nothing. We have no servers for mobile apps. Internet is used only for Google Play services, link previews you explicitly trigger, and email sending you initiate in ReportIt. Expense Tracker has zero internet permission — it is completely offline. Your privacy is our priority.

Summary (Costing SaaS): Costing (costing.appzsight.com) is a cloud SaaS. It requires an account and stores your business data (BOMs, costs, users) on Azure UAE North servers in order to function. We use this data only to deliver the service. We do not advertise, profile, or sell your data. All data stays in the UAE region. See Sections 16–20 for full details.