Tipot — Privacy Policy

Last updated: 25 May 2026

Tipot ("the app") is a notes and todo app published by Popup Bits Pvt. Ltd.. This page explains what data the app handles, how it is protected, and your rights.

The short version

  • Tipot is offline-first. By default, your notes and todos live only on your device.
  • Creating an account is optional, and is only used to sync your data across your devices. If you create one we collect your email and a password (hashed by our backend).
  • We do not sell your data. We do not run analytics or advertising SDKs inside the app.
  • Contacts access is optional and used only to link people to your todos on your device.
  • You can delete your account and all synced data at any time — see the account deletion instructions.

Information we collect

  • Your content — the notes, blocks, todos, reminders, and related metadata (dates, ordering, links between items) that you create. This is the data the app exists to manage. It is always stored locally on your device.
  • Account details (only if you choose to sync) — email address and a password you choose. The password is stored as a salted hash by our authentication provider; we never see your plaintext password. An optional display name may also be stored.
  • No tracking data — we do not collect device identifiers, location, or advertising IDs, and there are no analytics or advertising libraries in the app.

How sync works

Sync is opt-in. If you sign in, your notes and todos are copied to an Appwrite backend project operated by Popup Bits Pvt. Ltd. so they're available on your other devices. If you never sign in, nothing leaves your device. A local SQLite database always holds your data so the app works fully offline.

Permissions the app requests

  • Contacts (optional) — used only so you can link a contact to a todo and act on it (call, SMS, email, WhatsApp) from within the app. Contact data is read on demand, used only on your device, and is never uploaded to our servers or shared with anyone. You can deny or revoke this permission and the rest of the app continues to work.
  • Notifications & exact alarms — to deliver reminders you set on your todos at the right time, even with the screen off. Handled by Android locally.
  • Share & quick actions — to receive text or links shared from other apps into a new note or todo, and to offer "New task" / "New note" launcher shortcuts.
  • Network — only used for optional account sign-in and sync.

Sharing with third parties

We do not sell, rent, or share your personal data with third parties for advertising or profiling. The only third party involved in delivering the service is our backend provider (Appwrite), which processes synced data on our behalf — and only if you enable sync.

Your rights and choices

  • Use without an account — sync is entirely optional.
  • Correction — edit or delete any note or todo directly in the app.
  • Deletion — see the account deletion instructions. Deletion is permanent.

Children's privacy

Tipot is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child has created a synced account, contact us at the email below and we will delete it.

Security

Connections between the app and our backend use TLS. Passwords are stored as salted hashes by our authentication provider, and server access is restricted to authorized personnel. No system is perfectly secure; we encourage you to use a strong, unique password.

Changes to this policy

If we update this policy, we will change the "Last updated" date above. Substantive changes will be highlighted in the app's release notes.

Contact

Questions about this policy or about Tipot? Email info@popupbits.com.np or visit our contact page.