Privacy Policy — SelfNode AI

Effective date:28/05/2026
App: SelfNode AI (Android, package com.nk.selfnodeai)
Contact:nkpareek96g@gmail.com

TL;DR. SelfNode AI runs entirely on your phone by default. We — the developer — do not operate any servers. We do not collect, store, sell, share, or transfer any of your personal data. There is no analytics, no telemetry, no crash reporting, no advertising and no account system.

A few features can connect to the internet only when you turn them on, and in those cases the data goes from your phone directly to the service you chose (e.g. OpenAI with your own API key, or a local LLM server on your home Wi-Fi). We never see that data.

1. Who is responsible for this policy

This app is published by Nirmal Pareek. For any privacy question, you can reach the developer at nkparek96g@gmail.com.

For the purposes of the EU GDPR, the developer is the data controller — but there is no personal data flowing to the developer, so there is nothing to control on the developer's side.

2. What data the app stores on your device

Everything you create or upload while using SelfNode AI is stored in the app's private storage on your device:

Profile — the name you enter during onboarding.
Chat sessions — every message you and the assistant exchange.
Knowledge Assistants and their documents — PDFs, Word documents, EPUBs, text files and images you upload, and the extracted text used for retrieval.
Journal entries — mood scores, text you write, and any AI reflection.
Memory facts — short pieces of context you've asked the assistant to remember (or that it has extracted from chats, if you enable auto-learning).
Generated pages — small HTML apps and forms you build with the Page Builder.
Settings — toggles, sliders, prompt overrides, model selections.
Downloaded model files — large .bin files for the on-device language model. These contain no personal data.
API keys and endpoint URLs (only if you provide them) — stored encrypted using Android's hardware-backed keystore via EncryptedSharedPreferences.

None of this data is transmitted off your device by the app's own code. If you uninstall the app, this data is removed by Android along with the app. You can also tap Settings → Forget everything to wipe it in one action.

3. Permissions the app requests, and why

The app requests these permissions. Each is used only for the purpose listed below, on your device, and is never transmitted off-device by us.

Permission	Why it's used
Internet	To download the on-device language model from HuggingFace, and — only if you turn the relevant feature on — to reach a web search engine, a cloud AI provider, or a local LLM server you've configured.
Notifications	To show a foreground-service notification while the assistant is running in the background, as required by Android 13+.
Microphone (`RECORD_AUDIO`)	For dictation in the chat input. Recording uses Android's built-in speech recognizer; the app does not capture or store raw audio.
Calendar (`READ_CALENDAR`, `WRITE_CALENDAR`)	The Daily Briefing feature reads upcoming events to build your morning summary. The summary stays on your device unless you've separately enabled a cloud provider for chat.
SMS (`READ_SMS`, `RECEIVE_SMS`)	The Daily Briefing can optionally surface recent SMS notifications. Same on-device rule applies.
Foreground service (`FOREGROUND_SERVICE*`)	Required to keep the AI model loaded in memory and safely run long-running tasks like document ingestion.
Wake lock	Prevents the device from sleeping during long generations.

The app does not request: location, contacts, phone state, advertising ID, camera, accounts, or any "manage all files" storage permission.

4. What the app sends over the internet

The app makes only the following network requests, and only in the situations described:

4.1 Model download (required, one-time)

When you first launch the app you'll be asked to download a language model file. The download is an anonymous HTTPS request to huggingface.co/litert-community/.... The request contains no user-identifying information beyond what every HTTPS request carries (IP address visible to HuggingFace, standard User-Agent string).

4.2 Web search (off by default)

If you turn on Settings → Web search, the assistant can send your typed question (or a rewritten version of it) to DuckDuckGo (html.duckduckgo.com) to retrieve search snippets used as context for the answer. DuckDuckGo's own privacy policy applies to that request. We do not proxy, log, or store the query.

4.3 External AI providers (off by default)

If you go to Settings → External AI and enter an API key for OpenAI, Anthropic (Claude) or Google (Gemini), and then enable that provider as active, chat messages you send are transmitted directly from your device to that provider's servers, using your key. The provider's own privacy policy applies. We have no servers in the middle and no access to your messages or your key.

Your API keys are stored encrypted on your device using Android's hardware keystore (EncryptedSharedPreferences) and never leave your device except attached to outgoing requests to the provider you configured them for.

4.4 Local endpoint (off by default)

If you go to Settings → Local endpoint and configure a URL pointing at an LLM server you control (for example, Ollama running on your laptop at http://192.168.1.10:11434), the app sends chat messages to that URL using the protocol you selected. We don't see the URL or the traffic. The URL and any auth headers you add are stored encrypted on device.

If you enter a http:// (cleartext) URL, the prompt travels unencrypted on the local network you're on — please only enable that on networks you trust.

4.5 That's it

There are no other network calls. There is no analytics SDK, no crash reporting service, no advertising network, no attribution SDK. The list above is exhaustive.

5. Children's privacy

The app is intended for users aged 13 and over. It is not directed at children under 13 and does not knowingly collect any data from anyone, so it does not knowingly collect data from children. If you believe a child under 13 has installed and used the app, simply uninstalling it removes all data.

6. Data retention and deletion

Because no personal data leaves your device, deletion is straightforward:

In-app: Settings → Forget everything wipes all chats, journal entries, memory facts, generated pages, your profile, and resets all settings. Downloaded model files are kept (so you don't have to download them again); you can remove them from Settings → Models.
System: Uninstalling the app from Android removes every byte the app has stored.

We have nothing to delete on our side because we never received anything.

7. Your rights under GDPR / UK GDPR / CCPA

Because we do not collect or process your personal data, the access / correction / portability / erasure rights granted by the GDPR, UK GDPR, the California Consumer Privacy Act, and similar laws are satisfied automatically:

We have no record of you to access, correct, port or delete.
We do not sell or "share" personal information as defined by the CCPA — we do not collect any to begin with.
We do not use your data for profiling, automated decision-making, cross-context behavioural advertising, or any analytics.

If you believe we still hold data about you, please contact us at the email above and we will investigate, though we expect the answer to be "we don't".

8. Third-party services

The app does not embed any third-party SDKs that collect personal data. It uses these open-source libraries at runtime (none of which independently phone home):

Google MediaPipe / LiteRT for on-device language-model inference.
ML Kit Text Recognition for on-device OCR of image attachments.
Room (Android Jetpack) for local storage.
OkHttp for the optional outbound HTTPS calls listed in section 4.
Jsoup for parsing the HTML returned by DuckDuckGo (only when you enable web search).

When you enable an optional cloud feature (sections 4.2, 4.3, 4.4), that third party's terms and privacy policy apply to the data you send them.

9. Security

Settings and chat content live in Android's per-app private storage, inaccessible to other apps on a non-rooted device.
API keys and local-endpoint URLs are encrypted at rest using AES-256-GCM via Android Jetpack's EncryptedSharedPreferences, which is backed by the device's hardware keystore.
All outbound HTTPS traffic enforces TLS. Cleartext HTTP is only permitted if you explicitly type an http:// URL into the Local Endpoint screen — at which point the screen warns you.

No security system is perfect. Please keep your device's OS up to date and use a screen lock.

10. Changes to this policy

If the app's behaviour changes in a way that affects this policy (for example, if a future version adds telemetry or an account system), we will:

Update this page with a new effective date and a "What changed" note at the top.
Bump the in-app notice on first launch of the updated version so you can review before continuing.

You can compare versions by checking the "Effective date" at the top of this page.

11. Contact

For any privacy question, write to nkpareek96g@gmail.com.

For Play Store reporting, you can also use Play's "Flag as inappropriate" link on the app's store listing.