Privacy Policy

Our first principle is local-first. That means:

• File contents · Never leave your device; never uploaded · Local
• Document parsing · Done locally inside the app · Local
• User account · Not required — use it straight away · Disabled
• Analytics / tracking SDK · None integrated · None
• Ad networks · None connected · None
• Cloud sync · Not enabled · Off

This policy is written in plain language. If anything is ambiguous, the contact channels in Contact take precedence.

The app itself does not collect any of your content data. We only store the following metadata locally for the "Recent files" feature:

• Filename, extension, and file path (within the system sandbox)
• Last opened timestamp
• User-set font size, theme, and dark-mode preferences

This data lives in an on-device SQLite database and is unrelated to your Apple ID or Google account. We cannot — and do not — access it from any server.

📵 What we do NOT collect: No file contents, no reading duration, no file paths or document fragments in crash logs, no device identifiers used for tracking.

Files you import via Share Extension, file picker, or "Open with" follow this flow:

1. The system delivers the file; the app writes it into a sandbox temp dir (iOS Inbox / Android cacheDir)
2. Local type detection (extension + magic number)
3. Select the matching renderer: Markdown / HTML / JSON / YAML / TXT / CSV
4. Render the result on screen

The entire flow makes zero network requests. We don't, don't need to, and aren't allowed to upload your files anywhere.

The local database uses SQLite and stores only metadata:

• id · primary key
• filename · filename
• path · system sandbox path
• type · file type
• last_open_time · last opened time
• metadata · user-set font size, theme, etc.

We never persist the text of your documents. Uninstalling the app removes all local data along with it.

HTML rendering uses the platform-native WebView with these default security policies:

• Dangerous network access blocked — cross-origin requests, cross-origin fetches, and external resources are denied by default
• JavaScript disabled by default — users must opt in per HTML file
• Local resource whitelist — only same-directory CSS / images / JS allowed
• No Cookie / localStorage persistence — the WebView context is destroyed when closed

If an HTML file contains <script>, the app shows a clear prompt and lets you decide whether to enable it.

NovaView may add features over time (more file formats, PDF annotations, AI-assisted reading, etc.). Whatever we add, we commit to these principles:

• Local-first — offline by default; any feature that needs network access must clearly disclose it and require user opt-in
• Opt-in — new features ship disabled and don't change the existing "open → render → read" workflow
• Transparent docs — this policy updates alongside any new data flows
• User-controlled — anything touching personal data can be disabled or wiped from settings

🔭 What this version does: Contains only local file rendering and reading. No AI summarization, translation, Q&A, or any feature that uploads content or requires network calls. Release notes stay accurate.

This version integrates no third-party analytics, ad, or social SDKs.

App launch, file parsing, and HTML rendering all happen locally. When you download the installer, the App Store / Google Play collect a small amount of download and crash telemetry under their own policies — that data is handled by those stores, not us.

If we ever add optional features that call third-party services, this section will be updated first, with a change notice.

Because we don't hold your data on any server, the usual "delete account / export data" operations are trivially satisfied:

• View local data — Settings → Data → see the recent-files list
• Clear local data — Settings → Data → clear recents, or simply uninstall the app
• Decline all optional data — never enable optional features, and you stay in a "zero cloud data" state

For any privacy questions or to exercise your rights, reach out via the contact section below.

Security practices we follow:

• All file handling happens inside the system sandbox, protected by iOS / Android sandboxing
• The local database uses SQLite at a path only the app itself can access
• HTML rendering uses a sandboxed WebView with cross-origin access blocked
• App binaries are code-signed; only install from App Store / Google Play official channels
• Client code is open source, open to community audit

If you find a security issue, contact us at security@novaview.app; we respond within 72 hours.

This policy may evolve with the product. When it changes we will:

• Update the "Last updated" date at the top of this page
• Show a change summary on next launch (for material changes)
• Keep historical versions in the GitHub Releases page

We will never expand data collection without notice.

Questions, suggestions, or complaints about this policy:

• Email · privacy@novaview.app
• Security · security@novaview.app
• GitHub · github.com/Woods30/NovaView

The latest version of this policy always lives at novaview.app/privacy.html. This policy is governed by the laws of the People's Republic of China and applicable regional data-protection regulations.