Privacy Policy
Last updated: November 30, 2024
This Privacy Policy explains how Diff ("we", "us", or "our") handles your information when you use our desktop note-taking application. We built Diff with privacy as a core principle — your data stays on your device.
Contact: mikolajkacki98@gmail.com
Jurisdiction: London, United Kingdom
1. The Short Version
Your notes never leave your device unless you explicitly send them to an AI provider
Analytics are on by default but only track anonymous feature usage — not your content
You bring your own API keys for AI features — we never see your content or keys
We don't have servers that store your notes, files, or personal data
2. What Stays on Your Device (We Never See This)
All of the following is processed and stored locally on your device only:
Data Where It's Stored Notes, text, and formatting Local database Attachments and media Local filesystem Search queries and history Local database AI-generated summaries Local database Semantic embeddings Local database App settings and preferences Local config files OAuth tokens (GitHub, Linear, Slack) macOS Keychain* AI provider API keys macOS Keychain
We have no access to this data. It never touches our servers.
*Slack OAuth requires a one-time server handshake — see Section 4.2 for details. The token is not stored on our server.
3. What We Collect
3.1 Analytics (Enabled by Default)
We use PostHog (EU-hosted, GDPR-compliant) to collect anonymous usage data:
What we collect:
Randomly generated device ID (not linked to you personally)
License key (as anonymous identifier, when applicable)
Feature usage events (e.g., "note created", "search performed", "AI enhancement used")
What we DO NOT collect:
Note content or text
Search queries or keywords
File names or attachments
Your name, email, or IP address
Anything that could identify you
Opt-out: Settings → General → Analytics → Toggle Off
3.2 License Purchases
When you purchase a license through Lemon Squeezy:
Your payment is processed entirely by Lemon Squeezy
We receive only your license key and purchase confirmation
We never see your payment details, billing address, or personal information
See: Lemon Squeezy Privacy Policy
4. Third-Party Services
4.1 AI Providers (Direct Connection)
When you use AI features (semantic search, summaries, enhancements):
You provide your own API key — stored in your system keychain
Your device connects directly to your chosen AI provider (OpenAI, Anthropic, Voyage AI, etc.)
We never see or intercept your content or API communications
Your responsibility: Review your AI provider's privacy policy:
4.2 Integrations
GitHub and Linear:
OAuth authentication happens directly between your device and the provider
Access tokens are stored in your system keychain
Your device fetches data directly from their APIs
Slack:
OAuth authentication is routed through our server (hosted on Railway) to complete the handshake
We do not store your Slack token — it is returned to your device and stored in your system keychain
After authentication, your device communicates directly with Slack's API
For all integrations, we never store or have ongoing access to your tokens or data.
4.3 Analytics Provider
Provider Purpose Location Policy PostHog Anonymous usage analytics EU posthog.com/privacy
4.4 Payment Provider
Provider Purpose Policy Lemon Squeezy License purchases lemonsqueezy.com/privacy
5. Data Security
Local Security
Data stored in local database on your device
Sensitive credentials stored in macOS Keychain
Backend server binds to
127.0.0.1(localhost only — no remote access)
Network Security
All third-party API calls use HTTPS encryption
No cloud sync — your data doesn't traverse our infrastructure
Your Responsibility
Secure your device (password, disk encryption, physical access)
Protect your API keys and OAuth tokens
Maintain backups of your local data
6. Data Retention
Local Data
Your data remains on your device until you delete it. Uninstalling Diff does not automatically remove your database.
To fully delete your data:
~/Library/Application Support/Diff/
Analytics Data
PostHog retains anonymised data per their retention policy. Contact us to request deletion.
7. Your Rights (GDPR)
You have the right to:
Right How to Exercise Access Request what analytics data we hold (minimal, anonymised) Deletion Request deletion of analytics data Opt-out Disable analytics in Settings Portability Export your local database Objection Object to analytics processing
Contact: mikolajkacki98@gmail.com
8. What We Don't Do
Sell your data
Share your data for advertising
Train AI models on your content
Store your notes on our servers
Track you across websites
Collect personal identifiers
9. Children
Diff is not intended for children under 13. We do not knowingly collect information from children under 13.
10. Changes
We may update this policy. Material changes will be announced in the app. Continued use after changes constitutes acceptance.
11. Contact
Privacy inquiries: mikolajkacki98@gmail.com
Website: getdiff.dev
Version 1.0 — November 30, 2024
