Skip to content
Naidis

Privacy Policy

Naidis Privacy Policy - Your data never leaves your device

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how osb ("we", "us", "our") handles information in connection with Naidis ("the Software").

Our Commitment

Your data never leaves your device. This is not marketing — it's our architecture.

Naidis is built local-first. We cannot access your notes, highlights, or any personal content because we never receive it.

What We Don't Collect

Data TypeCollected?
Your notesNever
Your highlightsNever
Your PDF contentNever
Your YouTube transcriptsNever
Your AI conversationsNever
Usage analyticsNever
TelemetryNever
Crash reportsNever

What We Do Collect

Subscription Data

When you subscribe to Naidis Pro, the following data is processed:

DataPurposeProcessed By
Subscription IDVerify active subscriptionosb (our API server)
Customer IDLink subscription to accountPaddle
Instance IDIdentify your plugin installationosb (our API server)

We do not collect or store your payment information (credit card, bank details, billing address). All payment data is handled exclusively by Paddle (see below).

Payment Processing (Paddle)

We use Paddle.com Market Limited as our Merchant of Record. When you purchase a subscription, Paddle collects and processes:

DataPurpose
NamePayment processing
Email addressReceipts, subscription management
Payment method (card, PayPal, etc.)Process charges
Billing addressTax calculation
Transaction historyInvoicing, refunds

This data is collected and stored by Paddle, not by us. Paddle's handling of your data is governed by Paddle's Privacy Policy.

Data Storage

Your Content

All your data is stored:

  • In your local Obsidian vault
  • On your file system
  • Under your complete control

We have no servers that store user content. There is no "Naidis cloud."

Subscription Verification

Our API server (hosted on Cloudflare Workers) stores only:

  • Subscription ID, status, and plan type
  • Customer ID and instance ID
  • Subscription period dates

This data is used solely to verify whether your subscription is active. No content data is ever transmitted or stored.

AI Processing

When you use AI features:

  • Queries are processed by Ollama running locally on your machine
  • Nothing is sent to external AI services
  • Your prompts and responses stay on your device

External Services (Optional)

If you choose to enable integrations:

  • Wallabag/Hoarder/Readwise: Data goes to those services, not us
  • Todoist/Google Calendar: Data goes to those services, not us

We act as a bridge. We don't store or intercept this data.

Third-Party Services

ServicePurposeData Shared
PaddlePayment processingPayment info, email, billing address
CloudflareAPI hostingSubscription verification requests
YouTube (via yt-dlp)Transcript extractionVideo URLs (processed locally)

PDF Processing

All PDF processing happens locally using local libraries (pdf-extract, tesseract). No cloud services are involved.

Your Rights

You have complete control over your data:

  • Access: All your content is in your vault. You already have it.
  • Export: Your notes are standard markdown files.
  • Delete: Delete your vault, and all Naidis content data is gone.
  • Portability: Take your vault anywhere. No vendor lock-in.
  • Subscription data: Contact [email protected] to request deletion of your subscription records.

For EU/EEA Residents (GDPR)

You have the right to access, rectify, erase, restrict processing, and port your personal data. Since we store minimal data (subscription verification only), most of your data is already under your control. For subscription-related data held by Paddle, contact Paddle directly or reach out to us at [email protected].

Data Security

Since your content never leaves your device:

  • We cannot have a data breach of your content
  • We cannot be compelled to hand over your notes
  • Your privacy is protected by architecture, not policy

Subscription data on our API server is protected by Cloudflare's infrastructure security.

Data Retention

  • Your content: Stored locally, retained as long as you keep it
  • Subscription data: Retained for the duration of your subscription plus 90 days after cancellation for billing and support purposes
  • Payment data: Retained by Paddle per their retention policy

Children's Privacy

Naidis is not directed at children under 16. We do not knowingly collect information from children.

Changes to This Policy

We may update this policy. Changes will be posted here with an updated date. Material changes will be communicated via email (if you've provided one) at least 14 days before taking effect.

Contact

Questions about privacy?

Summary

QuestionAnswer
Do you see my notes?No
Do you track my usage?No
Is my data safe?Yes, it never leaves your device
What do you store?Subscription ID and status (for verification)
Who processes payments?Paddle (Merchant of Record)
Can I verify this?Yes, naidis-core is open source

Local-first isn't just a feature. It's a promise.

Terms of Service

Naidis Terms of Service

On this page

Privacy PolicyOur CommitmentWhat We Don't CollectWhat We Do CollectSubscription DataPayment Processing (Paddle)Data StorageYour ContentSubscription VerificationAI ProcessingExternal Services (Optional)Third-Party ServicesPDF ProcessingYour RightsFor EU/EEA Residents (GDPR)Data SecurityData RetentionChildren's PrivacyChanges to This PolicyContactSummary