Privacy Policy (Relay)

Relay — an unofficial companion app for Supernote devices

Effective date: 2 July 2026

This Privacy Policy explains what data the Relay app can access, where that data lives, and how it is handled. Please read it alongside our Terms & Conditions.

In this policy, "Relay", "we", "us" and "our" mean the independent developer of the Relay app (contactable at the address below). "You" means the person using the app. "The app" means the Relay desktop application for macOS.

About Relay

Relay is a free, independent, third-party companion app for Supernote e-ink devices (made by Ratta). It runs entirely on your own Mac. It signs in with your own Supernote account to mirror your Supernote to-dos on your Mac, keeps them in two-way sync through Supernote's cloud, lets you view your handwritten notes, and — when you choose — pushes your to-dos out to task apps you already use.

Relay is not affiliated with, endorsed by, or officially supported by Supernote or Ratta, nor by Google, Apple, Todoist, TickTick, or Cultured Code (Things). All product names and trademarks belong to their respective owners.

The single most important thing to understand about your privacy with Relay is this:

We run no server. Relay has no developer-operated backend. We do not collect, receive, store, sell, or share your data. Everything happens on your Mac, and data flows directly between your Mac and the services you connect (Supernote, and any task apps you choose). We never see it.

The short version

  • Relay runs locally on your Mac. There is no Relay server, cloud, or account. We cannot see your Supernote sign-in, your to-dos, your notes, or your connected-app data.

  • Data flows directly between your Mac and the services you connect — Supernote's cloud, and any task apps you set up. It does not pass through us.

  • Your Supernote password is never seen or stored by the app. You sign in on Supernote's own real login page using a one-time code Supernote emails you.

  • Your notes are stored encrypted on your Mac. Sign-in sessions and connected-app credentials are held in the macOS Keychain.

  • No analytics, no tracking, no advertising, no data selling. The app contains no analytics, telemetry, crash-reporting, or advertising software of any kind.

  • Google data (if you connect Google Tasks) is used only to provide the features you asked for, is never sold or shared, and stays on your device.

What data the app accesses, and why

Relay only touches the data it needs to do the job you've asked of it. That falls into a few categories.

Your Supernote account session

When you first launch the app, it displays Supernote's own real login page inside a window. You enter your email, Supernote emails you a one-time verification code, and you enter that code. The app never sees or stores your Supernote password. After you sign in, the app keeps the logged-in session (a session cookie) that Supernote hands back — the same way a web browser stays logged in — so it can fetch and update your to-dos. That session is stored on your Mac and cleared when you sign out. Sign-in happens directly with Supernote; it does not involve us.

Your Supernote to-dos and lists

The app reads your Supernote to-dos and lists (their titles, done/not-done state, optional due dates, and the list each belongs to) and syncs your changes back through Supernote's cloud, two ways. This is used solely to show and edit your to-dos in the app and keep them in step with your device. It travels between your Mac and Supernote's cloud — never through us.

Your handwritten notes (converted to PDF)

Some to-dos are linked to a handwritten note. To preview that note, the app reads the original .note file directly off your Supernote over your local Wi-Fi ("Browse & Access") and converts it to a PDF on your Mac. This local connection is read-only — the app never writes to or changes your device over it. Your handwriting is not sent to us or to any cloud (with one exception you control: the opt-in Google Drive upload, described below).

Task-app data (only for apps you connect)

If you connect a task app — Todoist, Apple Reminders, Google Tasks, Things 3, or TickTick — the app creates and updates tasks and lists in that app to mirror your Supernote to-dos, as you direct. "Pushing" is a one-way, one-time hand-off: the app copies a to-do into your chosen app once. The app only accesses a task app you have explicitly connected, and only to carry out the pushes you ask for. Your data goes to that task app because you chose to connect it; it does not pass through us.

Where your data lives

Everything Relay stores lives on your own Mac. Specifically:

  • A local database of your to-dos and lists (in the app's private support folder).

  • An encrypted cache of your note PDFs. Cached note files are encrypted at rest using AES-256 encryption, so another app or another user account on the same Mac cannot read your handwriting from the cache.

  • Readable note PDFs, saved to ~/Documents/Supernote (or a folder you choose) only when you push a note-linked task to a task app. These are ordinary, openable files so you and your task apps can use them, and they are intentionally not encrypted.

  • Your credentials, held in the macOS Keychain. The keys that unlock the encrypted note cache are sealed in the Keychain. Your connected-app secrets (for example a Todoist API token, or your Google sign-in) are sealed using macOS's secure storage; the plain values only ever exist in memory while the app is running and are never written to disk in readable form. If secure storage is unavailable, the app refuses to save the credential rather than store it unprotected.

We do not receive, hold, or have access to any of this. There is no Relay account and no Relay server. When you delete a to-do, sign out, or uninstall the app, the corresponding data is removed or becomes unreadable on your Mac as described in the app's help; anything that lives in Supernote's cloud, on your device, or in a task app is governed by those services, not by us.

Third-party services you connect

Relay works by connecting, on your behalf, to services you already use. Each of these is operated by its own company and governed by its own privacy policy and terms, not by us. When data goes to one of these services, it goes there because you chose to sign in to or connect it:

  • Supernote / Ratta — your account, sign-in, and to-do cloud sync. See Supernote's own privacy policy.

  • Todoist (Doist)

  • Apple Reminders (Apple)

  • Google Tasks and, if you opt in, Google Drive (Google)

  • TickTick

  • Things (Cultured Code)

We encourage you to review the privacy policy of any service before you connect it. We have no control over, and take no responsibility for, how those third parties handle your data once it reaches them.

The app also loads a small, standard PDF-viewer software library from a public code CDN (unpkg) so it can display your note PDFs. This is a generic software asset and carries none of your personal data or note content.

Google user data

This section applies only if you connect Google Tasks. It is provided in the interest of full transparency and to meet Google's requirements.

Scopes we request and why:

  • Google Tasks (https://www.googleapis.com/auth/tasks) — so the app can create and update tasks and task lists in your Google Tasks to mirror your Supernote to-dos. This is the core of the Google Tasks feature.

  • Google Drive, limited (https://www.googleapis.com/auth/drive.file)optional and off by default. You only grant this if you turn on "Upload notes as PDFs (Google Drive)". When enabled, pushing a note-linked task uploads that note's PDF to a "Supernote Notes" folder in your own Google Drive, so the link in the Google task is clickable and opens the note on any of your devices. The drive.file scope is the most limited Drive permission available: the app can only ever access files it created itself — never the rest of your Google Drive. Uploaded files are private to you (owner-only) and are never shared publicly.

How Google user data is used:

  • Google user data is used solely to provide the user-facing features described above (mirroring your to-dos into Google Tasks, and — if you opt in — placing your own note PDFs in your own Google Drive with a clickable link).

  • Google user data is stored only on your device and in your own Google account. It is not transmitted to us (we have no server), is not sold, and is not shared with any third party.

  • We do not use Google user data for advertising, and we do not use it to train any machine-learning or AI models.

Limited Use. Relay's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Relay's access to your Google account at any time from your Google Account's security settings, and you can disconnect Google Tasks from within the app.

Analytics, tracking, and advertising

Relay contains no analytics, telemetry, tracking, or crash-reporting software. We do not use tools such as Google Analytics, Mixpanel, Segment, Sentry, Amplitude, PostHog, or any equivalent. The app makes network connections only to the services you connect (Supernote, and any task apps you set up) and, for on-screen PDF display, to a public library CDN that carries none of your data.

We show no advertising, we run no tracking, and we do not sell your data — indeed, we never receive it in the first place.

Security

  • Encryption at rest. The app's working copies of your notes (both the raw note file and the converted PDF) are stored encrypted on disk using AES-256, so they cannot be read out of the cache by other apps or other user accounts on the same Mac.

  • Keychain-protected keys and credentials. The encryption keys, your Supernote session, and any connected-app secrets are protected using the macOS Keychain and Apple's secure storage. Plain secrets are never written to disk in readable form.

  • Local, read-only device access. Reading notes from your Supernote happens over your own local Wi-Fi and is read-only; the app never writes to or alters your device over that connection.

No security measure is perfect. At-rest encryption protects your data if someone copies files off your disk, but it cannot protect against someone who is already logged in to your Mac as you. You should keep your Mac, your macOS user account, and your connected accounts secure.

Data retention and your control

Because your data lives on your own Mac, you are in control of it:

  • The app automatically tidies its own note cache — removing cached notes that are no longer linked to any to-do, or that you haven't opened in a long time. This never touches the readable PDFs you've saved in ~/Documents/Supernote; those are your own files.

  • Signing out clears your Supernote session and your account's local to-do snapshot from the app.

  • Disconnecting a task app deletes that app's stored credential.

  • Deleting the app's data folder or uninstalling removes the app's local data; the encrypted cache is unreadable without the Keychain key in any case.

  • Your own exported PDFs, and anything held in Supernote's cloud, your device, or a connected task app, remain under your control (and those services' terms) and are not affected by uninstalling Relay.

Children

Relay is a productivity tool intended for use by adults who own a Supernote device. It is not directed at children, and we do not knowingly collect any personal data from children — and, as explained above, we do not collect personal data from anyone.

Changes to this policy

We may update this Privacy Policy from time to time — for example, if the app gains a new feature or connects to a new service. When we do, we'll change the effective date at the top of this page and post the updated policy here. Significant changes will be described clearly. Your continued use of the app after an update means you accept the revised policy.

Contact

If you have any questions about this Privacy Policy or about how Relay handles your data, please contact:

Relay is provided by an independent developer and is not a Supernote, Ratta, Google, Apple, Todoist, TickTick, or Cultured Code product.