Privacy Policy

Version 1.3 Updated January 11, 2026

Privacy Policy

Effective Date: January 11, 2026
Version: 1.3

Introduction

BooxDay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you use the BooxDay mobile application ("App") on Onyx Boox tablets.

Data We Collect

1. Information Stored Locally on Your Device

The following data is stored locally on your Onyx Boox tablet in external storage (/Documents/booxdaydb/) and does NOT leave your device unless you explicitly enable sync or export:

Handwritten Strokes: Ink strokes from stylus input, stored in SB1 binary format with optional LZ4 compression
Task Data: Task text, priorities (A/B/C), completion status, and associated metadata
Calendar Events (Local): Events created in Private Mode that are not synced to Google Calendar
Images and Attachments: Images, PDFs, and EPUB files you insert into pages
AI Preferences: Your life priorities, daily rhythm, lifestyle interests, and AI style preferences configured during setup
User Settings: App preferences, gesture configurations, and UI settings
Boox Notes Links: Associations between calendar events and Boox Notes documents

2. Information Sent to Third-Party Services

The App integrates with third-party services that collect and process data when you enable optional features:

Google Calendar API (Optional):

What we send: Event titles, dates, times, locations, and descriptions for events you choose to sync
When: Only when you enable Google Calendar Sync and authenticate with your Google account
Purpose: To synchronize your calendar events between BooxDay and Google Calendar
Sync Range: ±6 months from the current date
Privacy Note: Handwritten strokes and memos are NEVER sent to Google Calendar, only structured event data

OpenRouter API (For AI Features):

What we send: OCR'd text from handwriting recognition, voice transcriptions, task text, and AI preference data
When: Only when you actively use AI features (Smart Suggestions, Plan My Day, Handwriting Recognition, Voice Input, etc.)
Purpose: To provide AI-powered planning, suggestions, and text processing
Models Used: Gemini 2.0 Flash (vision/audio), GPT OSS 20B (text), via OpenRouter infrastructure
Privacy Note: Handwritten stroke data (images of your writing) is NOT sent; only OCR'd text is transmitted

ShipBook SDK (Crash Reporting):

What we send: Crash logs, error diagnostics, device model, Android version, app version
When: Only in release builds, only when errors occur
Purpose: To identify and fix bugs, improve app stability
Privacy Note: No personally identifiable information or user content is included in crash logs

3. Information We Do NOT Collect

We do NOT collect analytics about your app usage patterns
We do NOT use tracking pixels or advertising identifiers
We do NOT sell your data to third parties
We do NOT access your contacts, photos, or other apps
We do NOT run background processes when the app is closed

How We Use Information

Local Data: Stored on your device to provide core app functionality (writing, tasks, calendar)
Synced Event Data: Transmitted to Google Calendar only to keep your events synchronized across devices
AI Processing: OCR'd text sent to OpenRouter to provide Smart Suggestions, handwriting recognition, voice transcription, and planning features
Crash Logs: Analyzed to identify bugs and improve app stability

Data Sharing

We share data only with the third-party services listed above, and only when you enable optional features:

Google: Calendar event data when you enable Google Calendar Sync
OpenRouter: OCR'd text when you use AI features
ShipBook: Crash logs for diagnostics (release builds only)

We do NOT sell, rent, or trade your data with any other parties.

Data Retention

Local Data: Stored on your device until you delete the app or manually delete data. Data in external storage (/Documents/booxdaydb/) survives app uninstalls.
Google Calendar: Synced events remain in your Google Calendar according to Google's retention policies
OpenRouter: We do not control OpenRouter's data retention; refer to their privacy policy
ShipBook: Crash logs retained for 90 days

Your Rights

You have the following rights regarding your data:

Access: All data is stored locally on your device; you can access it at /Documents/booxdaydb/
Export: Export pages to PDF, PNG, JPEG, or Xournal++ format
Delete: Uninstall the app or manually delete data from external storage
Control Sync: Enable or disable Google Calendar Sync at any time in Settings
Control AI: Disable all AI features in Settings
Private Mode: Use the app completely offline with zero cloud connection

Security

We implement security measures to protect your data:

Google OAuth2 credentials stored using androidx.security.crypto encryption
HTTPS for all network communications
No passwords stored in plain text
Local database stored in external storage with file system permissions

However, no method of electronic storage is 100% secure. Use device-level encryption on your Onyx Boox tablet for additional protection.

Children's Privacy

BooxDay is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at booxdaycalendar@gmail.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by updating the version number and effective date. Continued use of the App after changes constitutes acceptance of the updated policy.

SemanticGenius Intelligent Association Engine

This section describes how BooxDay's SemanticGenius module processes your data to provide intelligent features. Please read carefully.

What is SemanticGenius?

SemanticGenius is BooxDay's intelligent association engine. It runs entirely on your device to analyze your calendar, tasks, memos, and preferences, extracting meaning, keywords, and semantic associations.

When you use AI-powered features (like Smart Suggestions or Plan My Day), SemanticGenius sends its extracted insights—not your raw content—to AI providers to generate personalized suggestions.

Two-Stage Processing

Stage	Where It Runs	What Happens
Stage 1: Semantic Extraction	ON YOUR DEVICE	SemanticGenius analyzes your content and extracts: keywords, topics, entities (people, places, organizations), intent classifications, and associations between items
Stage 2: AI Features	Cloud (AI Providers)	When you use Smart Suggestions, Plan My Day, or similar features, the extracted semantic data is sent to AI providers to generate intelligent recommendations

What SemanticGenius Extracts (On-Device)

SemanticGenius processes your content locally to create semantic profiles containing:

Data Source	What SemanticGenius Extracts	Example
Calendar Events	Event types, patterns, time preferences, recurring themes	"meeting", "weekly", "morning person", "project-related"
Tasks	Priority patterns, completion trends, task categories, time estimates	"high-priority", "work", "frequently delayed", "30-min tasks"
Memos	Keywords, topics, entities mentioned, action items detected	"budget", "Q1 planning", "mentions: John, Sarah", "action: follow up"
AI Profile	Your stated preferences (already in structured form)	"family-first", "morning person", "remote worker"
Boox Notes	Note titles, detected topics, keyword associations	"Project Alpha notes", "contains: timeline, budget"

What Is Sent to AI Providers

When you actively use AI features, SemanticGenius sends semantic summaries, not raw content:

Sent (Semantic Insights)

Keywords and topics extracted from your content
Entity references (names, places, projects mentioned)
Pattern summaries ("user completes tasks better in morning")
Association maps ("Project X relates to meetings on Tuesdays")
Your AI profile preferences

NOT Sent (Raw Content)

Full memo text or OCR transcriptions
Complete task descriptions verbatim
Entire calendar event details
Raw handwriting or stroke data
Images or attachments
Your Google/Outlook credentials

Practical Example

Imagine you wrote a memo: "Meeting with John about Q1 budget. Need to follow up on the marketing proposal by Friday."

What SemanticGenius Extracts (On-Device)	What AI Receives
Keywords: meeting, budget, Q1, marketing, proposal Entities: John (person), Friday (deadline) Intent: follow-up action detected Domain: work/business	"User has work-related content mentioning: budget planning, Q1 timeline, pending follow-up action, deadline this week" (NOT the original memo text)

Data Transmission Security

When semantic data is sent to AI providers:

Encryption: All transmissions use HTTPS with TLS 1.2 or higher
Minimal Data: Only the semantic summary needed for the specific feature
No Storage: Data is processed in real-time; we don't store copies on our servers
API Authentication: Secure bearer tokens protect all communications

Your Control

Disable All AI Features

Settings → AI Assistant → AI Features → Toggle OFF

When disabled:

SemanticGenius still runs on-device (for local search and organization)
No data is ever sent to AI providers
Smart Suggestions, Plan My Day, and AI summaries become unavailable
All core features (calendar, memos, tasks) work normally

What Stays Fully On-Device (Even with AI Enabled)

Raw handwritten strokes
Original memo and task text
Images and attachments
SemanticGenius extraction process
Local search functionality

AI Model Training Disclosure

Your semantic data is NOT used to train AI models. We use inference-only API endpoints. The AI generates responses based on your semantic profile but does not learn from or retain your data.

Summary

Question	Answer
Does SemanticGenius run on my device?	Yes - all semantic extraction is local
Is my raw content sent to AI?	No - only extracted keywords, topics, and patterns
Can I use the app without sending any data?	Yes - disable AI Features in Settings
Is the data encrypted?	Yes - HTTPS/TLS 1.2+
Is my data used for AI training?	No - inference only

AI-Powered Features and Data Processing

Boox Day includes optional artificial intelligence (AI) features designed to enhance your productivity. This section explains what data is processed, how it is handled, and your choices regarding these features.

1. AI Features Overview

Boox Day offers the following AI-powered capabilities:

Feature	Purpose	Data Processed
Voice-to-Event	Create calendar events by speaking	Audio recording
Voice-to-Task	Create tasks by speaking	Audio recording
Voice-to-Text	Convert speech to text notes	Audio recording
Handwriting Recognition (OCR)	Convert handwritten notes to text	Image of handwriting
Task Recognition	Extract tasks from handwritten lists	Image of handwriting
Daily/Weekly Summary	Generate summaries of your tasks and events	Text content (task titles, event names)
Smart Suggestions	Suggest task priorities and organization	Text content (task titles)
Task Breakdown	Split complex tasks into subtasks	Text content (task title)
Text Correction	Fix garbled OCR or speech recognition	Text content

All AI features are optional. You can disable them entirely in Settings → General → AI Features.

2. Data We Transmit

When you use AI features, the following data may be transmitted for processing:

Audio Data

Voice recordings captured when you tap the microphone button
Format: WAV or WebM audio
Duration: Typically 1-30 seconds per recording
Contains: Your spoken words only (no background recording)

Image Data

Screenshots of your handwritten content when you use OCR features
Contains: Only the specific area you selected for recognition
Format: PNG image, base64 encoded

Text Data

Task titles, event names, and note content when using summarization or suggestion features
Only the specific content relevant to the requested feature

What We Do NOT Transmit

Your calendar data (dates, times, attendees) is NOT sent to AI providers
Your location data
Your contact information
Your Google account credentials
Any data from features you haven't explicitly activated

3. Third-Party AI Processors

We use OpenRouter (openrouter.ai) as our AI routing service. OpenRouter acts as an intermediary that routes your requests to appropriate AI model providers.

Primary AI Model Providers

Provider	Models Used	Data Processing Location
Google	Gemini 2.0 Flash, Gemini 2.0 Flash Lite, Gemma 3	Google Cloud (USA/Global)
Amazon Web Services	Nova 2 Lite	AWS (USA/Global)
OpenAI	GPT-OSS-20B, GPT-OSS-120B	OpenAI Infrastructure (USA)
NVIDIA	Nemotron Nano 12B	NVIDIA Cloud (USA)
MoonshotAI	Kimi K2	MoonshotAI Infrastructure

Data Flow: Your Device → OpenRouter API → AI Model Provider → OpenRouter → Your Device

Each provider has their own privacy policy:

4. Data Retention

On Your Device

Audio recordings are processed in memory and immediately discarded after transmission
No audio files are saved to your device storage
OCR images are generated temporarily and discarded after processing
AI responses (recognized text, suggestions) may be saved as part of your notes/tasks if you accept them

By OpenRouter

OpenRouter processes requests in real-time
According to OpenRouter's policy, prompts and completions are not persistently stored beyond temporary caching required for processing
Temporary caches are typically cleared within 24-48 hours

By AI Model Providers

Processing is performed in real-time (inference only)
Retention policies vary by provider and model tier
Free-tier models may have longer cache periods than paid models
We recommend reviewing each provider's privacy policy for specific details

Summary: Your data is transmitted, processed, and responses returned in real-time. No persistent copies of your voice recordings or handwriting images are retained by Boox Day, OpenRouter, or (according to their stated policies) the AI model providers.

5. AI Model Training Disclosure

Your data is NOT used to train AI models.

We use inference-only API endpoints that process your requests without contributing to model training datasets
OpenRouter's terms explicitly state that user data from API calls is not used for model training
The AI models we use (Gemini, Nova, GPT-OSS, etc.) are pre-trained models that do not learn from individual user requests

Important Note on Free-Tier Models: Some free-tier models may log requests for abuse prevention and service improvement purposes. These logs are:

Not used for model training
Subject to the respective provider's data retention policies
Typically anonymized and aggregated

If you have concerns about any logging, you may:

Disable AI features entirely (Settings → General → AI Features)
Use your own OpenRouter API key (Settings → Advanced → API Key), which may provide access to models with stricter no-logging policies

6. Your Choices and Controls

Disable All AI Features

Settings → General → AI Features → Toggle OFF

When disabled:

No data is ever transmitted to AI providers
Voice input buttons are grayed out and non-functional
OCR and recognition features are unavailable
All other app features (calendar, memos, tasks, handwriting) work normally

Use Your Own API Key

Settings → Advanced → OpenRouter API Key

Benefits of using your own key:

Direct relationship with OpenRouter under your own account terms
Access to additional models
Potentially stricter privacy options depending on your OpenRouter plan

Selective Feature Use

You can simply choose not to use specific AI features. No data is transmitted unless you explicitly:

Tap the microphone button and record audio
Tap "Recognize Handwriting" or similar OCR buttons
Tap "Summarize," "Suggest," or other AI action buttons

7. Data Security

In Transit

All data transmitted to OpenRouter uses HTTPS/TLS 1.3 encryption
API authentication uses secure bearer tokens
No data is transmitted over unencrypted connections

On Device

Audio is captured in memory only, not written to storage
Temporary images for OCR are processed in memory
Your API key (if provided) is stored in encrypted app preferences

API Key Security

If you use the app's default API key, it is fetched securely from our server at app launch
The key is never hardcoded in the app binary
Your personal API key (if configured) is stored locally and never transmitted to our servers

8. Children's Privacy

Boox Day is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through AI features, please contact us at booxdaycalendar@gmail.com.

9. International Data Transfers

AI processing may occur in data centers located in the United States and other countries. By using AI features, you consent to the transfer of your data to these locations. All transfers are protected by encryption and conducted in accordance with applicable data protection laws.

10. Changes to AI Data Practices

We may update our AI providers or data practices from time to time. Significant changes will be:

Announced in app update notes
Reflected in this Privacy Policy
Effective upon your continued use of AI features after the update

11. Contact Us

For questions about AI data processing:

Email: booxdaycalendar@gmail.com
Website: https://booxday.com/support

For AI safety and ethical concerns, see: https://booxday.com/ai-safety-use

12. AI Features Summary

Question	Answer
What data is sent?	Audio (voice), Images (handwriting), Text (for summarization)
Who processes it?	OpenRouter → Google/Amazon/OpenAI/NVIDIA
Is it stored?	No persistent storage; real-time processing only
Is it used for training?	No
Can I opt out?	Yes - Settings → General → AI Features → OFF
Is it encrypted?	Yes - HTTPS/TLS 1.3

Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: booxdaycalendar@gmail.com

This Privacy Policy is conservative and specific. We do not make claims about data we do not collect, and we clearly state what data is shared with third-party services when optional features are enabled.