Privacy Policy

Your thoughts, your device.

Exactly what Madhav stores, encrypts, and syncs — in Free Forever mode and Aura mode.

Last updated July 1, 2026

Overview

The Short Version

Madhav is built local-first. Your thoughts live on your device by default. Nothing is sent anywhere unless you turn on Aura (cross-device sync).

  • Free Forever mode: 100% local storage. Nothing is uploaded, ever.
  • Aura mode: your notes sync through our secure cloud backend, but content is encrypted on your device before it leaves — we store ciphertext, not your words.
  • A small, anonymous device ping ('heartbeat') runs in both modes so we can see aggregate usage. It contains no note content and no personal identifiers.
  • You can export, archive, or permanently delete your data at any time from Settings.
  • We don't sell data. We don't run ads. We don't train models on your notes.

Who This Applies To

This policy covers the Madhav desktop app (Windows, macOS, Linux), the @MadhavBot Telegram bot, and this website (madhav.app). Madhav is an independent project — there is no company behind it collecting or reselling your information.

Questions about anything below? Reach out at contact@nakulsrivastava.com — a real person reads every email.

Free Forever Mode

What's Stored, and Where

In Free Forever mode, Madhav has no account and no server-side note storage. Everything — your thoughts, settings, appearance preferences, and reminders — is written to a local file on your machine (an encrypted-at-rest, app-scoped local store), and never leaves it.

  • Notes, tasks, ideas, and bookmarks are saved only to your device.
  • There is no sign-up, no login, and no user account tied to Free mode.
  • Reminders fire locally via your OS notification system — no server round-trip.
  • Uninstalling the app or deleting its data folder removes everything permanently.

What We Never See

Because there's no network call for your note content in Free mode, we (the developer) have no technical way to read, back up, or recover it. If your device is lost without a backup, that data is gone — there's no cloud copy to restore from.

Aura Mode (Cloud Sync)Sync feature

How Sync Works

Aura adds cross-device sync (desktop ↔ phone ↔ Telegram) through a secure cloud backend. Turning on Aura links your account via Telegram; your notes then read and write through the cloud instead of the local-only store.

  • Desktop → cloud: every thought you save is encrypted on your device, then uploaded as ciphertext.
  • Cloud → devices: any linked device or the Telegram bot receives updates in real time, even when your desktop is closed.
  • If you disable Aura, notes already synced remain in our systems tied to your account until you request deletion.

Client-Side Encryption

Desktop-created notes are encrypted on your device, using industry-standard authenticated encryption, before they're sent to the cloud. Your encryption key stays on your device — it is never transmitted to, or stored on, our servers.

  • Your key is shown once during onboarding — 30 hex characters in 6 groups.
  • We store only ciphertext. Even with full access to our systems, your note content is unreadable without your key.

If you lose your encryption key and your device, your encrypted notes cannot be recovered by anyone — including us. Save your key somewhere safe (Settings → Advanced → Encryption Key).

Telegram Bot Data

Messages you send directly to @MadhavBot are stored as plaintext on our servers, not encrypted — because that channel is already secured by your own Telegram account, and encrypting bot-composed text client-side isn't possible (there's no client to encrypt with).

Linking Telegram also stores a small profile record so the bot can address you and match messages to your account:

  • Telegram chat ID and username (if set)
  • First name, and last name if provided
  • Language code (e.g. en, hi) — used only to keep bot replies in the right language
  • Telegram Premium flag — used for nothing beyond internal analytics curiosity

Anonymous Device Heartbeat

What It Is

The desktop app sends a small, anonymous 'heartbeat' ping roughly every 12 hours (in both Free and Aura mode) so we can understand aggregate usage — which OS versions matter, whether updates are landing, how many people are actively using Madhav day to day. It's device analytics, not user tracking.

  • No note content is ever included in the heartbeat.
  • No email address, name, or account identity is included.
  • Your IP address is never stored — your approximate country is derived server-side from a Cloudflare header (or your system locale as a fallback), then the IP itself is discarded.
  • The ping is tied to a random device ID generated once on first launch, not to you personally.

What's Included

Each ping updates a single row per device — it's a snapshot, not a log of your activity over time:

  • Device ID — random identifier generated once on first launch, stored locally
  • App version, OS + OS version, and CPU architecture
  • Locale and approximate country (server-derived, no IP stored)
  • Panel mode and side (hover/fixed/hotkey, left/right) — a UI preference
  • Whether Telegram is connected (yes/no only)
  • Whether the offline voice-capture model has been used (yes/no only)
  • Update channel (stable/beta), number of connected monitors, and a rough memory tier (8/16/32GB)
  • Your local note count, so we can gauge how the app is actually being used
  • Days since install, startup time, screen resolution, and this session's rough uptime bucket
  • Timestamp of this launch, for 'last active' analytics

None of this can be reversed into who you are. There's no name, email, or account tied to the device ID — it exists purely so we can dedupe pings and see device-level trends.

This Website

Website Analytics

madhav.app uses Vercel Analytics to see aggregate traffic (page views, referrers, rough device type). It's cookie-less and doesn't track you across other sites — it can't identify you individually.

We don't run advertising pixels, retargeting scripts, or third-party trackers on this site.

Third-Party Services

Who Else Touches Your Data

Madhav is built on a small set of infrastructure providers. Here's exactly what each one can see:

Cloud sync backend

Stores Aura sync data: encrypted note ciphertext, Telegram profile fields, and heartbeat rows. This provider acts strictly as a data processor, not a controller — it doesn't use your data for anything of its own.

Telegram Bot API

Relays messages between you and @MadhavBot. Subject to Telegram's own privacy policy for anything that happens inside the Telegram app itself.

GitHub Releases

Hosts app installers and powers auto-updates. Update checks include only your current app version, not identity.

Cloudflare

Fronts our API traffic and provides the country header used for the heartbeat's approximate-location field — no request bodies are logged by us for this purpose.

Vercel

Hosts this website and its analytics.

Your Rights & Controls

Export, Archive, Delete

You're always in control of your data, in both modes:

  • Export your notes at any time from the panel.
  • Archive anything without deleting it — archived items load only when you ask for them.
  • Delete individual notes, or wipe everything, permanently, from Settings.
  • Aura users can request full account deletion (including cloud-synced data) by emailing contact@nakulsrivastava.com.
  • Uninstalling the desktop app removes all locally stored data immediately.

Other Details

Children's Privacy

Madhav is not directed at children under 13, and we don't knowingly collect data from them.

Changes to This Policy

If this policy changes in a way that affects how your data is handled, we'll update the date below and note it in the app's release notes.

Last updated: July 1, 2026.

Contact

Questions, deletion requests, or anything unclear above — email contact@nakulsrivastava.com or nakul@nakulsrivastava.com.