1. What we collect
- Account: username, password (hashed), display name.
- Usage: tokens consumed, operations performed, timestamps.
- Uploads: files you upload to process. Stored in your private per-user folder.
- IP address: for rate limiting free trials (not linked to your account).
- Payment info: handled entirely by Stripe; we never see your card number.
2. What we don't do
- We never train AI on your uploaded content.
- We never sell or rent your data to third parties.
- We never read your uploads unless you explicitly ask for support.
3. Third parties we use
- DeepSeek: your text is sent to generate AI responses. They have their own privacy policy.
- Stripe: handles payments.
- AWS: hosts our servers (Tokyo region).
- Cloudflare (planned): DNS and CDN.
4. Data retention
- Free accounts: projects auto-deleted after 30 days of inactivity.
- Paid accounts: 180 days of inactivity.
- You can delete your account anytime by emailing hello@notetopass.com.
- Shared trial notes expire automatically in 30 days.
5. Your rights
You can:
- Request a copy of all your data.
- Request deletion of your account.
- Correct any wrong information.
- Opt out of any non-essential emails (we send almost none).
Email hello@notetopass.com for any of these.
6. Security
Data is encrypted in transit (HTTPS/TLS 1.2+). Passwords are hashed (SHA-256). Servers are isolated and access-controlled.
7. Changes
We'll post updates here with a new "Last updated" date. Major changes will be emailed to registered users.