PRIVACY POLICY
Effective Date: June 17, 2026
This Privacy Policy (the "Policy") outlines the privacy practices of Notably (collectively referred to as "we," "us," or "our") and describes how we collect, use, process, store, disclose, and safeguard the personal data and user-generated content of individuals who access or use our web application, progressive web application (PWA), APIs, and associated digital services hosted at https://www.notablyapp.net (collectively, the "Service").
By accessing, downloading, or utilizing the Service, you ("you," "your," or "User") agree to the terms of this Policy. If you do not agree to the terms herein, you must immediately cease all use of the Service.
1. DEFINITIONS
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "User Content" means any note titles, text, Markdown documents, raw HTML, base64-encoded file or image attachments, and custom JavaScript code created, uploaded, or executed by you within the Service.
- "Widget Storage" means database records and key-value pairs created, modified, or managed by custom JavaScript widgets utilizing the Service's local storage APIs.
- "Data Controller" means the entity which determines the purposes and means of the processing of Personal Data. For the purposes of this Policy, we act as the Data Controller of your account and registration data.
- "Data Processor" means a third-party service provider that processes Personal Data on behalf of the Data Controller.
2. INFORMATION WE COLLECT
A. Information Provided Directly by the User
- Account Registration Data: We utilize a third-party authentication and database service provider for user registration and authentication. When you register, we collect your email address and authentication credentials.
- Social Sign-In (OAuth): If you authenticate using a Google or GitHub account, we collect your email address, unique provider user ID, display name, and avatar URL, subject to the privacy permissions of the respective third-party platform.
- Billing Information: All subscription fees and transactions are processed directly by our third-party merchant processor. We do not collect, store, or process credit card numbers or financial account details. The processor provides us only with transaction confirmations, billing country, and subscription status tokens.
B. Information Created through Service Use
- User Content and Widget Data: We collect and store User Content, including notes text, images, and Widget Storage.
- Local Storage and Caching: The Service utilizes browser-level storage technologies, including IndexedDB and localStorage, to maintain an offline cache of User Content for performance and offline-first capabilities.
C. Automatically Collected Technical Data
- Diagnostic Logs: Our server hosting and cloud infrastructure automatically generate request logs, which record your IP address, browser user-agent string, operating system, request paths, timestamps, and diagnostic data for security monitoring, fraud prevention, and system maintenance.
3. LEGAL BASES FOR PROCESSING (GDPR & CCPA COMPLIANCE)
If you reside in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your Personal Data under the following legal bases:
- Performance of a Contract: To provide, maintain, and synchronize your account and User Content across devices as agreed under our Terms of Service.
- Legitimate Interests: To monitor and secure our Service, prevent security breaches or fraud, and improve Service performance.
- Consent: Where you have provided explicit consent for specific processing operations (e.g., using the AI Note-Agent). You have the right to withdraw consent at any time.
4. HOW WE USE YOUR DATA
We utilize your information for the following business purposes:
- To operate, maintain, update, and secure the Service and your user account.
- To synchronize User Content and Widget Storage across your authenticated devices.
- To execute custom JavaScript widgets client-side inside a sandboxed iframe.
- To authenticate your identity and control access to paid tiers (Pro Tier).
- To facilitate processing of recurring subscription fees via our third-party merchant processor.
- To run the AI Note-Agent features (leveraging third-party artificial intelligence API providers to generate, modify, or summarize notes contextually) at the explicit request of Pro Tier users.
- To troubleshoot technical bugs, optimize dashboard performance, and secure the server infrastructure.
5. DATA RETENTION AND ERASURE
- Retention Period: We retain your Personal Data and User Content for as long as your account remains active or as required to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law.
- Account Deletion (Right to Be Forgotten): You may request the permanent deletion of your account at any time. Upon receiving an account deletion request, we permanently delete all notes associated with your account from
public.notesand purge your user preferences frompublic.user_preferences(subject to database triggers configured withON DELETE CASCADE). - Trash Queue Retention: Notes moved to the trash are subject to a FIFO (First-In, First-Out) soft-delete limit. Only the 20 most recent soft-deleted notes are retained; older notes are automatically and permanently purged.
6. DATA SHARING AND SUB-PROCESSORS
We do not sell, trade, lease, or monetize your Personal Data. We disclose your data only to the following categories of Data Processors to facilitate the delivery of the Service:
- Database and Authentication Providers: Database hosting, user authentication, postgres metadata storage, and state synchronization.
- Payment Processors: Payment gateway processing, merchant card services, subscription billing, and hosting of secure payment portals.
- Cloud Infrastructure and Web Hosting Providers: Backend server API hosting, frontend static asset distribution, content delivery networks (CDNs), request routing, and server log collection.
- Artificial Intelligence Service Providers: AI language model api processing (data is transmitted only when a user explicitly interacts with the AI Note-Agent companion; these providers do not retain user note context to train public models).
7. YOUR DATA PRIVACY RIGHTS
Depending on your jurisdiction (e.g., EU GDPR, California CCPA/CPRA, UK GDPR), you possess the following rights regarding your Personal Data:
- Right of Access: The right to request copies of the Personal Data we hold about you.
- Right of Rectification: The right to correct inaccurate or incomplete Personal Data.
- Right of Erasure: The right to request that we delete your Personal Data under certain conditions.
- Right to Restrict or Object: The right to object to or restrict our processing of your Personal Data under legitimate interests.
- Right to Data Portability: The right to request the transfer of your collected data to another organization.
To exercise any of these rights, please submit a formal request to our support email at [email protected]. We will verify your identity before responding to the request within thirty (30) days.
8. STATUTORY DISCLOSURES
A. California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request details regarding our disclosure of Personal Data to third parties for direct marketing purposes. We do not disclose Personal Data to third parties for direct marketing purposes.
B. International Data Transfers
Personal Data collected by us may be stored and processed in the United States or any other country where we or our sub-processors maintain facilities. By using the Service, you consent to any transfer of information outside of your country of residence, where data protection laws may differ.
9. CONTACT DETAILS
For formal legal notices, data requests, or privacy inquiries, please contact:
Notably App Support
Email: [email protected]