Privacy Policy
Last updated: March 7, 2026
NoteGod ("we", "us", or "our") operates the NoteGod application and website at notegod.io. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service. By using NoteGod, you agree to the practices described in this policy.
1. Data We Collect
1.1 Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign up using a third-party provider (Google or GitHub), we receive your basic profile information from that provider.
1.2 Note Content
Your notes and associated metadata (titles, tags, folder structure) are stored on our servers. All note content is encrypted with AES-256-GCM before storage using a zero-knowledge architecture, meaning we cannot read or access the plaintext content of your notes.
1.3 Billing Information
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We retain only a Stripe customer ID, subscription status, and basic transaction records (amount, date, plan type) for our records.
1.4 Google Drive Integration
If you enable Google Drive integration, we store an OAuth refresh token to maintain your connection. This token grants access only to NoteGod-specific files and folders within your Google Drive. You can revoke this access at any time from your NoteGod settings or your Google account.
1.5 Usage Data
We may collect anonymized usage data such as feature usage patterns, device type, browser type, and general geographic region. This data is used solely to improve the service and is never tied to your identity or note content.
2. How We Use Your Data
We use your information for the following purposes:
- To provide, maintain, and improve the NoteGod service
- To authenticate your identity and manage your account
- To process payments and manage subscriptions via Stripe
- To enable Google Drive synchronization when you opt in
- To send transactional emails (account confirmation, password resets, billing receipts)
- To respond to support requests and communicate about service changes
- To detect and prevent fraud, abuse, or security incidents
We do not sell, rent, or share your personal data with advertisers or data brokers. We do not use your note content for training machine learning models or for any purpose other than providing you the service.
3. Data Storage and Security
We take security seriously and implement multiple layers of protection:
- Encryption at rest: All note content is encrypted using AES-256-GCM before being stored. Encryption keys are derived in a way that prevents us from reading your notes.
- Encryption in transit: All communication between your device and our servers uses TLS 1.2 or higher.
- Database security: We use Supabase with Row-Level Security (RLS) policies, ensuring each user can only access their own data at the database level.
- Access controls: Internal access to infrastructure is restricted and monitored. We follow the principle of least privilege.
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to using industry-standard practices to safeguard your information.
4. Third-Party Services
We rely on the following third-party services to operate NoteGod:
Supabase
Database hosting, authentication, and real-time sync. Your encrypted data is stored in Supabase-managed PostgreSQL databases. See Supabase Privacy Policy.
Stripe
Payment processing for paid subscriptions. Stripe handles all credit card data and is PCI DSS Level 1 certified. See Stripe Privacy Policy.
OAuth authentication and Google Drive integration. We request only the minimum scopes necessary for functionality. See Google Privacy Policy.
Each third-party provider processes your data in accordance with their own privacy policies. We encourage you to review them.
5. Cookies
NoteGod uses a minimal number of cookies, all of which are essential for the service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| sb-*-auth-token | Supabase authentication session | Session / 1 year |
| gdrive_oauth | Google Drive OAuth state (if integration enabled) | Session |
We do not use any analytics, advertising, or tracking cookies. We do not participate in cross-site tracking.
6. Data Retention
- Active accounts: Your data is retained for as long as your account remains active.
- Account deletion: When you delete your account, all your notes, personal information, and associated data are permanently deleted within 30 days. Encrypted backups that may still contain your data are purged within 90 days.
- Billing records: Basic transaction records may be retained for up to 7 years to comply with tax and accounting regulations.
- Server logs: Anonymized server logs are retained for up to 90 days for security monitoring and are then automatically deleted.
7. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Access You have the right to request a copy of the personal data we hold about you.
- Rectification You have the right to request correction of inaccurate or incomplete personal data.
- Erasure You have the right to request deletion of your personal data ("right to be forgotten"). You can delete your account at any time from your settings.
- Portability You have the right to receive your data in a structured, commonly used, and machine-readable format. NoteGod provides data export functionality in your account settings.
- Object You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
- Restriction You have the right to request restriction of processing of your personal data under certain conditions.
To exercise any of these rights, please contact us at support@notegod.io. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Legal basis for processing: We process your data based on (a) contractual necessity to provide the service, (b) your consent where applicable (e.g., Google Drive integration), and (c) our legitimate interests in maintaining security and improving the service.
8. Children's Privacy
NoteGod is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will take steps to delete that information promptly.
9. International Data Transfers
Your data may be processed and stored in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission where applicable.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of NoteGod after changes become effective constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
NoteGod Privacy Team
Email: support@notegod.io