Privacy Policy

We collect the minimum information necessary to provide and improve the Service: Account Information: When you create an account, we collect your email address, display name, and authentication credentials. If you sign up via a third-party provider (Google, GitHub), we receive your basic profile information. Usage Data: We collect anonymous usage statistics such as feature usage frequency, capture counts, and performance metrics. This data is aggregated and cannot be used to identify individual users. Payment Information: When you subscribe to a paid plan, payment details are processed and stored securely by Stripe. We do not store your full credit card number on our servers. Captured Content: Content you capture using the extension is stored locally on your device. If you use cloud sync (Pro plan), encrypted copies are stored on our servers. Device Information: We collect basic device and browser information to ensure compatibility and troubleshoot issues.

We use the information we collect to: - Provide, maintain, and improve the Service - Process transactions and send related information - Send technical notices, updates, and security alerts - Respond to your comments, questions, and customer support requests - Monitor and analyze usage trends to improve user experience - Detect, investigate, and prevent fraudulent transactions and abuse - Personalize the Service based on your preferences We do not sell, rent, or trade your personal information to third parties. We do not use your captured content for advertising or marketing purposes.

We take data security seriously and implement industry-standard measures to protect your information: Encryption: All data in transit is encrypted using TLS 1.3. Stored data is encrypted using AES-256 encryption at rest. Access Control: We implement strict access controls and authentication protocols. Only authorized personnel can access user data, and all access is logged and audited. Infrastructure: Our servers are hosted on secure cloud infrastructure with SOC 2 compliance, automated backups, and disaster recovery procedures. Local Storage: When using the free plan, your data is stored entirely on your local device using the browser's secure storage APIs. We have no access to locally stored data. Data Clearing: When you sign out, all locally cached data is cleared from your device. Cloud-synced data can be deleted from your account settings at any time.

We use a limited number of trusted third-party services: Stripe: Payment processing. Subject to Stripe's Privacy Policy (stripe.com/privacy). Supabase: Authentication and cloud database. Data is stored with encryption at rest and in transit. Analytics: We use privacy-focused analytics that do not track individual users or use cookies for tracking purposes. We carefully vet all third-party services and require them to comply with applicable data protection regulations. We do not share more information than necessary with any third party.

We use minimal cookies essential for the Service to function: Authentication Cookies: Used to keep you signed in and maintain your session. These are strictly necessary and cannot be disabled. Preference Cookies: Used to remember your settings and preferences (such as theme and language). We do not use tracking cookies, advertising cookies, or any third-party cookies for marketing purposes. Our extension does not inject cookies into the websites you visit.

We retain your data only as long as necessary to provide the Service: Account Data: Retained as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Captured Content: Locally stored content is retained on your device until you delete it. Cloud-synced content is retained until you delete it or close your account. Usage Analytics: Aggregated, anonymized analytics data may be retained indefinitely as it cannot be linked to individual users. Payment Records: Transaction records are retained as required by applicable tax and financial regulations (typically 7 years). Backups: Encrypted backups are retained for up to 90 days for disaster recovery purposes and are automatically purged thereafter.

Depending on your location, you may have the following rights regarding your personal data: Right to Access: You can request a copy of all personal data we hold about you. Right to Rectification: You can request correction of inaccurate or incomplete personal data. Right to Erasure: You can request deletion of your personal data ("right to be forgotten"). Right to Data Portability: You can request your data in a structured, machine-readable format. Right to Restrict Processing: You can request that we limit how we use your data. Right to Object: You can object to the processing of your personal data. Right to Opt-Out of Sale (CCPA): We do not sell personal information. However, California residents have the right to know if their data has been sold or disclosed for a business purpose. Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. To exercise any of these rights, contact us at privacy@notesyncpro.com. We will respond to your request within 30 days.

NoteSync Pro is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@notesyncpro.com.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by: - Posting the updated policy on our website with a new "Last updated" date - Sending an email notification to the address associated with your account - Displaying a prominent notice within the extension We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: privacy@notesyncpro.com General Support: support@notesyncpro.com Website: notesyncpro.com/contact For GDPR inquiries, you may also contact your local data protection authority. NoteSync Pro privacy@notesyncpro.com