Notexs
Privacy Policy

How we handle your data

Notexs is local-first. Your notes are plain .md files on your machine — cloud sync is optional and explicit. This policy explains the limited personal data we do handle.

Effective date: March 23, 2026

1. Information we collect

Notexs collects only what is strictly necessary to operate the service.

Account data
Email address and password hash, collected at sign-up. Required to provide cloud sync and Pro features.
Synced content (Pro, opt-in)
Documents you choose to sync are stored encrypted on our infrastructure. Local-only documents are never transmitted.
Payment data
Processed by Stripe exclusively. We store only a Stripe customer ID and your subscription status — no card numbers or bank details.
Diagnostic data
Anonymised crash reports via Sentry. No note content is included. You can opt out in app settings.

3. How we use your data

  • Authenticate your account and maintain your session
  • Sync documents across devices when cloud sync is enabled
  • Process and manage your subscription or one-time payment
  • Send transactional emails (purchase confirmation, password reset)
  • Diagnose and fix software defects
  • Comply with legal obligations (tax records, fraud prevention)
We never sell your data, use it for advertising, or share it with third parties for their own marketing.

4. Sub-processors & third parties

Each sub-processor is bound by a Data Processing Agreement.

Supabase, Inc.Database, authentication, and encrypted storage. Hosted on AWS (us-east-1). GDPR DPA in place.
Stripe, Inc.Payment processing. PCI DSS Level 1 certified. No card data passes through our servers.
Sentry, Inc.Crash reporting. Anonymised; no note content is included.
AWS (Amazon Web Services)Underlying cloud provider for Supabase. ISO 27001 certified, SOC 2 compliant data centres.

International transfers to the US are covered by the EU–US Data Privacy Framework and Standard Contractual Clauses.

5. Your privacy rights

Depending on your jurisdiction, you have the right to:

Access: A machine-readable copy of all personal data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Delete your account and all associated personal data within 30 days. Your local .md files are unaffected.
Portability: Your notes are plain .md files — exportable from the app at any time with no proprietary format.
Restriction: Suspend processing while a dispute is resolved.
Objection: Object to processing based on legitimate interest.
CCPA opt-out: We do not sell personal information. A "Do Not Sell" request can be submitted, though it has no practical effect given our practices.

Email support@notexs.com to exercise any right. We respond within 30 days (GDPR Article 12).

6. Data retention

Account & synced contentRetained while active. Deleted within 30 days of account deletion.
Payment records7 years, as required by tax law in most jurisdictions.
Crash reports90 days, then automatically purged by Sentry.
Auth logs30 days for security monitoring, then deleted.

7. Cookies & local storage

Notexs is a native desktop app. This website uses strictly necessary local storage and optional privacy-friendly analytics:

  • Authentication session token (Supabase) — expires on sign-out
  • Theme preference (light/dark) — stored in your browser's localStorage only
  • Analytics preference — stored locally so we can remember your choice
  • Plausible Analytics — enabled only if you accept analytics, used to understand aggregate landing page traffic

No advertising cookies, retargeting pixels, session replay, heatmaps, or cross-site tracking. Analytics are used only on the marketing website, not inside the Notexs desktop workspace.

8. Children's privacy

Notexs is not directed at children under 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact support@notexs.com and we will delete it promptly.

9. Changes to this policy

Material changes will be communicated by email to registered users at least 14 days before they take effect. Continued use after the effective date constitutes acceptance. If you are in the EEA, you also have the right to lodge a complaint with your local supervisory authority.

Contact our privacy team

For requests, questions, or complaints. EEA users also have the right to contact their local supervisory authority.

Email: support@notexs.com

Response time: within 30 days