How we handle your data
Notexs is local-first. Your notes are plain .md files on your machine — cloud sync is optional and explicit. This policy explains the limited personal data we do handle.
Effective date: March 23, 2026
1. Information we collect
Notexs collects only what is strictly necessary to operate the service.
- Account data
- Email address and password hash, collected at sign-up. Required to provide cloud sync and Pro features.
- Synced content (Pro, opt-in)
- Documents you choose to sync are stored encrypted on our infrastructure. Local-only documents are never transmitted.
- Payment data
- Processed by Stripe exclusively. We store only a Stripe customer ID and your subscription status — no card numbers or bank details.
- Diagnostic data
- Anonymised crash reports via Sentry. No note content is included. You can opt out in app settings.
2. Legal basis for processing (GDPR)
If you are in the EEA or UK, our legal bases are:
- Contract performance: Delivering the service you signed up for.
- Legitimate interest: Diagnosing crashes and improving reliability. A balancing test has been conducted.
- Legal obligation: Retaining transaction records as required by applicable tax law.
- Consent: Optional product update emails — withdrawable at any time.
3. How we use your data
- —Authenticate your account and maintain your session
- —Sync documents across devices when cloud sync is enabled
- —Process and manage your subscription or one-time payment
- —Send transactional emails (purchase confirmation, password reset)
- —Diagnose and fix software defects
- —Comply with legal obligations (tax records, fraud prevention)
4. Sub-processors & third parties
Each sub-processor is bound by a Data Processing Agreement.
International transfers to the US are covered by the EU–US Data Privacy Framework and Standard Contractual Clauses.
5. Your privacy rights
Depending on your jurisdiction, you have the right to:
Email support@notexs.com to exercise any right. We respond within 30 days (GDPR Article 12).
6. Data retention
8. Children's privacy
Notexs is not directed at children under 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact support@notexs.com and we will delete it promptly.
9. Changes to this policy
Material changes will be communicated by email to registered users at least 14 days before they take effect. Continued use after the effective date constitutes acceptance. If you are in the EEA, you also have the right to lodge a complaint with your local supervisory authority.
Contact our privacy team
For requests, questions, or complaints. EEA users also have the right to contact their local supervisory authority.
Email: support@notexs.com
Response time: within 30 days
