Privacy Policy

Last updated: 1 June 2026

Notewright is built so that we hold as little of your data as possible, and none of it in a form we can read. This policy explains what we collect, why, and the choices you have.

What we collect

• Account data — your name, email address and a salted hash of your password. We use this to sign you in and contact you about your account.
• Encrypted note data — if you enable sync, we store ciphertext blobs. We cannot decrypt them; we have no copy of your encryption key.
• Operational logs — minimal request metadata needed to run the service securely. We do not log note contents (we couldn’t read them anyway).

What we do not collect

We do not sell data, run advertising, or use third-party trackers. We do not read, scan or train models on your notes. There is no behavioural profiling.

How we use data

Account data is used to operate your account and provide support. Encrypted note data is stored and synced at your request. Logs are used for security, abuse prevention and debugging, and are retained for a limited time.

Sharing

We share data only with infrastructure providers strictly necessary to run the service (hosting, payment processing), under contracts that limit them to that purpose. We disclose data if legally compelled — but synced notes remain encrypted and unreadable to us and therefore to anyone we’d be compelled to share them with.

Your rights

You can export your notes at any time, delete individual notes, or delete your account entirely from settings. Deleting your account removes your account data and stored ciphertext.

Cookies

We use a single first-party session cookie to keep you signed in. No advertising or tracking cookies.

Contact

Questions about privacy? Write to us via the contact page and we’ll respond.