Last updated: April 30, 2026
CollabNote (“we,” “us,” “our”) is a collaborative markdown note-taking service. You can reach us at districtzone0x9@gmail.com.
When you register, we collect your email address, display name, and a hashed password (bcrypt). If you sign in with Google, we receive your Google account email, name, and profile photo from Google’s OAuth service. We never receive or store your Google password.
The text content of every note, folder name, tag, and attachment you create is stored on our servers. This includes notes you share with collaborators. Notes you choose to encrypt with a password are stored as ciphertext — the encryption key is derived in your browser and the plaintext is never transmitted to our servers for those notes.
We log which notes are created, modified, deleted, and shared, along with timestamps. Real-time collaboration data (cursor positions, presence) is processed in memory and not permanently stored.
Payments are processed by Stripe. We do not store your card number, CVV, or full payment details. We store your Stripe Customer ID and subscription status (active, canceled, etc.) to manage your Pro access.
If you use Voice Notes or Voice Dictation (Pro features), audio is sent to Groq’s API for transcription. Audio is not stored by us after transcription completes. Groq’s own privacy policy governs their handling of that data.
Pro AI features (AI Writing Assistant, AI Workspace Assistant, Similar Notes, AI Note Title) send the relevant note content to Groq’s API to generate responses. We do not store the AI responses beyond your current session. Groq’s privacy policy governs their processing.
We collect standard server logs including IP addresses, browser/OS type, and request timestamps for security monitoring and debugging. These are retained for up to 30 days.
We use the following third-party processors. By using CollabNote you agree to their respective privacy policies:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription metadata |
| Groq | AI & transcription (Pro) | Note content, audio |
| Supabase | Optional database storage | Note content, account data |
| Google OAuth | Sign-in (optional) | Email, name, profile photo |
| Fly.io / Render | Hosting & infrastructure | All server data at rest |
We do not sell your data to any third party.
Your account data and notes are retained until you delete them or close your account. Deleted notes are removed immediately from our active storage. Backup copies may persist in server snapshots for up to 30 days before permanent deletion. Subscription records are retained for 7 years for tax and compliance purposes.
Passwords are hashed with bcrypt before storage. All traffic is encrypted in transit via HTTPS/TLS. Notes you explicitly encrypt with a password use AES-256-GCM encryption derived in your browser — we cannot read those notes. Unencrypted notes are stored as plaintext on our servers and accessible to us for operational purposes.
No system is perfectly secure. In the event of a data breach we will notify affected users within 72 hours of discovery.
You may at any time:
To exercise these rights, email districtzone0x9@gmail.com. We will respond within 30 days.
We use a single HTTP-only session cookie to keep you logged in. We do not use advertising or tracking cookies. Some preferences (theme, sidebar state) are stored in your browser’s localStorage and never sent to our servers.
CollabNote is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we will delete it promptly.
We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. Continued use after that date constitutes acceptance.
Questions or requests: districtzone0x9@gmail.com