Privacy Policy

Last updated: March 27, 2026

NotesCodex ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, why, how we use it, and your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Data We Collect

1.1 Purchase Data

When you purchase the Software, we collect your email address to deliver your download link and for support purposes. Payment processing is handled entirely by Stripe and/or PayPal - we never receive, store, or have access to your credit card number, CVV, or banking details.

1.2 Website Analytics

We use Google Analytics 4 (GA4) and Vercel Analytics to collect website usage data (page views, traffic sources, performance metrics). GA4 uses cookies and is loaded only after you give explicit consentvia the cookie banner. If you reject cookies, GA4 is never loaded. Vercel Analytics is cookieless and collects only anonymous, aggregated data. No data is shared with third parties for advertising. We use Google Consent Mode v2: analytics storage defaults to "denied" and is only set to "granted" after your explicit acceptance.

1.3 Application Data

The NotesCodex application stores all data locally on your device. Your notes, terminal sessions, files, and knowledge graph never leave your machine. We have no access to this data. The application does not contain telemetry, tracking, or analytics of any kind. If you enable optional cloud sync, you configure your own infrastructure - we do not process or access your synced data.

1.4 Update Checks

The application may periodically contact our server to check for updates. This request contains only your current application version and operating system. No personal data or content is transmitted.

2. How We Use Your Data

We use the data we collect solely for these purposes:

• To deliver your purchase (download link and confirmation email)
• To provide customer support
• To send critical product updates (security patches, breaking changes)
• To improve our website performance (anonymous analytics)

We do not use your data for marketing, advertising, profiling, or any purpose other than those listed above. We do not sell your data to third parties.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing personal data are:

• Contract performance - processing your email to fulfill your purchase and deliver the Software (Art. 6(1)(b) GDPR)
• Legitimate interest - anonymous website analytics to improve our service (Art. 6(1)(f) GDPR)

4. Third-Party Processors

We share your data only with the following processors, solely for the purposes described:

• Stripe - payment processing (PCI DSS Level 1 certified)
• PayPal - payment processing (PCI DSS Level 1 certified)
• Resend - transactional email delivery
• Google - Google Analytics 4 for website usage statistics (only with consent)
• Vercel - website hosting and anonymous analytics
• Neon - database hosting (stores order records: email, payment reference, date)

All processors are bound by data processing agreements and comply with applicable data protection regulations.

5. Data Retention

We retain your purchase record (email address, payment reference, purchase date) for as long as necessary to provide you with updates and support, and to comply with legal obligations (e.g., tax and accounting requirements). You may request deletion at any time (see Section 7).

6. International Transfers

Our processors may store data outside the EEA (primarily in the United States). Where applicable, these transfers are protected by Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework.

7. Your Rights

GDPR Rights (EEA Users)

Under the GDPR, you have the right to:

• Access - request a copy of the personal data we hold about you
• Rectification - request correction of inaccurate data
• Erasure - request deletion of your personal data
• Restriction - request that we limit processing of your data
• Portability - receive your data in a structured, machine-readable format
• Objection - object to processing based on legitimate interest
• Complaint - lodge a complaint with your local data protection authority

CCPA Rights (California Users)

Under the CCPA, California residents have the right to:

• Know what personal information is collected and how it is used
• Request deletion of personal information
• Opt out of the sale of personal information - we do not sell your data
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at info@notescodex.com. We will respond within 30 days.

8. Cookies

We use the following cookies:

• Analytics cookies (Google Analytics 4) - loaded only after explicit consent via the cookie banner. Used for anonymous website usage statistics. You can reject these at any time.
• Consent preference - a localStorage entry that remembers your cookie choice so we don't ask again.
• Payment cookies - essential cookies set by Stripe and/or PayPal during checkout for secure payment processing. These are exempt from consent under GDPR.

We do not use cookies for advertising, retargeting, or profiling.

9. Children

The Software is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email. The "Last updated" date at the top reflects the most recent revision.

11. Data Controller

The data controller for your personal data is NotesCodex. For any privacy-related inquiries, contact us at: info@notescodex.com