SuperNote Privacy Policy

Last Updated: July 4, 2025

This Privacy Policy explains how SuperNote collects, uses, and protects your information when you use our AI-powered note-taking application.

Quick Summary

• We collect minimal data needed to provide our AI-powered features
• Your notes and content remain private and are processed securely
• We use encryption and security measures to protect your data
• You have full control over your data and can delete it anytime
• We comply with GDPR, CCPA, and other privacy regulations

1. Information We Collect

Account Information:

• Email address for account creation and communication
• Name (optional) for personalization
• Profile picture (optional)
• Authentication credentials (encrypted)

Content You Create:

• Notes, documents, and text content you input
• Voice recordings and audio files you upload
• Videos and multimedia content you process
• Files and documents you import (PDFs, Word docs, etc.)
• Quiz questions and study materials you generate

Usage Information:

• How you use the app (features accessed, time spent)
• Device information (OS version, device type)
• App performance data and crash reports
• Preferences and settings you configure

Technical Data:

• IP address (anonymized for analytics)
• Session data and authentication tokens
• App version and update information
• Error logs and diagnostic data

2. How We Use Your Information

Core Service Delivery:

• Process your content through AI to generate notes and summaries
• Sync your data across your devices
• Provide transcription and text-to-speech services
• Generate quizzes and study materials from your content
• Backup and restore your data

AI Processing:

• Send content to AI providers (OpenAI, Google, ElevenLabs) for processing
• Analyze documents and media to extract key information
• Generate summaries, notes, and quiz questions
• Improve transcription accuracy over time

Product Improvement:

• Analyze usage patterns to improve features
• Fix bugs and enhance performance
• Develop new AI capabilities
• Optimize user experience

Communication:

• Send important service updates
• Provide customer support
• Notify about new features (with your consent)
• Send security alerts when necessary

3. AI Processing & Third-Party Services

SuperNote uses third-party AI services to enhance your experience. Here's how we protect your data during AI processing:

AI Service Providers:

• OpenAI: Text generation, summarization, and content analysis
• Google AI: Document processing and natural language understanding
• ElevenLabs: Text-to-speech conversion
• Deepgram: Audio transcription services
• Anthropic: Advanced text processing and analysis

Data Protection During AI Processing:

• Data is encrypted in transit to AI providers
• We use enterprise-grade API access with enhanced privacy
• Personal identifiers are removed before processing when possible
• AI providers are contractually bound to protect your data
• Processed data is not used to train third-party AI models

What Data We Share with AI Services:

• Content you explicitly request to be processed (notes, documents, audio)
• Context necessary for accurate AI responses
• No personal account information or unnecessary metadata
• No data from other users or unrelated content

4. Data Security & Protection

Encryption:

• All data encrypted in transit using TLS 1.3
• Data encrypted at rest using AES-256
• Database encryption with rotating keys
• End-to-end encryption for sensitive content

Access Controls:

• Multi-factor authentication for admin access
• Principle of least privilege for staff
• Regular access reviews and audit logs
• Secure development practices

Infrastructure Security:

• Cloud infrastructure with enterprise-grade security
• Regular security audits and penetration testing
• Automated vulnerability scanning
• Incident response and monitoring systems

Data Backup & Recovery:

• Automated daily backups with encryption
• Geographic distribution of backup data
• Regular backup integrity testing
• Disaster recovery procedures

5. Data Sharing & Disclosure

We do not sell your personal data. We only share data in these limited circumstances:

Service Providers:

• AI processing services (OpenAI, Google, etc.) for core functionality
• Cloud hosting providers (with data processing agreements)
• Analytics services (with data minimization)
• Customer support platforms (only support-related data)

Legal Requirements:

• Court orders or legal process
• Compliance with applicable laws
• Protection of our legal rights
• Prevention of illegal activities

Business Transfers:

• Mergers or acquisitions (with continued privacy protection)
• Asset sales (data protection obligations transfer)
• Corporate restructuring

With Your Consent:

• Sharing with third-party integrations you enable
• Participation in research studies (anonymized)
• Testimonials or case studies (with explicit permission)

6. Data Retention

Account Data:

• Retained while your account is active
• Deleted within 30 days of account deletion
• Some data may be retained for legal compliance (anonymized)

Content Data:

• Notes and documents retained while account is active
• Immediately deleted when you delete specific content
• Backups purged within 90 days of deletion

Analytics Data:

• Aggregated usage data retained for 2 years
• Individual usage data deleted after 1 year
• Error logs and diagnostics deleted after 6 months

Legal & Security Data:

• Security logs retained for 1 year
• Legal compliance records as required by law
• Fraud prevention data for legitimate business purposes

7. Your Privacy Rights

Access & Portability:

• View all data we have about you
• Download your data in portable formats
• Export notes, documents, and content
• Receive data transfer within 30 days

Correction & Updates:

• Edit your profile and account information
• Update preferences and settings
• Correct inaccurate personal data
• Request data corrections

Deletion & Removal:

• Delete specific notes or content
• Delete your entire account and all data
• Request removal of specific information
• Opt out of data processing (where legally required)

Control & Preferences:

• Control email notifications and communications
• Manage data sharing preferences
• Opt out of analytics (where possible)
• Choose AI processing preferences

8. Regional Privacy Rights

GDPR Rights (EU/UK):

• Right to be informed about data processing
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing in certain circumstances
• Right to data portability
• Right to object to processing
• Rights related to automated decision making

CCPA Rights (California):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising privacy rights

Other Regional Rights:

• Compliance with applicable local privacy laws
• Data localization where required
• Specific consent mechanisms as needed

9. Children's Privacy

SuperNote is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children.

If we discover we have collected information from a child:

• We will delete the information immediately
• We will notify parents/guardians if possible
• We will terminate the account
• We will review our processes to prevent future occurrences

Parents and guardians:

• Can contact us to review any information we may have
• Can request deletion of their child's information
• Can refuse further collection or use of information

10. International Data Transfers

SuperNote operates globally and may transfer data internationally. We ensure adequate protection through:

Transfer Mechanisms:

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequacy decisions where available
• Binding Corporate Rules for internal transfers
• Explicit consent where required

Data Protection Measures:

• Technical safeguards (encryption, access controls)
• Organizational measures (policies, training)
• Legal protections (contracts, compliance)
• Regular assessments of transfer risks

11. Cookies & Tracking

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Core app functionality
• User preferences and settings

Analytics Cookies:

• Usage statistics (anonymized)
• Performance monitoring
• Feature usage analysis
• Error tracking and debugging

Cookie Management:

• You can control cookies through browser settings
• Essential cookies cannot be disabled without affecting functionality
• Analytics cookies can be opted out
• We respect Do Not Track signals where possible

12. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

How we notify you of changes:

• Material Changes: Email notification 30 days in advance
• Minor Changes: Updated "Last Modified" date
• In-App Notice: Notification within the app
• Website Notice: Banner on our website

Your choices after changes:

• Continue using the service (indicates acceptance)
• Delete your account if you disagree with changes
• Contact us with questions or concerns
• Exercise your data rights before policy takes effect

13. Contact Us

Privacy-Related Questions:

• Email: privacy@supernote.app
• Response Time: Within 72 hours
• Data Protection Officer: dpo@supernote.app

General Support:

• Email: support@supernote.app
• In-App Help: Settings → Help & Privacy
• Website: supernote.app/privacy

Legal & Compliance:

• Legal Team: legal@supernote.app
• Compliance: compliance@supernote.app
• Security Issues: security@supernote.app

We're committed to protecting your privacy and will respond to all privacy-related inquiries promptly. Your trust is important to us, and we're here to address any concerns you may have about how we handle your data.