notenus
Legal

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Welcome to Notenus ("we," "our," or "us"). Notenus is operated as an independent service dedicated to providing a secure, zero-knowledge cloud notepad. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at notenus.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Note Content: For public notes (without password protection), we store the plaintext content you create. For password-protected notes, we only store the encrypted ciphertext — we never have access to the decrypted content.
  • Account Information: If you choose to sign in, we collect your name and email address through our OAuth authentication provider.
  • Custom URLs: The URL slugs you choose for your notes.

2.2 Information Collected Automatically

  • Usage Data: We collect anonymous usage statistics including page views, note view counts, and general traffic patterns.
  • Log Data: Our servers automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps. This data is used for security monitoring and service improvement.
  • Cookies: We use essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies without your consent.

3. Zero-Knowledge Architecture

Notenus is built on a zero-knowledge architecture for password-protected notes. This means:

  • Encryption and decryption occur entirely in your browser using AES-256-GCM.
  • Your password is never transmitted to or stored on our servers.
  • We derive encryption keys using PBKDF2 with 600,000 iterations on the client side.
  • We store only the encrypted ciphertext, encryption salt, and initialization vector (IV) — none of which can be used to recover your content without your password.
  • Even Notenus administrators and engineers cannot access the plaintext content of your protected notes.

4. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To enable note creation, storage, sharing, and retrieval.
  • To authenticate users who choose to sign in.
  • To generate anonymous, aggregated analytics for service improvement.
  • To detect and prevent abuse, fraud, and security threats.
  • To comply with legal obligations.

5. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Public Notes: Notes created without password protection are publicly accessible by design and may be indexed by search engines.
  • Service Providers: We may share data with trusted third-party service providers who assist us in operating the Service (e.g., hosting, analytics), subject to confidentiality agreements.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Safety: We may disclose information to protect the rights, property, or safety of Notenus, our users, or the public.

6. Data Retention

We retain your note data for as long as the note exists on our platform. Notes can be deleted at any time by the creator. When a note is deleted, all associated data including content, metadata, and version history is permanently removed from our servers within 30 days. Account information is retained for as long as your account is active.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256-GCM client-side encryption for password-protected notes.
  • HTTPS/TLS encryption for all data in transit.
  • Secure server infrastructure with regular security updates.
  • Access controls and monitoring to prevent unauthorized access.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and notes.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your personal data.

To exercise any of these rights, please contact us at our contact page.

9. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us through our Contact Support page.

Notenus

Email: [email protected]

Website: notenus.com