Privacy policy for Noteheist
Privacy Policy
Effective Date: June 22, 2026
This Privacy Policy explains how Note Heist collects, uses, stores, and protects your information when you use our website, web application, browser extensions, editor integrations, and other services (collectively, the "Service").
- Information We Collect
Account Information
We may collect:
- Name (optional)
- Email address
- Password (stored as secure cryptographic hashes)
Browser Extension Permissions and Screen Capture
If you use our browser extension, web extension, or editor integrations (including IDE integrations such as Visual Studio Code), the Service may request additional permissions to provide core functionality.
These permissions may include access to:
- Active browser tabs
- Selected webpage content
- Screenshots or captured screen regions
- Clipboard data (when explicitly triggered by the user)
- Local editor or workspace context (for supported integrations)
These permissions are used solely to enable features such as:
- Saving web content into notes
- Capturing screenshots
- Performing OCR on captured images
- Sending selected code or text into the Service
- Improving productivity workflows inside supported integrations
Screen capture and OCR features are activated only when initiated by the user or when required for a requested action. We do not continuously record, monitor, or capture your screen in the background without your active consent.
Data captured through extensions or integrations is processed only as necessary to provide requested functionality and may be stored according to your account settings and plan limits.
Image data captured for text recognition (OCR) is securely transmitted via HTTPS to our servers and processed by trusted third-party OCR services (such as Microsoft Azure Cognitive Services). These images are processed in-memory or stored temporarily solely to perform text extraction, and are not used to train AI models or stored permanently on our backend.
User Content
We may store content you create or upload, including:
- Notes
- Documents
- Images
- Screenshots
- Attachments
Technical Information
We may collect:
- IP address
- Browser information
- Device metadata
- Error logs
- Request logs
- Cookies
We use essential cookies necessary for security, authentication, and session validation. These may include: - Login session cookies
- Refresh token cookies
- Security / session validation cookies
These cookies help:
- Keep you signed in
- Protect your account
- Prevent unauthorized access and fraud
We currently do not use advertising, tracking, or other third-party cookies. Consequently, a cookie consent banner is not required for accessing Note Heist, as we only utilize strictly necessary, functional cookies.
- How We Use Data
We use collected information to: - Provide and maintain the Service
- Authenticate users and protect accounts
- Process payments
- Prevent fraud, abuse, and security threats
- Improve product performance and user experience
- Maintain service security
- Payments
Payments are processed through third-party providers such as Razorpay. We do not store complete payment card or bank details. All payment information is processed according to the provider’s policies and standards. - Data Sharing
We do not sell personal data.
We may share data with service providers that help operate the Service, including providers for:
- Hosting and cloud infrastructure
- Payments processing
- Object storage and file delivery
- Email delivery
- Security monitoring
These providers may process data only as necessary to perform their services for us.
- Data Security
We use reasonable technical and organizational measures to protect user data. However, no online system is completely secure, and we cannot guarantee absolute security. Users are responsible for maintaining credential security. - Data Retention
We retain data while accounts remain active or as necessary for legal, audit, and operational purposes. Deleted content may temporarily remain in secure backups or system logs until fully purged. - Account Deletion
Users may request deletion of their account. Upon deletion, personal data and user content will be removed unless retention is required by law or technical necessity. - International Transfers
Your data may be processed on infrastructure located in different geographic regions depending on our service providers' facility locations. - Third-Party Services
We may use third-party services for infrastructure and product operations. These third-party services have their own privacy practices. - Children’s Privacy
The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. - Policy Updates
We may update this Privacy Policy periodically. Continued use of our Service after updates indicates acceptance of the revised policies. - Your Rights
Depending on applicable law, you may have rights to: - Access your data
- Correct inaccurate data
- Request deletion of your data
- Request export of your data
- Contact
For privacy-related questions, contact us at noteheist@gmail.com