Privacy Policy
Last Updated: May 1, 2025
At NoteViral.com ("NoteViral," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our note-taking service, accessible via our Chrome extension, mobile app, or website (collectively, the "Services"). By using our Services, you agree to the terms of this Privacy Policy.
1. Information We Collect
We collect the following types of information to provide and improve our Services:
1.1 Information You Provide
- Personal Information: When you register for an account, we collect your full name and email address.
- Notes: You may submit notes through our Chrome extension or mobile app, which are stored in our database to enable content generation via LLM templates.
- LLM API Key: If you provide an LLM API key for content generation, we encrypt it using AES-256 encryption before storing it in our secure database.
1.2 Information Collected Automatically
- Usage Data: We collect information about how you interact with our Services, such as IP address, device type, browser type, operating system, pages visited, and timestamps.
- Cookies and Similar Technologies: We use cookies and similar technologies (e.g., web beacons) to enhance your experience, analyze usage, and personalize content. See Section 5 for details.
- Analytics Data: Our third-party partner, PostHog, collects anonymized data about your interactions with our Services to help us improve functionality and user experience.
1.3 Information from Third Parties
We may receive information about you from third-party partners, such as Crisp Chat, which provides customer support and may collect your email and name if you initiate a chat session.
2. How We Use Your Information
We use your information for the following purposes:
- Provide Services: To create and manage your account, store your notes, and generate content using LLM templates based on your notes and encrypted API key.
- Improve Services: To analyze usage patterns and enhance the functionality and performance of our Chrome extension, mobile app, and website.
- Communicate: To send you account-related notifications, respond to your inquiries via Crisp Chat, and, with your consent, send marketing communications.
- Security: To detect and prevent fraud, unauthorized access, and other illegal activities.
- Compliance: To comply with legal obligations, such as responding to lawful requests from authorities.
3. How We Share Your Information
We do not sell your personal information. We may share your information as follows:
3.1 Third-Party Partners
- Crisp Chat: Our customer support platform may collect your email and name when you initiate a chat session. Crisp Chat is bound by data protection agreements to process your data securely.
- PostHog: Our analytics provider collects anonymized usage data to help us improve our Services. PostHog does not use third-party cookies and ensures data is masked to prevent identification.
3.2 Service Providers
We may share your information with service providers who assist with hosting, payment processing, or other operational functions. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.3 Legal Requirements
We may disclose your information to comply with legal obligations, such as responding to subpoenas, court orders, or other lawful requests from authorities.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
4. Data Security
We implement robust security measures to protect your data, including:
- Encryption: LLM API keys are encrypted using AES-256 encryption at rest and in transit. All data transmissions use HTTPS with TLS 1.3.
- Access Controls: Only authorized personnel with a legitimate need can access your personal information.
- Regular Audits: We conduct periodic security audits to identify and address vulnerabilities.
- Incident Response: In the unlikely event of a data breach, we will notify affected users within 72 hours, as required by GDPR, and take immediate steps to mitigate harm.
Despite our efforts, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and analyze usage. Cookies are small text files stored on your device.
5.1 Types of Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Enable core functionality, such as authentication and session management. | Session |
| Analytics Cookies | Collect anonymized data via PostHog to improve our Services. | Persistent (up to 1 year) |
| Functional Cookies | Remember your preferences, such as language settings. | Persistent (up to 1 year) |
5.2 Managing Cookies
You can manage cookies through your browser settings or our cookie consent banner, which appears when you first visit our website. Disabling cookies may limit some features of our Services. We respect "Do Not Track" signals as required by the California Online Privacy Protection Act (CalOPPA).
6. Your Rights
Depending on your location, you have the following rights under applicable data protection laws, including GDPR and CCPA:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Restriction: Request restriction of processing your data in certain circumstances.
- Portability: Request your data in a machine-readable format to transfer to another provider.
- Object: Object to processing for direct marketing or legitimate interests.
- Withdraw Consent: Withdraw consent for data processing at any time, where applicable.
- Opt-Out of Sale: Opt-out of the sale of your personal information (note: we do not sell your data).
To exercise these rights, contact us at the email address provided in Section 8. We will respond within 30 days (or 45 days for CCPA requests, with a possible 45-day extension). You may also file a complaint with your local data protection authority (e.g., the Information Commissioner’s Office in the UK or a GDPR supervisory authority in the EU).
7. International Data Transfers
Your data may be stored and processed in the United States or other countries where our service providers operate. If you are in the EU, UK, or Switzerland, we ensure compliance with GDPR Article 13(1)(f) by using Standard Contractual Clauses (SCCs) or relying on adequacy decisions by the European Commission for data transfers to countries like Canada. We do not rely on the invalidated EU-US Privacy Shield.
8. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:
Email: support[]noteviral.com
Note: We may request additional verification to confirm your identity.
NoteViral LLC.
9. Data Retention
We retain your personal information only as long as necessary to provide our Services or comply with legal obligations:
- Account Information: Retained until you delete your account, unless required for legal purposes (e.g., tax records).
- Notes and LLM API Keys: Retained until you delete them or your account, subject to backup retention for 30 days.
- Usage Data: Retained for up to 1 year in anonymized form for analytics purposes.
10. Children’s Privacy
Our Services are not intended for users under 13 years old (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we learn that we have collected such data, we will delete it immediately. Contact us if you believe we have collected data from a child.
11. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email, in-app notifications, or by posting a notice on our website at least 30 days before the changes take effect. Please review this policy periodically.
12. Compliance with Privacy Laws
We comply with applicable privacy laws, including:
- GDPR (EU): We provide transparency, lawful basis for processing, and user rights as outlined in Sections 6 and 7.
- CCPA/CPRA (California): We disclose data collection, sharing, and user rights, including the right to opt-out of sales (not applicable as we do not sell data).
- CalOPPA (California): We respond to "Do Not Track" signals and provide clear cookie disclosures.
- PIPEDA (Canada): We designate a Data Protection Officer and provide a complaint mechanism.
Thank you for trusting NoteViral with your data. We are committed to safeguarding your privacy and providing a secure note-taking experience.