Legal

Privacy Policy

Effective date: May 11, 2025  ·  Last updated: May 11, 2025

The short version
  • Your notes are private. We do not read, sell, or share them.
  • We collect only what is needed to run the service and keep it secure.
  • We use AI features only to process content you explicitly send to them.
  • You can export or delete your data at any time.
  • We do not run advertising. We do not sell your data. Ever.

1. Who we are

notx is a personal knowledge and thinking tool built by Zebaqui ("we", "us", "our"). This Privacy Policy explains how we collect, use, and protect information when you use notx — including the web application at notx.zebaqui.com, the desktop application, and any browser extensions we publish (collectively, the "Service").

If you have questions, contact us at privacy@zebaqui.com.

2. What we collect

2.1 Account information

When you create an account we collect your email address and, if you choose to provide it, a display name. We use this to identify your account and communicate with you about the Service.

2.2 Content you create

Notes, diagrams, recordings, tasks, and any other content you create inside notx are stored on our servers so they are available across your devices. This content belongs to you. We do not read it, analyse it for advertising purposes, or share it with third parties, except as described in Section 4.

2.3 Usage data

We collect minimal technical data to operate and improve the Service:

  • Device type and operating system
  • Browser type and version
  • Pages and features accessed, and the time and date of access
  • Error logs and crash reports
  • API request logs (endpoint, status code, response time — not content)

This data is used solely for debugging, performance monitoring, and understanding how features are used in aggregate. It is not linked to your note content.

2.4 Payment information

If you subscribe to a paid plan, payment is processed by a third-party payment provider (currently Stripe). We do not store your credit card number or full card details. We receive a tokenised reference and basic billing information (e.g. last four digits, expiry, billing country) for record-keeping.

2.5 Browser extension

The notx browser extension reads the URL and title of the tab you are viewing when you explicitly click the extension icon. It stores your authentication token locally in your browser using chrome.storage.local so you do not have to sign in on every use. No browsing history, tab content, or data from pages you have not explicitly saved is ever accessed or transmitted.

3. How we use your information

  • Providing the Service — storing and syncing your notes across devices, authenticating your account, processing payments.
  • AI features — when you invoke an AI feature (e.g. summarisation, chat, link enrichment), the relevant content is sent to an AI model provider. This is done only in response to explicit user action. Content is not used to train third-party models.
  • Security — detecting and preventing fraud, abuse, and unauthorised access.
  • Communication — sending transactional emails (account confirmation, password reset, billing receipts). We do not send marketing email without your consent.
  • Improvement — analysing aggregate, anonymised usage patterns to understand which features are valuable and where the product can improve.

4. When we share your information

We do not sell your data. We share information only in the following limited circumstances:

4.1 Service providers

We work with a small set of infrastructure and service providers who process data on our behalf under strict confidentiality agreements:

  • Cloud hosting — servers that store and serve your data
  • AI model providers — processes content you explicitly send to AI features
  • Payment processor — handles billing transactions
  • Error monitoring — receives anonymised crash and error logs

4.2 Legal requirements

We may disclose information if required to do so by law or in response to a valid legal request (e.g. a court order or subpoena). We will notify you before complying where permitted by law.

4.3 Business transfers

If notx is acquired or merges with another entity, your information may be transferred as part of that transaction. You will be notified before your data is subject to a different privacy policy.

4.4 Public notes

If you explicitly publish a note using the Share feature, it becomes accessible to anyone with the link. You control this — notes are private by default and you can revoke public access at any time.

5. Data retention

We retain your account and content data for as long as your account is active. When you delete a note, it is marked as deleted and removed from your view; it is permanently purged from our systems within 30 days. When you delete your account, all associated content is permanently deleted within 30 days, except where retention is required by law (e.g. billing records, which are kept for 7 years).

6. Security

We use industry-standard security practices to protect your data, including encryption in transit (TLS) and at rest, access controls that limit which employees can access production systems, and regular security reviews. No system is perfectly secure — if you believe your account has been compromised, contact us immediately at security@zebaqui.com.

7. Your rights and choices

Depending on where you are located, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — ask us to delete your account and associated data
  • Export — export your notes and content at any time from within the app
  • Objection — object to certain types of processing
  • Portability — receive your data in a machine-readable format

To exercise any of these rights, email us at privacy@zebaqui.com. We will respond within 30 days.

8. Cookies

We use a small number of strictly necessary cookies to keep you signed in and maintain your session. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that follow you across other websites. You can disable cookies in your browser settings, but doing so will prevent you from staying signed in.

9. Children's privacy

notx is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it promptly.

10. International transfers

Our servers are located in the United States. If you are accessing the Service from outside the US, your data may be transferred to and processed in the US. We take steps to ensure that such transfers comply with applicable law, including the use of standard contractual clauses where required.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you by email or via a notice inside the app. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us: