Privacy Policy

Last updated: March 2026

1. Introduction

  • Notopia ("we", "our", "us") operates notopia.co and the Notopia mobile application.
  • This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

2. Information We Collect

  • Account Information: email address, display name, avatar, bio, location
  • Content: notes, tasks, folders, tags, templates you create
  • Usage Data: feature usage, AI interactions, session duration, device info
  • AI Data: text sent to AI features for processing (not stored beyond response generation)
  • Analytics: anonymous usage statistics, crash reports

3. How We Use Your Information

  • Provide and maintain the service
  • Process AI requests (text sent to OpenAI API for processing)
  • Improve user experience and features
  • Send notifications you opted into (reminders, streak alerts)
  • Analyze usage patterns (anonymized)
  • Prevent abuse and enforce terms

4. Data Storage & Security

  • Data stored on Supabase servers (EU Frankfurt region)
  • Encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Row Level Security (RLS) ensures users only access their own data
  • Passwords hashed with bcrypt
  • We do not sell your data to third parties

5. AI Data Processing

  • Text sent to AI features is processed by OpenAI's API
  • We do not store AI conversation content beyond your chat history
  • AI chat history can be deleted anytime from Settings
  • Embedding vectors are stored for semantic search (Pro feature)
  • You can opt out of AI features entirely

6. Third-Party Services

  • Supabase (database, auth, storage) — EU servers
  • OpenAI (AI processing) — data processing agreement in place
  • Vercel (web hosting)
  • Expo (mobile app distribution)
  • Apple (TestFlight, App Store distribution)

7. Your Rights

  • Access: view all your data from Profile
  • Export: download all data (JSON/Markdown) from Settings
  • Delete: delete all notes or entire account from Settings
  • Correction: edit your profile information anytime
  • Portability: export data in standard formats

8. Cookies

  • Essential cookies for authentication (session token)
  • localStorage for preferences (theme, language)
  • No advertising or tracking cookies
  • No third-party analytics cookies

9. Children's Privacy

  • Notopia is not intended for children under 13
  • We do not knowingly collect data from children under 13
  • If discovered, such data will be promptly deleted

10. Data Retention

  • Active account: data retained while account exists
  • Deleted notes: permanently removed after 30 days in trash
  • Deleted account: all data permanently removed within 30 days
  • AI chat history: removed immediately when cleared

11. Changes to This Policy

  • We may update this policy periodically
  • Users notified via email for significant changes
  • Continued use constitutes acceptance

12. Contact

  • Email: privacy@notopia.co
For questions: privacy@notopia.co