Skip to content

Privacy

Privacy Policy

Last updated: June 2026

The short version

We collect your email address and encrypted vault content. We never store or read the plaintext of your notes or files. We do not sell your data to anyone. You can delete everything at any time.

What we collect

  • Email address: used to identify your account and send you check-in reminders and vault delivery notifications.
  • Name (optional): displayed to your recipients when they receive vault content.
  • Vault content: your notes and files, stored encrypted. We cannot read them.
  • Check-in settings: your check-in interval and grace period preferences.
  • IP address and basic request logs: retained briefly for security and debugging. Not used for tracking or advertising.

What we do NOT collect

  • ✗ We do not use advertising trackers or pixels
  • ✗ We do not share your data with third-party advertisers
  • ✗ We do not read the plaintext of your vault content
  • ✗ We do not build profiles for marketing purposes

Third-party services we use

  • Resend: email delivery. Your email address is shared with Resend to send you notifications.
  • Paddle: payment processing. Paddle handles billing; we do not store your card details.
  • Cloud hosting provider: our servers run on managed cloud infrastructure in the EU/US.

How long we keep your data

Your data is retained while your account is active. The table below covers each data type:

  • Vault notes and files : Until you delete them, or 30 days after vault execution, or 30 days after subscription freeze, whichever comes first.
  • Two-Person Secret file copies : When a file vault item is delivered as a Two-Person Secret, an encrypted copy is stored temporarily to allow any 2 of the recipients you selected to coordinate and download. This copy is retained for up to 90 days from vault execution, then permanently deleted. The copy is stored encrypted; Notenz cannot read its contents.
  • Account data (email, settings) : Until you delete your account, or 30 days after vault execution.
  • Execution audit record : Kept indefinitely. This is a minimal record only, containing your email address, execution date, deletion date, and item count. No vault content is included.
  • Activity log (audit events) : Retained for the lifetime of the account. Deleted with the account.
  • Billing records : Retained for up to 7 years to comply with financial regulations.

If you delete your account manually, all vault content, recipients, and personal data are permanently deleted within 30 days.

Your rights (GDPR)

If you are in the EU or UK, you have the right to access, correct, or delete your personal data. You can do most of this yourself from the dashboard. For anything else, email us.

You also have the right to data portability and to object to processing. We will respond to requests within 30 days.

Cookies

We use a single session cookie to keep you logged in. We do not use third-party cookies or tracking cookies of any kind.

Contact

Privacy questions or data requests: [email protected].