The promise, in one paragraph.
Your notes belong to you. We store them so you can sync across your devices. We encrypt them in transit and at rest. We never sell your data, and we never train AI models on what you write. Vault notes are end-to-end encrypted — meaning even we cannot read them. If you delete your account, your data goes with it within 30 days.
"If we wouldn't put it in our own notes, we don't put it in yours."
What we collect.
We try to collect as little as possible. Here's the full list:
- Account data. Your email, a hashed password, your display name, and which subscription you're on.
- Your notes. The content you create — text, sketches, voice memos, uploaded files. Stored encrypted at rest on our servers in the EU.
- Device info. The kind of device you sync from (e.g.
iPhone 15,Chrome on macOS) so we can deliver the right build and troubleshoot bugs. - Anonymous usage events. Things like "user opened the app" or "user created a note" — never the contents of the note. We use this to decide what to build next.
What we don't collect.
- We don't read your notes. No human at NotesHQ has a button to open your content.
- We don't track you across the internet. No third-party ad pixels.
- We don't sell, rent, or share your data with advertisers. Ever.
- We don't train AI models on your notes. Your content stays your content.
AI & your notes.
When you use NoteChat or NoteQ, the relevant portions of your notes are sent — encrypted in transit — to our AI provider to generate the response. The provider is contractually bound to not retain, log, or train on your content. Responses are streamed back, shown to you, and the inference data is discarded.
If you'd rather not use AI features at all, switch them off in Settings → AI. The core app works fine without them.
Vault notes never go to AI.
By design, anything inside your vault is excluded from NoteChat context and NoteQ quizzes — it never leaves your device unencrypted.
Vault encryption.
The vault is end-to-end encrypted. Your PIN, pattern, or fingerprint derives a key that lives only on your device. We store the ciphertext; the key never reaches our servers. If you forget your PIN, we cannot recover the vault — that's the point.
Sharing with third parties.
We use a small number of carefully chosen providers to run the service. Each has signed a Data Processing Agreement under UK GDPR. The current list:
- Hetzner (Germany) — encrypted storage and compute.
- Anthropic — AI inference for NoteChat and NoteQ, with no-retention agreement.
- Stripe — payments. We never see your card details.
- Postmark — transactional email (e.g. password resets).
How long we keep things.
- Your notes: until you delete them or close your account.
- Deleted notes: recoverable for 30 days, then permanently purged.
- Closed accounts: fully purged within 30 days.
- Backups: rolling 14-day window for disaster recovery.
- Logs: 30 days, IPs hashed.
Your rights.
Under UK GDPR, you can ask us to:
- Access a copy of everything we hold about you.
- Export your notes (we also have a one-click export in
Settings → Data). - Correct any account information.
- Delete your account and everything in it.
- Object to anonymous usage analytics — opt out in
Settings → Privacy.
To exercise any of these, email privacy@noteshq.ai. We respond within 14 days, usually within one.
Cookies.
We use exactly one cookie: a session cookie to keep you logged in. No tracking pixels, no third-party advertising cookies. The website does not use Google Analytics or anything like it.
Talk to a real human.
This is the bit where most policies stop. If anything here is unclear, or you want to raise a concern with our Data Protection Officer, write to:
ZShift Ltd · Data Protection
88 Gillingham Road
Gillingham, Kent ME7 4EP
United Kingdom
privacy@noteshq.ai
If you're not happy with how we respond, you can complain to the Information Commissioner's Office.
© 2026 ZShift Ltd. This policy was last updated on May 15, 2026. We'll tell you (by email) the next time we change anything material.