NotexoSmart Notes

Privacy Policy

Effective date: May 1, 2025 · Last updated: May 7, 2025

1. What We Collect

When you use Notexo, we may collect the following information:

  • Email address — only if you register an account. Used for authentication and email verification (OTP).
  • Username — chosen during registration. Used in your private note URLs (@username/slug).
  • Note content — the text you write in notes. Stored in our database to provide the service.
  • IP address — temporarily used for rate limiting on support and feedback forms. Not stored permanently.

2. What We Do NOT Collect

  • We do not use tracking cookies or analytics scripts.
  • We do not sell, rent, or share your data with third parties.
  • We do not serve targeted advertising or build user profiles.
  • We do not read or access password-protected note content.

3. How Data Is Stored

All data is stored in MongoDB Atlas, a managed cloud database with encryption at rest. User passwords are hashed using bcrypt with a salt factor of 10 — we never store plaintext passwords. Note passwords are also bcrypt-hashed.

4. Note Expiry & Deletion

Notes with an expiry date are permanently deleted via MongoDB's TTL (time-to-live) index. Once expired, the note document is irrecoverably removed from the database. Visiting the same URL after expiry creates a fresh, empty note.

5. Third-Party Services

Notexo uses the following third-party services:

  • NextAuth.js — authentication framework. Manages sessions via secure HTTP-only cookies.
  • Google OAuth — optional sign-in provider. We receive only your name and email from Google.
  • Resend — email delivery service. Used to send OTP verification and support notification emails.
  • MongoDB Atlas — database hosting. Data is stored in cloud infrastructure with encryption at rest.

6. Your Rights

You have the right to:

  • Request deletion of your account and all associated data.
  • Export your note content at any time (copy or PDF export).
  • Change your password or remove password protection from notes.

To request account deletion, visit the Support page and submit a request.

7. Contact

If you have questions about this privacy policy, please reach out via the Support page.