Loading...
Notewen
Sign in

Privacy Policy

Last updated 2026-05-26

This Privacy Policy explains how the Notewen team ("we", "our", "the service") collects, uses and protects your information when you use our application and website.

1. Information we collect

Account data

  • Email address (used as your login and for transactional emails)
  • Password (stored as a salted hash; we never see your plain password)
  • Authentication metadata (sign-in timestamps, 2FA state, passkeys, external login linkage)

Content you create

  • Notes, tasks, knowledge items, comments, worklogs and any free-text you enter
  • People, scopes, projects and work objects you define
  • Organization membership and roles

Technical data

  • Server logs: IP address, request paths, user-agent, timestamps
  • Error reports (exception type, message, stack trace) when something goes wrong
  • Cookies necessary for authentication and your active organization

2. How we use it

  • To authenticate you and provide the service
  • To send transactional email (account confirmation, password reset, invitations)
  • To enable LLM features – content you submit to "Ask", "Generate from notes", coverage checks and insight reviews is sent to our model provider (OpenAI). It is never used to train their models per the OpenAI API data policy
  • To diagnose problems and improve reliability
  • To enforce usage limits and prevent abuse

3. Sub-processors

We share data only with the following third parties, strictly to operate the service:

  • OpenAI – to process LLM requests (prompt content + retrieved context)
  • Brevo – to send transactional email
  • Infrastructure providers – server and database hosting

4. Data retention

  • Your account data and content are kept until you delete them or close your account
  • Server and error logs are retained up to 30 days
  • Cancelled or expired invitations are kept up to 60 days

5. Your rights

You can at any time:

  • Access and export your personal data (Account → Personal data)
  • Correct or update your information
  • Delete your account and all owned data (this action is irreversible)
  • Request information about data we hold by contacting us

6. Security

We use HTTPS for all traffic, hash passwords, isolate data per organization at the database query level, and apply the principle of least privilege for sub-processor access. No system is 100% secure, but we take reasonable precautions.

7. Cookies

We use only essential cookies:

  • Authentication cookie (so you stay signed in)
  • Antiforgery token (protects form submissions)
  • Active workspace cookie (so the right organization loads)
  • Sidebar pin preference

We do not use third-party analytics, advertising or tracking cookies.

8. Children

Notewen is not intended for users under 16. We do not knowingly collect data from children.

9. Changes

We may update this policy. Material changes will be communicated via in-app notice or email. Continued use after a change indicates acceptance.

10. Contact

For privacy questions, contact info@notewen.com.