NoteTube Logo

NoteTube

NoteTube Privacy Policy

Effective Date: June 11, 2025
Owner / Data Controller: NoteTube (Educational Web App)
Contact: contact@notetube.ai (for any privacy questions or requests)

1. Introduction

Welcome to NoteTube! This Privacy Policy explains what personal data we collect, how we use and share it, and your rights regarding this data. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other applicable laws.

We encourage you to read this policy carefully to understand our practices. By using NoteTube, you agree to the collection and use of information as described in this Privacy Policy.

2. Who We Are and Data Controller Details

NoteTube is an educational web application. For the purposes of data protection laws, NoteTube (referred to as "we" or "us") is the "data controller" of your personal information. This means we determine how and why personal data is processed.

If you have any questions or concerns about your personal data, you can reach out to us at contact@notetube.ai. (If we appoint a Data Protection Officer or EU representative in the future, we will include their contact details here.)

3. Information We Collect

We collect personal information from you when you use NoteTube. This includes:

Account Information

When you create an account, we collect your name and email address. If you register using a third-party social login (e.g., Google, Facebook), we receive your basic profile information from that provider (such as name and email). You also create a password (handled via our authentication provider; we do not store plain passwords).

User Content

Any content you create or upload to NoteTube (for example, educational content, notes, or other materials) is stored so that you can access and use it. This may include text, images, or other media that you input into the app.

Payment Information

If you make purchases or subscribe to paid features, payments are processed by our third-party payment processor (Stripe). We do not see or store your full credit card details. Stripe may collect your payment card information and billing details on our behalf. We retain basic transaction records (such as the amount and date) for accounting and legal purposes.

Technical and Usage Data

When you use NoteTube, our systems and analytics tools automatically collect certain data about your device and how you interact with our site. This includes:

  • Your Internet Protocol (IP) address
  • Browser type
  • Device information
  • Unique identifiers
  • Cookies
  • Usage data such as pages viewed, actions taken, and error logs

This information helps us troubleshoot issues, secure the service, and understand usage trends.

Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to provide and improve our services. Cookies are small text files stored on your device. Some cookies are essential for the site to function (for example, to keep you logged in), while others are used for analytics or remembering your preferences.

Cookie Consent Management: When you first visit NoteTube, you will see a cookie consent banner that allows you to choose which types of cookies to accept. We only load non-essential cookies (like analytics) after you provide explicit consent. You can change your preferences at any time using the "Cookie Settings" link in our footer.

Consent Logging: We maintain records of your consent decisions for compliance purposes. This includes what you consented to, when you gave consent, and your consent version. This information is stored securely and helps us demonstrate compliance with privacy regulations.

We collect most of this information directly from you (for example, information you provide when signing up or inputting content). Some technical data is collected automatically through cookies or third-party tools when you navigate our site, but only after you've provided appropriate consent.

4. How We Use Your Data and Legal Bases for Processing

We process your personal data only for specific purposes and where we have a legal basis to do so under GDPR. This section explains why we collect each category of data and the legal basis that allows us to process it:

Provide and Maintain Our Services

We use account data (name, email, login credentials) and user content to:

  • Create your account and authenticate you
  • Enable you to create, save, and retrieve your educational content
  • Provide customer support
  • Ensure the app functions as intended

Legal basis: Contractual necessity (GDPR Article 6(1)(b)) – this processing is necessary to perform our agreement with you. In some cases, legitimate interests (GDPR Article 6(1)(f)) may also apply to maintain the security and integrity of our platform for all users.

Process Payments

If you make a purchase, we use your account info and pass payment details to Stripe to process transactions and subscriptions, and to keep records of payments.

Legal basis: Contractual necessity (to process transactions you request) and legal obligation (GDPR Article 6(1)(c)) – we may be required by law to retain certain transaction records (e.g., for financial reporting and tax purposes).

Communicate with You

We may use your email to send:

  • Service-related communications (e.g., account confirmations, password resets, important updates)
  • Optional newsletters or marketing (if any) - only with your consent (GDPR Article 6(1)(a)), and you can opt out at any time

Service communications are sent under legitimate interests or contractual necessity, as they are important for using the service.

Analytics and Improvement

We use technical and usage data (via tools like Google Analytics and Microsoft Clarity) to:

  • Understand how users interact with NoteTube
  • Determine which features are popular
  • Improve the user experience
  • Analyze errors or crashes to improve stability

Legal basis: In regions requiring consent for analytics cookies, we rely on your consent for this processing. Where allowed, we may alternatively rely on legitimate interests to gain insights into service usage (but will do so in a privacy-friendly manner, e.g., using aggregated data). You have the right to withdraw consent or opt out of analytics as described below.

Security and Fraud Prevention

We process IP addresses, device info, and usage patterns to:

  • Detect and prevent fraud, abuse, and security incidents
  • Protect user accounts and prevent unauthorized access
  • Maintain network protections

Legal basis: Legitimate interests – it is in our interest and our users' interest to keep our service secure. In some cases, we may also rely on legal obligation if required to disclose information for law enforcement or regulatory compliance.

Compliance with Legal Requirements

If we are required by law to process or disclose data (for example, to comply with a subpoena, court order, or tax law), we will do so.

Legal basis: Legal obligation – GDPR Article 6(1)(c). We only disclose what is necessary and will inform you where permitted by law.

We will not use your personal data for new purposes that are incompatible with these original purposes without informing you and obtaining necessary consent.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to recognize you and your device, remember your preferences, and analyze site traffic. When you first visit NoteTube (and periodically thereafter), you will be presented with a cookie notice or banner to inform you of our use of cookies. In certain jurisdictions, we will request your consent for non-essential cookies (like analytics cookies) before we load them.

Categories of Cookies We Use

Necessary Cookies

These cookies are essential for the operation of our website and platform. For example, they enable you to stay logged in and load basic site features. Without these cookies, the service may not function properly. These do not require consent.

Analytics and Performance Cookies

These cookies collect information about how visitors use our site, which pages are visited, and any errors encountered. We use this data to improve how our website works and understand user interests. For instance:

  • Google Analytics: Gather aggregate usage statistics (with IP anonymization enabled)
  • Microsoft Clarity: Gain insights into user interactions (such as clicks and page scrolls)

We do not use analytics cookies until you have given consent (if you are in a region where that is required). You can withdraw consent at any time by adjusting your cookie settings.

Functionality Cookies

If in use, these cookies allow us to remember choices you make (like your preferred language or other settings) to provide a more personalized experience. They may be first-party or set by third-party tools that provide certain features on our site.

Advertising/Marketing Cookies

Currently, NoteTube does not display third-party ads. In the future, if we partner with advertising or use marketing cookies, we will update this policy and obtain any necessary consent. We do not allow third-party targeted advertising cookies on users known to be under 13.

Your Choices

You have multiple ways to control cookie usage on NoteTube:

Through Our Consent Banner:

  • When you first visit, choose your preferences through our consent banner
  • Click "Cookie Settings" in the footer to change your preferences at any time
  • Use "Reject All" to opt out of all non-essential cookies
  • Use "Accept All" to consent to all cookie categories
  • Use "Customize" for granular control over each cookie type

Through Browser Settings: Most browsers allow you to:

  • Refuse new cookies
  • Delete existing cookies
  • Notify you when new cookies are set

Automatic Privacy Protections:

  • If you have "Do Not Track" (DNT) enabled, we automatically respect this and block analytics
  • Global Privacy Control (GPC) signals are honored for California residents
  • Minor accounts receive enhanced privacy protections automatically

Note: Blocking necessary cookies may affect NoteTube's functionality. You can withdraw consent at any time, and we will immediately stop using analytics cookies and remove them from your device.

"Do Not Track" and Privacy Signals

NoteTube automatically respects privacy signals from your browser:

Do Not Track (DNT): If your browser sends a "Do Not Track" signal, we automatically disable all analytics and marketing cookies, regardless of any other consent settings. You'll see a "DNT Enabled" badge in our consent banner when this is active.

Global Privacy Control (GPC): We honor GPC signals as a valid request to opt out of the "sale" or "sharing" of personal information under California law. When we detect GPC, we treat it the same as DNT and automatically disable tracking.

Implementation: These privacy signals are checked before loading any analytics scripts, ensuring your privacy preferences are respected from the moment you visit our site.

6. How We Share Your Information

We do not sell your personal information to third parties. We only share information in the following circumstances:

Service Providers

We use trusted third-party service providers to help us operate NoteTube. These providers only process data as necessary to provide their services and are bound by contracts to protect your information (including Data Processing Agreements as required by GDPR). The key partners we use are:

Supabase

We use Supabase (EU-hosted) as our backend database and authentication service. Your account data and content are stored on Supabase servers. Supabase acts as our data processor, storing and managing data on our instructions. They implement security measures such as encryption at rest and in transit, and we have configured our Supabase instance to be in a European data center to keep data within the EU.

Stripe

We use Stripe for payment processing (payouts from Stripe go to our company's Canadian bank account). When you make a payment, your payment information (like credit card number, billing name, and address) is transmitted directly to Stripe. Stripe uses this data to process your transaction and will store some of your data (e.g., last four digits of card, expiration, billing zip, and transaction ID) for recordkeeping. We share only the necessary information with Stripe and do not store your full payment details on our systems. Stripe is a PCI-DSS-compliant payment provider and is certified to handle financial data securely. (See Stripe's privacy policy for more details on their data practices.)

Analytics Providers

We use Google Analytics (by Google) to gather website usage statistics and Microsoft Clarity (by Microsoft) for session recording and heatmaps. Important: These analytics tools are only loaded and activated after you provide explicit consent through our cookie banner.

Google Analytics Configuration: We have configured Google Analytics with privacy-friendly settings including:

  • IP address anonymization enabled
  • Advertising features disabled (no Google Signals)
  • Data retention set to 14 months maximum
  • No personal data collection in events
  • Secure cookie settings (SameSite=Strict;Secure)

Microsoft Clarity Configuration: Clarity is configured to mask sensitive user inputs and respect privacy settings.

Consent Respect: If you have "Do Not Track" (DNT) enabled in your browser or use Global Privacy Control (GPC), our system automatically respects these signals and will not load analytics tools, even if you haven't explicitly opted out.

Minor Protections: For users identified as under 18, analytics tracking is automatically disabled regardless of consent status, providing enhanced privacy protection for minors.

The data collected may be transmitted to and stored on servers outside your country (e.g., the United States). We contract with these providers under standard data protection clauses (see International Data Transfers below) to safeguard your information.

Social Login Providers

If you choose to sign in via a social media or third-party account (such as Google Sign-In, Facebook Login, etc.), we receive personal data from that provider (like your name and email). These third-party sign-in services are separate controllers of your data; any information they collect (such as when you log into their platform) is governed by their own privacy policies. We only use the data they share with us to create or log you into your NoteTube account.

Other Contractors and Tools

We may use other tools from time to time to support our website (for example, an email service to send newsletters or support ticketing system). We will update this policy to reflect any significant new data processors. All third parties that handle personal data on our behalf will be required to have appropriate security and privacy practices.

Legal Compliance and Protection

We may disclose information to governmental authorities or law enforcement if required by law, or if we believe in good faith that such disclosure is necessary to:

  • (a) comply with a legal obligation (such as a court order or subpoena)
  • (b) protect our rights or property
  • (c) prevent fraud or abuse of NoteTube or our users
  • (d) protect the personal safety of users or the public

In such cases, we will only disclose the minimum necessary information and, when permitted, we will inform you of the request.

Business Transfers

If NoteTube is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information may be transferred to a successor or affiliate as part of that transaction. In such an event, your information will remain subject to the promises made in this Privacy Policy (unless you agree otherwise). We will notify you of any change in ownership or use of your personal data as required by law.

With Your Consent

In cases where you have explicitly consented to us sharing your information with a third party (for example, if you opt in to a co-promotional event or a research study), we will share it as instructed by you. You have the right to withdraw your consent at any time.

No Selling of Personal Data

We do not sell your personal information to third parties for monetary or other valuable consideration. We also do not "share" your personal information for cross-context behavioral advertising as defined under California law. If this ever changes, we will update our practices to provide the required opt-out mechanisms.

7. Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This section explains how long we generally retain different types of data:

Account Information

We retain your account data (such as name, email, and account settings) for as long as your account is active. If you choose to delete your account or if it becomes inactive, we will initiate deletion of this personal information. We may retain a hashed version of your email (a one-way scrambled form) after deletion for purposes of honoring opt-out requests and ensuring we do not inadvertently recreate your account.

User Content

Content you provide or create in NoteTube is retained while your account is active so that you can access it. If you delete specific content or your account, we will delete that content from our live database. However, please note that content you share with others (if such functionality exists) or make public may remain visible to those users even after removal from your account (they won't be able to see it if it's completely deleted from our systems, but any exported or cached copies are outside our control).

Payment and Transaction Records

We retain payment transaction records and related personal data (e.g., billing info, transaction history) for at least the period required by financial and tax regulations. For example, in some jurisdictions, we must keep records for a specified number of years for tax auditing. We store only the minimum necessary data and secure it.

Logs and Technical Data

Our system logs (which may include IP addresses and device information) are retained for a short period for troubleshooting and security analysis. Typically, raw logs are kept for a limited time (e.g., 30 days) before being deleted or anonymized. Aggregated analytics data (which does not directly identify you) may be retained longer for historical analysis.

Consent Records

We maintain records of your cookie consent decisions for compliance and audit purposes. These records include:

  • What you consented to and when
  • Your consent preferences for each cookie category
  • The version of our consent system you interacted with
  • A hashed version of your IP address (for verification, not identification)

Consent records are retained for up to 3 years to demonstrate regulatory compliance, after which they are securely deleted. You can request a copy of your consent history at any time.

Backup Copies

Like most services, we perform routine backups of our database to ensure resilience in case of system failures. These backups are encrypted and stored securely. They are typically retained for a specified period (e.g., 30-90 days) and then automatically overwritten or deleted. If you delete your account or data, it may persist in our encrypted backups until those backups cycle out; during that period it will not be used for any active purpose and will only be restored if needed for disaster recovery.

Legal Holds and Disputes

In certain cases, we may need to retain data for longer than our standard periods due to legal requirements or disputes. For instance, if we receive a legal preservation request or if data is needed as evidence, we will retain that data until the issue is resolved. Similarly, if you have an open dispute or request regarding your data, we will retain the relevant information until the issue is closed.

After the applicable retention period has elapsed, we will securely delete or anonymize your personal data. When we anonymize data, we remove or alter identifying information so that the data can no longer be linked to an individual.

Retention Summary

In short, we aim to retain your data only for as long as necessary for the purposes described. We evaluate our retention periods regularly to ensure we are not keeping data longer than needed. If you have specific questions about our data retention policies for any particular type of data, feel free to contact us.

8. International Data Transfers

NoteTube is committed to handling your personal data in compliance with applicable data transfer laws. We primarily store and process personal data in the European Union (EU). In fact, our main databases (via Supabase) are hosted in EU data centers to help keep your data within Europe. However, some of our service providers and partners are located in countries outside the EU (for example, the United States and Canada). This means your personal information may be transferred to or accessed from those countries, which may have different data protection laws than your home jurisdiction.

Transfers out of the European Economic Area (EEA)

Whenever we transfer personal data out of the EEA (or UK or Switzerland, as applicable), we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

Standard Contractual Clauses

We use the European Commission's approved Standard Contractual Clauses (SCCs) as a legal mechanism for data transfer when engaging providers outside the EEA. These are contractual commitments that require the recipient to protect personal data according to EU privacy standards. For example, our contracts with U.S.-based providers like Google (Analytics) and Microsoft (Clarity) include SCCs to protect any European personal data they handle.

Adequacy Decisions

Where applicable, we may rely on an "adequacy decision" by the European Commission, which means the destination country is recognized as providing an adequate level of data protection. For example, personal data sent to Canada may be protected under Canada's privacy laws which the EU has deemed adequate for commercial organizations. (Our Stripe payments to a Canadian bank involve financial info handled under Stripe's Canadian entity, which is subject to Canada's PIPEDA privacy law.)

Other Safeguards

In some cases, we might use other permitted data transfer mechanisms, such as binding corporate rules or explicit consent from the individual, if appropriate. We will always ensure any transfer of your data complies with GDPR Chapter V requirements.

Our Approach

Regardless of where your data is processed, we apply the same privacy protections described in this policy. We also carefully vet our partners' security and privacy practices. If a third-country government or authority requests access to personal data, we will push back unless they have a lawful basis, and we will inform affected users where possible.

If you would like more information about international data transfers or a copy of the specific safeguards in place (such as a copy of the SCCs), you can contact us at our email address.

9. Children's Privacy

Protecting children's privacy is especially important to us. NoteTube is available to users of all ages, but if you are under the age of 13, you must have your parent or legal guardian's permission to use our service. We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and the GDPR's provisions on children's data (sometimes called "GDPR-K") to the extent they apply.

Parental Consent

We do not knowingly collect personal information from children under 13 without verifiable parental consent. When a user indicates they are under 13 (or if we learn a user is under 13), we will require a parent or guardian to provide consent before the account can be fully used. The parental consent process may involve the parent providing their own contact information and an affirmative confirmation (for example, through an email verification or consent form). If we do not receive parental consent within a reasonable time, the child's account will remain inactive and any information collected from the child will be deleted.

Age Limits and Regional Requirements

The age threshold for parental consent may be higher in certain jurisdictions. For example, under the GDPR, in many EU countries children under 16 may require parental consent to use online services (though some countries set this age at 13 or 14). Our policy is to obtain parental consent for users under 13 worldwide (aligning with COPPA), and for users between 13 and 16 we advise that they seek a parent/guardian's guidance if required by local law. If you are a parent or guardian and believe your child under the relevant age has created an account without your consent, please contact us and we will take appropriate action (see Contact Us below).

Information Collected from Children

For users identified as children, we try to minimize the data collected. Typically, we would only collect what's necessary to create an account and use the educational features (such as a username, password, and any content the child creates). We do not condition a child's participation on disclosing more personal data than is reasonably necessary for the service. We also do not serve targeted advertising to any known minor user, and we do not sell the personal data of minors.

Parental Rights

If your child is using NoteTube with your consent, as a parent or legal guardian, you have the right to:

  • Review the personal information we have collected from your child
  • Request that we update or delete it
  • Withdraw your consent at any time

To exercise these rights, please contact us at our privacy email with the subject "Children's Data Request" and we will verify your identity and handle your request promptly. If you revoke consent or request deletion, we will delete the child's account and personal data (except as needed to comply with legal obligations or to ensure the child does not re-register without consent).

We take special care to protect children's personal data through reasonable security measures appropriate to the sensitivity of the data. Our team is trained on COPPA and GDPR-K requirements to ensure compliance.

10. Your Privacy Rights

You have rights regarding your personal information, and NoteTube is committed to honoring them. This section describes the rights you have under various privacy laws and how you can exercise them:

For Individuals in the European Union (GDPR) and Similar Jurisdictions

Right to Access

You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. This is sometimes called a "Data Subject Access Request."

Right to Rectification

If any of your information is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also update certain information (like your profile details) directly in your account settings.

Right to Erasure

You have the right to request deletion of your personal data ("right to be forgotten"). We will honor such requests to the extent required by law. Note that this right is not absolute – for example, we might need to retain certain data for legal obligations (see Data Retention above). But we will delete what we can and let you know if any exception applies.

Right to Restrict Processing

You can ask us to limit or "pause" the processing of your data in certain circumstances – for instance, if you contest the accuracy of the data or object to our processing. While restricted, we will store your data securely and not use it (except as allowed by you or for legal reasons).

Right to Data Portability

You have the right to obtain your personal data in a structured, commonly used, machine-readable format, and you can ask us to transfer that data to another service where technically feasible. Practically, this means you can request an export of your data from NoteTube (which we provide via email request) and reuse it elsewhere.

Right to Object

You may object to certain processing of your data, particularly processing based on our legitimate interests or for direct marketing purposes. If you object to direct marketing (e.g., emails), we will stop sending you marketing messages. If you object to other processing, we will evaluate your request and stop processing unless we have compelling legitimate grounds to continue or as otherwise permitted by law.

Right Not to Be Subject to Automated Decisions

NoteTube does not make any legal or similarly significant decisions about you based solely on automated processing (no profiling or automated decision-making without human involvement). If that changes, you will have the right to contest such decisions or request human review.

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), California residents have the following rights (some rights apply only if your personal information is covered by the law and subject to certain exceptions):

Right to Know

You can request that we disclose what personal information we have collected about you in the past 12 months, the categories of sources, the business or commercial purpose for collecting it, the categories of third parties with whom we share it, and the specific pieces of information we have about you. Much of this information is provided in this Privacy Policy. Upon verifiable request, we will provide our records of your information in a portable format.

Right to Delete

You can request that we delete personal information we have collected from you. Similar to the GDPR right to erasure, we will delete your data from our records (and direct our service providers to do the same) except for situations where retention is required or permitted by law (for example, if needed to complete a transaction, detect security incidents, comply with legal obligations, etc.).

Right to Correct

You have the right to request correction of inaccurate personal information we hold about you.

Right to Opt-Out of Sale or Sharing

As noted above, we do not sell personal information. If we ever engaged in "sharing" for cross-context behavioral advertising, you would have the right to opt-out. We honor any "Do Not Sell or Share My Personal Information" requests. This can be exercised by contacting us or using a dedicated link or browser signal. Specifically, if we detect a valid Global Privacy Control (GPC) signal from your browser, we will treat it as an opt-out of sale/sharing for that browser or device, as required by California law.

Right to Limit Use of Sensitive Personal Information

We do not collect or use "sensitive personal information" as defined by CPRA for any purpose that would trigger this right (e.g., we don't use precise geolocation, Social Security numbers, or similar sensitive data for inferring characteristics). If that ever changes, California users would have the right to limit certain uses of sensitive data.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you our services, charge you a different price, or provide a different level of quality because you exercised your privacy rights. (However, please note that if you request deletion of data that is necessary to provide the service, we may not be able to continue providing that service to you – for example, if you ask us to delete your account credentials, we cannot provide access to the account.)

Exercising Your Rights (All Users)

To make any request regarding your personal data, please contact us at contact@notetube.ai. Include your name, the email associated with your account, and clearly describe your request (e.g., "I want to access my data" or "Please delete my account").

For certain requests, we may need additional information to verify your identity before acting (this is to protect your privacy by ensuring someone else isn't impersonating you). We will respond to your request as soon as possible and no later than any timeframes required by law. If we need an extension or cannot fulfill your request (due to a legal exception), we will inform you and provide an explanation.

We also offer a data export by email upon request – this means we will compile your personal data (account info, content, etc.) and send it to you in a common format. Similarly, if you delete your account through the app or via request, we will remove your personal data from active systems and confirm once completed.

If you have any issues with how we handle your request or believe your rights are not being respected, please let us know. For EU residents, you also have the right to lodge a complaint with your local Data Protection Supervisory Authority. For example, if you are in France, you can contact the CNIL; if in Germany, your state's DPA; if in the UK, the ICO, etc. We would appreciate the chance to address your concerns first, so we encourage you to contact us directly.

11. Data Security

We take the security of your personal information seriously. NoteTube implements a variety of technical and organizational measures to protect your data from unauthorized access, loss, misuse, or alteration. These measures include:

Encryption

Data is encrypted in transit (HTTPS secure connection between your browser and our servers) and at rest in our databases. This means your data and passwords are transmitted and stored securely.

Access Controls

Access to personal data is restricted to authorized personnel who need it to operate or improve the service. Our authentication system (Supabase Auth) provides secure methods for login and session management, including options for multi-factor authentication. We also use role-based access control to limit what data different users or administrators can see.

Secure Development Practices

We follow industry best practices in coding and testing to prevent common security issues. This includes:

  • Regular updates and patches to our software and dependencies
  • Code reviews
  • Security testing

Logging and Monitoring

We maintain logs of key activities (like logins, important account actions) and monitor for suspicious activities or anomalies. These logs help us detect and respond to potential security incidents.

Third-Party Security

We choose reputable third-party providers (like Supabase, Stripe, Google, Microsoft) that have strong security practices and certifications. We also ensure that any staff or contractors who might have access to data are subject to confidentiality obligations and training.

Data Minimization

We collect only the data we need. By limiting what we store, we reduce the risk exposure. For instance, we avoid storing highly sensitive personal information if it's not necessary for our service.

Incident Response

In the unlikely event of a data breach or security incident affecting your personal data, we have a process in place to respond promptly. This includes notifying affected users and authorities as required by law, and taking steps to mitigate any harm.

Important Note: No system is 100% secure, but we continuously work to protect your information. We also encourage you to help keep your data safe: use a strong, unique password for your NoteTube account, do not share your login credentials, and notify us immediately if you suspect any unauthorized access to your account.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Effective Date" at the top of this policy. If changes are significant, we will provide a more prominent notice (such as by emailing you at the email address on file or by placing a notice on our website).

Your continued use of NoteTube after the updated Privacy Policy becomes effective indicates that you have read and understood the changes. We encourage you to review this Policy periodically for the latest information on our privacy practices.

If we make a material change that affects how we handle children's personal data, we will obtain parental consent as required by law.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

Email: contact@notetube.ai

We will respond to your inquiries as quickly as possible, generally within a few business days. For requests to exercise your rights, please see the Your Rights section above for information on what to include.

Thank you for trusting NoteTube with your learning journey. Your privacy is important to us, and we are committed to safeguarding it.

For questions about this privacy policy, please contact us at contact@notetube.ai