WebNotes

Privacy Policy

Last updated: 3/15/2026

1. Information We Collect

Account information: Name, email address, and hashed password when you create an account.

Note content: The text of notes you create, element selectors, page paths, and browser metadata (user agent, viewport size).

Usage data: We log standard web server access logs (IP addresses, timestamps, pages visited).

2. How We Use Your Information

• To provide and operate the WebNotes service
• To send account verification and password reset emails
• To enforce our Terms of Service

We do not send marketing emails or newsletters.

3. Data Storage

Your data is stored in a PostgreSQL database hosted on Railway. Passwords are hashed using argon2id and are never stored in plain text.

4. Cookies

We use a single signed, HTTP-only session cookie to keep you logged in. We do not use tracking cookies or third-party analytics.

5. Third-Party Services

We use Resend to send transactional emails (verification and password reset only). Your email address is shared with Resend for this purpose. No other data is shared with third parties.

6. Data Retention & Deletion

Your data is retained as long as your account exists. When you delete your account, all associated data (projects, notes, replies) is permanently deleted via cascade deletion. There is no recovery after deletion.

7. Your Rights

You can:

• Access your data through the dashboard
• Export your project data as CSV
• Update your name and password from account settings
• Delete your account and all associated data at any time

8. Security

We use HTTPS, signed cookies, hashed passwords, and rate limiting to protect your data. While we take reasonable measures, no system is perfectly secure.

9. Changes to This Policy

We may update this policy. Continued use after changes constitutes acceptance.