1. Who we are
NoteFlow is a desktop note-taking application, a public website and a set of optional online services (NoteFlow Account, NoteFlow AI and NoteFlow Cloud) developed and operated by an independent developer based in Spain (“NoteFlow”, “we”).
For anything related to this policy or your data, contact: yago.igle@gmail.com.
The NoteFlow mobile app has its own, separate privacy policy: NoteFlow Mobile privacy policy.
2. The app by default: your data stays on your device
Out of the box, the desktop app collects no personal data at all:
- Notes, groups, settings, templates and the AI semantic index are stored locally on your device as files and a local database.
- There is no telemetry, no analytics, no crash reporting and no advertising in the app.
- Note-level encryption happens entirely on your device; encrypted notes can only be opened with your password.
- Nothing is transmitted anywhere unless you explicitly enable one of the optional features described below.
3. Optional integrations you control
These features are opt-in, and each one talks to a third party directly from your device — NoteFlow has no server in the middle:
- GitHub Sync (free). Your notes are pushed to and pulled from a private GitHub repository that you own. Your GitHub token is stored encrypted on your device and is only sent to GitHub’s API. GitHub’s privacy statement applies to the data in your repository.
- AI with your own key or local models (free). If you configure an AI provider with your own API key, your chat messages plus the relevant excerpts of your notes (retrieved locally) are sent directly from your device to that provider, under that provider’s privacy policy. With a local provider (Ollama), nothing leaves your machine.
- In all AI features: sections you mark as “Hide from AI” and encrypted notes are excluded from the semantic index and are therefore never included in anything sent to any AI provider. The semantic index itself (embeddings) is computed and stored locally.
4. NoteFlow Account
Creating an account is optional and only needed for the paid services. When you create one, we process:
- Your email address and a technical user ID (authentication via one-time email codes; no password is stored).
- Authentication tokens. The session token on your device is stored encrypted. Standard security logs of our backend (timestamps, IP addresses) are kept by our infrastructure provider.
- Your subscription status: which plan you have, its state and renewal date, plus an opaque reference from the payment provider. We use this to enable your plan’s features.
Purposes and legal bases (GDPR): providing the service you signed up for (performance of a contract, art. 6(1)(b)) and keeping the service secure and preventing abuse (legitimate interest, art. 6(1)(f)).
This data is stored with Supabase, our backend provider (see section 9).
5. Payments
Paid plans are sold through Lemon Squeezy, acting as Merchant of Record: Lemon Squeezy is the legal seller, and it handles checkout, payment processing, invoicing, taxes/VAT and refunds. We never receive your card or payment details. From Lemon Squeezy we only receive events describing your subscription status (product, state, renewal date), linked to your account.
Lemon Squeezy’s privacy policy applies to the checkout and payment process.
6. NoteFlow AI (managed AI plan)
When you use the managed AI plan, each request works like this:
- Your chat message, plus the relevant excerpts of your notes retrieved locally on your device, are sent over TLS to our AI proxy, which forwards them to OpenRouter, which routes them to the AI model provider you selected. This is exactly the same data that would travel if you used that provider with your own API key.
- We do not log or store the content of your prompts or the model’s responses on our servers. The only thing we record per request is metering data: your user ID, the model used, token counts and a timestamp — needed to enforce the monthly usage quota.
- OpenRouter and the underlying model provider process the request under their own privacy policies (OpenRouter privacy policy). Our OpenRouter configuration does not opt in to prompt logging or training programs.
- As always, “Hide from AI” sections and encrypted notes never leave your device.
- NoteFlow AI is independent from NoteFlow Cloud: using the AI plan does not upload or store your notes on our servers.
7. NoteFlow Cloud (encrypted sync)
Your notes are encrypted on your device (AES-256-GCM) before they are uploaded. You choose how much trust to place in us, through one of two modes:
- Managed mode (the default). The key that protects your notes is stored on the server wrapped by a key we hold. This lets sync work automatically with nothing for you to remember, but it means we are technically able to decrypt your note content. We access it only where strictly necessary to operate the service, never to read your notes for any other purpose.
- Private mode (optional, end-to-end encrypted). If you enable it, the key is protected by a passphrase only you know, and the server only ever stores wrapped keys it cannot open. In this mode we cannot read your notes, and for the same reason we cannot reset your passphrase: if you lose both your passphrase and your recovery code, your cloud data is permanently unrecoverable — by anyone.
- In both modes, the server stores your note contents, file paths and folder structure only as ciphertext, alongside opaque path identifiers and modification timestamps.
- The sync metadata we can see is limited to technical data: row timestamps, approximate sizes, and request logs (IP, timestamps) at our infrastructure provider.
Cloud data is stored with Supabase (see section 9).
8. Website
The website (this site) is hosted on GitHub Pages, so GitHub receives standard server logs (IP address, user agent) when you visit. The site currently uses:
- Google Analytics, to measure aggregate visits (sets cookies).
- Google Fonts served from Google’s servers (your IP is sent to Google when fonts load).
Downloads of the app are served from GitHub Releases.
9. Service providers (processors and recipients)
| Provider | Role | What it processes |
|---|---|---|
| Supabase | Backend infrastructure (authentication, database, functions) | Account email, subscription status, AI metering, encrypted cloud data, service logs |
| Lemon Squeezy | Merchant of Record (independent controller for the sale) | Payment and billing data at checkout |
| OpenRouter | AI request routing (managed AI plan only) | Prompt content in transit, model usage |
| AI model providers (via OpenRouter) | Model inference (managed AI plan only) | Prompt content in transit |
| GitHub | Website hosting, app downloads; optional GitHub Sync (your own repository) | Web server logs; your synced notes if you enable GitHub Sync |
| Website analytics and fonts (website only, not the app) | Cookies, IP, usage of the website |
We do not sell personal data, and we do not share it with anyone beyond the providers listed above.
10. International transfers
Some of the providers above process data in the United States or other countries outside the EEA. Where that happens, transfers rely on the European Commission’s Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework, as applicable to each provider.
11. Data retention
- Account data is kept while your account exists.
- AI metering records are kept while your account exists, for quota enforcement and abuse prevention.
- Cloud data (ciphertext) is kept until you delete it or delete your account. If your subscription lapses, you can still download and delete your cloud data.
- To delete your account and all associated server data, contact us at the address above and we will remove it without undue delay. (Self-serve account deletion in the app is planned.)
Everything stored locally on your device is yours to keep or delete at any time — notes are plain Markdown files.
12. Your rights
Under the GDPR you can ask us for access to, rectification or erasure of your personal data, restriction of or objection to its processing, and portability. Portability of your notes is built-in: they are plain Markdown files on your own disk, and cloud data can be downloaded from the app at any time.
To exercise any right, email yago.igle@gmail.com. You also have the right to lodge a complaint with your supervisory authority — in Spain, the Agencia Española de Protección de Datos (aepd.es).
13. Children
NoteFlow’s online services are not directed at children under 14, and we do not knowingly process their data. If you believe a child has created an account, contact us and we will delete it.
14. Changes to this policy
If this policy changes, we will update the date at the top and, for material changes affecting account holders, give notice in the app or by email.
15. Contact
yago.igle@gmail.com