Privacy Policy

1. Introduction

NoteCrate ("we", "us", or "our") operates the website at notecrate.me and the associated browser extension. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using NoteCrate you agree to the practices described here.

2. Information We Collect

Account data

• Email address (required to create an account)
• Password (stored as a bcrypt hash — never in plain text)
• Display name and profile picture (optional, provided by you or from Google OAuth)

Content you save

• Highlighted text, images, and video clips captured via the browser extension
• The title and URL of the source page or YouTube video
• Folder names and the folder structure you create
• Chat messages sent to and received from the AI assistant

Technical data

• Authentication session tokens (managed as HTTP-only cookies by Supabase)
• Two lightweight preferences stored in your browser's local storage: your chosen theme (nc_theme) and font size (nc_font_size)

3. How We Use Your Information

• To create and manage your account and authenticate you
• To store, display, search, and export your highlights and folders
• To send transactional emails such as account confirmation and password resets
• To respond to support requests you send us

We do not sell your personal data. We do not use your content for advertising.

4. Third-Party Services

We rely on the following trusted sub-processors. Each handles your data only as needed to provide their service to us.

5. Cookies & Local Storage

We use a minimal number of browser storage mechanisms:

We do not use advertising cookies, analytics cookies, or any third-party tracking scripts.

6. Data Retention

Your data is retained for as long as your account is active. When you delete your account (available in Settings → Danger zone), all your highlights, folders, chat history, and profile data are permanently removed from our systems. We do not keep backups of deleted accounts beyond our standard database backup window.

7. Your Rights

• Access & export — You can export all your highlights at any time from within the app (Markdown, JSON, or plain text).
• Correction — You can update your name and email in Settings.
• Deletion — You can permanently delete your account and all associated data from Settings → Danger zone.
• Portability — Exported data is provided in standard, machine-readable formats (JSON, Markdown).

To exercise any right not available through the app UI, email us at the address in Section 10.

8. Security

Passwords are hashed using bcrypt and never stored in plain text. All data is transmitted over HTTPS. Database access requires a secret service-role key never exposed to the browser. Supabase provides encryption at rest for all stored data. We follow responsible disclosure practices and will notify users of any material breach as required by law.

9. Children's Privacy

NoteCrate is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top. For significant changes we will notify signed-in users via email. Continued use of NoteCrate after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have questions about this policy or your data, please email us at kmjbp.work@gmail.com.