Contents
The short version: We collect only what is necessary to run Noteshik. We never sell your data. We never read your notes. Your data is stored on servers we control in Germany. You can delete your account and all data at any time.
1. Who We Are
Noteshik is a note-taking application developed and operated by Traffic2uMarketing. Our backend API and data storage is hosted at noteshik.9gg.app on dedicated servers in Germany.
For all privacy-related inquiries, data access requests, or concerns, please contact our privacy team at support@9gg.app (use the contact form).
When this policy refers to "Noteshik", "we", "us", or "our", it means Traffic2uMarketing as the data controller for your personal data.
2. Data We Collect
We collect the minimum data necessary to provide a reliable, synchronized note-taking service. Here is a complete list:
Account Data
- Email address — used for account identification, login, email verification, and critical security notifications. We do not use your email for marketing without explicit opt-in.
- Password (hashed) — your password is hashed using bcrypt (cost factor 12) before storage. We never store or transmit your plaintext password, and we cannot recover it.
- Account creation date and last login date — used for security and account lifecycle management.
- Email verification status — whether your email has been confirmed.
Note Content
- Note titles and body text — the full content of your notes, stored in our database to enable sync across devices.
- Note metadata — created/updated timestamps, pin status, archive status, deletion status.
- Folder names and structure — the organizational hierarchy you create.
- Tags — tag names you apply to notes.
- Image attachments — photos embedded in notes are stored as part of the note record in our database.
- Drawings — freehand sketches created within notes are stored as drawing data.
Voice Transcription
- Audio recordings — when you use the voice-to-text feature, your device records audio and sends it to our server over HTTPS. We immediately forward it to Groq's Whisper API for transcription. We do not store audio files at any point. The audio is used only for the duration of the transcription request and is then discarded.
- Transcription text — the resulting text is saved to your note as note content.
Device & Sync Data
- Device ID — a randomly generated identifier assigned to each device you use to access Noteshik. Used for sync conflict resolution and device management. Not linked to your hardware identifiers.
- Sync timestamps — the last time each device successfully synced, used to determine which changes need to be pushed/pulled.
Security & Server Logs
- Authentication logs — login attempts (success/failure), registration events, and token refresh events are logged with IP address and timestamp for security monitoring and abuse prevention.
- API request logs — our server software (Node.js/Express + nginx) may log request metadata (endpoint, HTTP status code, timestamp). We do not log request bodies or note content in server logs.
- Contact form submissions — if you submit a message through our contact form, we log your name, email, category, and message content.
What We Do NOT Collect
- We do not collect GPS location data.
- We do not collect device hardware identifiers (IMEI, advertising ID, etc.).
- We do not collect contacts, calendar, photos outside of what you explicitly attach to notes.
- We do not collect browsing history or behavior outside the Noteshik app.
- We do not use analytics SDKs or crash reporting services that send data to third parties.
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing the service — storing and syncing your notes | Note content, account data, device IDs |
| Authentication — verifying your identity on login | Email, hashed password, JWT tokens |
| Email verification — confirming account ownership | Email address, verification tokens |
| Voice transcription — converting speech to text | Audio (in transit only, not stored) |
| Security monitoring — detecting and preventing abuse | IP address, auth event logs |
| Security notifications — alerting you to suspicious activity | Email address |
| Customer support — responding to your inquiries | Email, contact form data |
| Service improvements — fixing bugs and improving features | Anonymized error logs and aggregate usage patterns (no note content) |
We do not use your note content for advertising, AI model training, behavioral profiling, or any purpose other than serving it back to you.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as required by GDPR Article 6:
| Processing Activity | Legal Basis |
|---|---|
| Storing and syncing your notes | Contract performance (Art. 6(1)(b)) — necessary to deliver the service you signed up for |
| Authentication and account management | Contract performance (Art. 6(1)(b)) |
| Sending email verification and security alerts | Contract performance (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)) — keeping your account secure |
| Security monitoring and abuse prevention | Legitimate interests (Art. 6(1)(f)) — protecting users and systems from harm |
| Processing voice transcription audio | Contract performance (Art. 6(1)(b)) — you explicitly initiate each transcription |
| Customer support correspondence | Legitimate interests (Art. 6(1)(f)) — responding to your requests |
| Marketing communications (if any, opt-in only) | Consent (Art. 6(1)(a)) — we will always ask for explicit permission |
You have the right to withdraw consent at any time (where consent is the basis), or to object to processing based on legitimate interests. See Section 9 for how to exercise your rights.
5. Third-Party Services
We use a small number of third-party services to operate Noteshik. We do not use any advertising networks, analytics platforms, or social SDKs.
Groq (Voice Transcription)
When you record audio for transcription, the audio file is transmitted to Groq's API (api.groq.com) over HTTPS using the whisper-large-v3 model. Groq processes the audio to produce a text transcript, which is returned to our server and saved as your note text. Audio data is not retained by Groq after processing per their API terms. Groq is bound by standard contractual clauses for data protection. Review Groq's Privacy Policy for details.
Contabo GmbH (Server Infrastructure)
Our application servers and PostgreSQL database are hosted on dedicated VPS infrastructure provided by Contabo GmbH, located in Frankfurt, Germany. Contabo operates under EU data protection law. Your data never leaves EU infrastructure during normal operations. Review Contabo's Privacy Policy for details.
Let's Encrypt (SSL Certificates)
SSL/TLS certificates are issued by Let's Encrypt (Internet Security Research Group). Certificate issuance involves your domain name only — no personal data. Review Let's Encrypt's Privacy Policy.
Google Play (Billing)
If you purchase a Noteshik subscription through the Google Play Store, payment processing is handled entirely by Google. We receive only a subscription status confirmation — we do not receive your payment card details. Review Google's Privacy Policy for billing data handling.
We do not integrate: Facebook SDK, Google Analytics, Firebase Analytics, Crashlytics, Mixpanel, Segment, Amplitude, Sentry, or any other third-party analytics or crash reporting service that would access your note data.
6. Data Storage & Retention
Where Your Data Is Stored
All user data (notes, account information, device records) is stored in a PostgreSQL database on a dedicated VPS server located in Frankfurt, Germany, operated by Contabo GmbH. The database is not accessible from the public internet. Backups are encrypted and also stored within Germany.
On-Device Storage
The Noteshik app stores a local copy of your notes in SQLite on your device. This enables offline access. This on-device data is protected by your device's own security and encryption features. Deleting the app will remove local data from your device, but your data remains on our servers until you delete your account.
Data Retention Schedule
| Data Type | Retention Period |
|---|---|
| Active account data (notes, folders, tags) | Retained for the lifetime of your account |
| Deleted notes (soft-deleted) | Immediately soft-deleted; permanently purged from database and backups within 30 days |
| Account data after account deletion | Deleted immediately on self-service request; any residual backups purged within 30 days |
| Authentication / security logs | 30 days rolling window |
| Voice audio (transcription) | Not stored — discarded immediately after transcription |
| Contact form submissions | 12 months (for support resolution tracking) |
| Billing records (Google Play) | Handled by Google; we retain only subscription status (active/inactive) |
You can request early deletion of any of your data at any time by contacting support@9gg.app (use the contact form).
7. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We do not share your note content with any third party except where strictly required to deliver the service (Groq for audio transcription). We may disclose personal data only in the following limited circumstances:
- Legal compliance: If required to comply with a valid legal obligation, court order, or governmental request. We will notify you before disclosure if legally permitted.
- Protection of rights: To protect the safety of our users, prevent fraud, or defend against legal claims, where disclosure is proportionate and necessary.
- Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users in advance and give you the option to delete your account before any transfer occurs.
We will never share your data with advertisers, data brokers, or anyone who would use it for purposes other than operating Noteshik.
8. Cookies & Local Storage
The Noteshik mobile app does not use browser cookies. It uses the following on-device storage mechanisms:
- SQLite (WatermelonDB): Stores your notes and app data locally for offline access. This data stays on your device and is synced with our server when you are online.
- AsyncStorage: Stores your authentication token and last sync timestamp locally. The authentication token is used to authenticate API requests.
If you access any Noteshik web pages (such as this privacy policy) through a browser, our web server does not set any tracking cookies. We only use session-based CSRF protection tokens for form submissions, which are not used for tracking.
9. Your Privacy Rights
Regardless of where you live, we honor the following rights for all Noteshik users. If you are in the EEA/UK, these rights are guaranteed by the GDPR.
To exercise any of these rights, email support@9gg.app (use the contact form) with the subject line matching your request (e.g., "Data Access Request" or "Account Deletion Request"). We will respond within 30 days. We may ask you to verify your identity before processing sensitive requests.
10. California Residents — CCPA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:
- Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources of that data, the purposes for collection, and any third parties it was shared with.
- Right to Delete: You can request deletion of personal information we have collected, subject to certain exceptions (e.g., data we are legally required to retain).
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out action is required.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights — you will receive the same service quality regardless.
To submit a CCPA request, email support@9gg.app (use the contact form) with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days (extendable to 90 days with notice).
In the past 12 months, Noteshik has not sold any personal information to third parties.
11. Children's Privacy
Noteshik is not designed for or directed at children under the age of 13 (or under 16 in EEA countries where a higher age of digital consent applies). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has created a Noteshik account or provided us with personal data, please contact us immediately at support@9gg.app (use the contact form). We will promptly delete the account and all associated data upon verification of the request.
12. International Data Transfers
Your data is stored on servers located in Germany (EU) and is not routinely transferred outside the EU/EEA. The only case where data may leave the EU is when audio is sent to Groq's API for transcription processing. This transfer is protected by:
- Transmission over HTTPS/TLS encryption
- Groq's compliance with standard contractual clauses for international data transfers
- Data minimization — only the audio clip for a specific transcription request is sent, no account identifiers
If you are concerned about this transfer, you can choose not to use the voice transcription feature. All other Noteshik features process data exclusively within Germany.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:
- Update the "Last updated" date at the top of this page.
- For material changes (changes to the types of data collected, new third-party sharing, or changes to your rights), notify you via in-app notification or email at least 14 days before the changes take effect.
- For minor changes (wording clarifications, formatting), update the policy without advance notification.
Your continued use of Noteshik after material changes become effective constitutes acceptance of the updated policy. If you disagree with changes, you have the right to delete your account before the effective date.
14. Contact Us
For any privacy-related questions, data access requests, or concerns about how we handle your information:
- Email: support@9gg.app (use the contact form)
- Contact form: noteshik.9gg.app/contact
- Response time: We will acknowledge all privacy requests within 5 business days and resolve them within 30 days.
If you are a European resident and have an unresolved complaint, you may also contact your national Data Protection Authority. A list of EU DPA contact details is available at edpb.europa.eu.