Privacy Policy

Last updated: 12/18/2025

1. Information We Collect

1.1 Personal Information

When you use Noteit-MCP, we may collect:

  • Email address and account information through OAuth authentication
  • Profile information you provide when setting up agent configurations
  • Notes, documents, and other content you create or upload

1.2 Technical Information

We automatically collect certain technical information:

  • Device fingerprints for authentication purposes
  • IP addresses and browser information
  • Usage data and analytics to improve our service
  • API usage logs and error reports

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Noteit-MCP service
  • Authenticate and authorize your access to the platform
  • Store and manage your notes, profiles, and configurations
  • Enable MCP (Model Context Protocol) functionality with AI assistants
  • Process subscription payments and manage billing through Paddle
  • Track usage limits for Free and Pro plan features
  • Send billing notifications and subscription updates
  • Improve our service through analytics and user feedback
  • Communicate with you about service updates and support

3. Data Storage and Security

3.1 Data Storage

Your data is stored securely using:

  • Cloud-based database services with enterprise-grade security
  • Distributed caching systems for performance optimization
  • Advanced access controls to ensure data isolation between users

3.2 Security Measures

We implement industry-standard security practices:

  • Secure OAuth authentication protocols
  • Advanced encryption for sensitive data
  • HTTPS encryption for all data transmission
  • Regular security monitoring and updates

4. Data Sharing and Third Parties

We do not sell your personal data. We may share information with:

4.1 Service Providers and Processors

We work with the following third-party processors:

  • Paddle: Payment processing, subscription billing, and customer portal
  • Supabase: Database hosting, user authentication, and data storage
  • Vercel: Application hosting and content delivery
  • Upstash (Redis): Caching and session management
  • Sentry: Error monitoring and performance tracking

4.2 Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with our main service providers to ensure they handle your data according to privacy standards. For a complete list of sub-processors or to request DPA documentation, contact us at a87088@gmail.com.

4.3 International Data Transfers

Your data may be transferred to and processed in countries outside Taiwan. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other legal mechanisms to protect your data during international transfers.

Payment Processing: Subscription payments are processed by Paddle, our payment processor. Paddle may collect and process payment information according to their own privacy policy. We do not store your full payment card details.

MCP Data Sharing: When you use MCP tools with AI assistants (Claude, Cursor, etc.), the data you choose to share through those tools may be processed by those AI services according to their own privacy policies.

5. Your Rights and Choices

You have the following rights regarding your data:

  • Access: View and download your data through the dashboard
  • Correction: Update or correct your information directly in the interface
  • Deletion: Delete individual notes, profiles, or your entire account using the delete buttons provided in the application
  • Portability: Export your notes and configurations
  • Revocation: Revoke API tokens and device sessions at any time

Easy Deletion: The platform provides direct delete buttons for all your content. You can instantly remove individual notes, agent profiles, or completely delete your account without needing to contact us.

6. Cookies and Tracking

6.1 What are Cookies

Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and enabling certain functionality.

6.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the website to function properly and cannot be disabled:

  • Authentication and session management
  • Security features and CSRF protection
  • Basic website functionality

Functional Cookies (Optional)

These cookies enhance your experience by remembering your preferences:

  • Theme preference (dark/light mode)
  • Language settings
  • User interface customizations

Analytics Cookies (Optional)

These cookies help us understand how you use our service to improve it:

  • Anonymous usage statistics
  • Performance monitoring and error reporting
  • Feature usage analytics

6.3 Your Cookie Choices

You have control over which cookies you accept:

  • Cookie Banner: When you first visit our site, you can choose to accept all cookies, essential cookies only, or customize your preferences
  • Browser Settings: You can configure your browser to block or delete cookies, though this may affect website functionality
  • Preference Center: You can change your cookie preferences at any time through our cookie preference center

6.4 Third-Party Cookies

We do not use third-party advertising cookies. Any third-party cookies are limited to:

  • Authentication providers (OAuth services)
  • Essential service providers (when necessary for functionality)

7. Data Retention

We retain your data:

  • Account data: Until you delete your account
  • Subscription data: For tax and compliance purposes, up to 7 years after subscription ends
  • Session data: 30 days for refresh tokens, 1 hour for access tokens
  • Usage logs: 90 days for debugging and analytics
  • Deleted data: Permanently removed within 30 days

Billing Records: We retain billing and subscription information for accounting and tax compliance purposes even after account deletion, as required by law.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data according to applicable data protection laws.

9. Children's Privacy

Noteit-MCP is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Data Controller: Independent Software Developer

Business Type: Individual Developer / Sole Proprietorship

Email: a87088@gmail.com

GitHub: https://github.com/bahfahh/noteit-mcp

Location: Taiwan (Republic of China)

Data Protection Contact: For DPA requests, data deletion, or privacy concerns, email a87088@gmail.com with "Privacy Request" in the subject line.