<- Back To Support

Noteroom Legal

Privacy Policy

Last updated: 5 March 2026

1. Controller Information

Noteroom LTD is the controller for personal data processed through noteroom.app and related app services.

Contact: support@noteroom.app

2. Data We Collect

  • Account data (email, profile metadata, authentication identifiers)
  • Project and collaboration content you create or upload
  • Usage, device, and log data for security and reliability
  • Billing status and Stripe customer references (not full card numbers)
  • Support request content you choose to provide

3. How We Use Personal Data

  • Provide core product features and account access
  • Process subscriptions, renewals, and account-level billing support
  • Detect abuse, secure infrastructure, and enforce platform policies
  • Respond to legal requests and compliance duties
  • Improve product quality and service operations

4. Legal Bases (UK GDPR)

  • Contract: account and product delivery
  • Legitimate interests: platform security and service improvement
  • Legal obligation: accounting, tax, and compliance recordkeeping
  • Consent: non-essential cookies and optional communications where used

5. US/California Notice At Collection

We collect identifiers, account information, internet/device activity, and user-provided content to operate the service and manage subscriptions.

We do not sell personal information. We do not knowingly process sensitive personal information for inferring characteristics.

We do not use personal information for cross-context behavioral advertising. Where required by law, we process opt-out preference signals such as Global Privacy Control for browser-based traffic.

6. Sharing And Subprocessors

We share data with vendors only to operate the service, including hosting, authentication, storage, payments, and support tooling.

Vendors are contractually restricted to authorized processing purposes and appropriate confidentiality/security obligations.

See the current vendor list in Subprocessors.

7. International Transfers

Where data is transferred outside the UK, we use lawful safeguards such as contractual transfer mechanisms and vendor protections.

8. Retention

  • Account data: retained while account remains active, then deleted or anonymized after account deletion workflows complete
  • Project data: retained until deletion by user or account deletion workflows, subject to short-lived backup/restore windows
  • Billing/audit records: retained as required for legal and accounting obligations
  • Security logs: retained for limited periods based on operational need and abuse prevention requirements

9. Your Rights

Depending on jurisdiction, you may request access, correction, deletion, portability, restriction, or objection.

Request details are in Privacy Rights (UK + US/CA).

10. Security

We apply technical and organizational controls designed to protect personal data and service integrity. See Security & Service Commitments.

11. Children's Data

Noteroom is not directed to children under 13, and we do not knowingly collect personal data from children under 13 through the self-serve product. If you believe a child submitted personal data, contact us so we can investigate and delete data where required.

12. Automated Decision-Making

We do not use solely automated decision-making that produces legal or similarly significant effects in relation to account access or consumer rights requests.

13. Changes To This Policy

We may update this policy to reflect legal, technical, or product changes. The version line below records active policy versioning.