Privacy Policy
SyncHNote is operated as an independent indie project by Dominik, based in Hungary. We respect your privacy, collect as little data as possible, and never sell it. This page explains exactly what is collected, why, and your rights under GDPR.
1. What we collect
| Data | Why |
|---|---|
| Email address, display name, avatar (optional) | To create and identify your account |
| Encrypted password | To sign you in (handled by Supabase Auth) |
| Notes you choose to sync | So you can restore them on another device |
| App settings, study time, AI token usage | To deliver app features and enforce plan limits |
| Stripe customer ID and subscription ID | To process and manage your Pro subscription |
| AI prompts you send | Forwarded to Anthropic to generate the response |
We do not collect: payment card details (Stripe handles those, we never see them), browsing history outside SyncHNote, location data, or any tracking analytics that identify you.
2. Notes stored locally
Notes you write in the desktop app are stored on your computer only, unless you explicitly choose "Sync" from the right-click menu. Synced notes are stored in our database so you can recover them. You can delete synced notes at any time from the website.
3. AI prompts
When you use the AI features, your prompt and the relevant note context are sent to Anthropic (the maker of Claude) to generate the response. Anthropic's privacy practices apply during processing — see anthropic.com/legal/privacy. We do not store your prompts ourselves beyond what is needed to count token usage.
4. Who we share data with (sub-processors)
- Supabase — database, authentication, file storage. Hosts your account, profile, and synced notes.
- Stripe — payment processing for Pro subscriptions. Stripe collects and stores your payment details directly; we receive only customer/subscription identifiers.
- Anthropic — AI model provider. Receives your prompts to generate responses.
- Cloudflare — DNS, email forwarding, CDN for the website.
We do not sell or rent your data to anyone, ever.
5. How long we keep data
- Account data — kept while your account is active. Deleted on request, or after sustained inactivity.
- Synced notes — kept until you delete them, or until your account is deleted.
- AI usage counters — reset weekly; older usage is not retained beyond what is needed to enforce limits.
- Payment records — kept as required by tax and accounting law (typically up to 8 years in Hungary).
6. Your rights (GDPR)
If you are in the EU/EEA (or UK), you have the right to:
- Access the personal data we hold about you.
- Correct it if it is wrong.
- Delete your account and your data ("right to be forgotten").
- Export your synced notes in a readable format.
- Object to processing or restrict it.
- Lodge a complaint with the Hungarian data protection authority (NAIH) or your local authority.
To exercise any of these rights, email [email protected]. We respond within 30 days. Account deletion is currently handled manually on request.
7. Cookies
The website uses only the cookies required to keep you signed in (a Supabase Auth session token). No advertising cookies, no third-party analytics cookies.
8. Security
Account data is encrypted in transit (HTTPS) and at rest by Supabase. Passwords are hashed by Supabase Auth and never visible to us. That said, no system is perfectly secure — please use a unique password and let us know promptly if you suspect your account is compromised.
9. Children
SyncHNote is not directed at children under 13. If you are a parent who believes your child has created an account, contact us and we will delete it.
10. Changes to this policy
We may update this policy when the service changes. Material changes will be announced by email or in-app notice. The "Last updated" date at the top will always reflect the most recent version.
11. Contact
Questions, requests, or complaints? Email [email protected].