Privacy Policy

Last updated: February 22, 2026

1. Introduction

This Privacy Policy explains how Noteecard ("we", "our", or "us") collects, uses, stores, and protects your personal information when you use noteecard.com or our mobile applications.

We are committed to transparency and to handling your data responsibly, in compliance with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

By using Noteecard, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of the service.

2. Information We Collect

We collect information in two ways: information you provide directly, and information collected automatically when you use our services.

3. Information You Provide

When you create an account, use our services, or contact us, you may provide:

  • Name and email address
  • Account credentials (managed via secure authentication providers)
  • Content you create within Noteecard (cards, messages, notes)
  • Contact form submissions and support requests
  • Payment-related information (processed via Apple App Store — we never store card details)

4. Automatically Collected Information

When you access Noteecard, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and navigation patterns
  • Session duration and frequency of use
  • Referral source

This data is collected through analytics tools and is used in aggregated form to improve the service. For details on cookies specifically, please refer to our Cookie Policy.

5. Country Detection (IP-Based Location)

When you create a standard card, we may use your IP address to estimate your country of origin using a third-party geolocation service (ipapi.co). This is used solely to display the appropriate country flag on your card.

We do not store your precise location. Only the country code is retained, and only in connection with the card you create.

6. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Noteecard's core functionality
  • Authenticate your identity and manage your account
  • Process payments securely
  • Personalize your experience and preferences
  • Communicate important service updates
  • Monitor platform security and prevent abuse
  • Analyze aggregated usage data to improve performance

We do not sell, rent, or trade your personal data to third parties.

7. Security & Encryption

This section describes how Noteecard protects encrypted card content.

Encryption of Encrypted Cards

  • Encrypted cards are protected using AES-256 encryption.
  • Messages are encrypted before storage.
  • Only someone with the correct PIN can decrypt the message.
  • We do not store your PIN.

Key Derivation

  • The PIN is transformed into a cryptographic key using PBKDF2 with SHA-256 and 100,000 iterations.
  • This makes brute-force attacks computationally impractical.

Zero-Knowledge Design

  • Encrypted messages are stored in encrypted form.
  • Noteecard cannot access or decrypt encrypted card content.
  • If a PIN is forgotten, the message cannot be recovered. This is intentional to preserve privacy.

Infrastructure & Storage

  • Encrypted content is stored securely.
  • Authentication may use Apple or Google login providers.
  • We do not store payment card details.

8. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Consent — where you have given explicit permission (e.g. analytics, non-essential cookies)
  • Contractual necessity — where processing is required to deliver the service you requested
  • Legitimate interest — where processing is necessary for platform security, fraud prevention, or service improvement, balanced against your rights
  • Legal obligation — where we are required to process data by applicable law

You may withdraw consent at any time without affecting the lawfulness of prior processing.

9. Payments

Purchases are processed exclusively via Apple App Store.

Noteecard does not collect, store, or have access to your credit card number, CVV, or banking details.

We receive only a transaction confirmation and a tokenized reference for record-keeping.

10. Data Storage & Security

Your data is stored on secure infrastructure. We implement industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • Access controls and authentication requirements for internal systems
  • Regular security reviews and monitoring

While no system can guarantee absolute security, we take reasonable and appropriate measures to protect your information.

11. Data Retention

We retain your personal data only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Card content is retained for as long as the platform operates or until you choose to delete it. Account data is retained until you delete your account.

Upon account deletion, your personal data is removed within a reasonable timeframe, except where retention is required by law.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a structured, machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent

For EU/EEA users, these rights are guaranteed under GDPR. For California residents, additional rights under CCPA/CPRA may apply, including the right to know what personal information is collected and the right to opt out of the sale of personal information. Noteecard does not sell personal data.

To exercise any of these rights, contact us at info@noteecard.com. We will respond within the timeframe required by applicable law.

13. International Transfers

Your data may be processed in countries other than your country of residence, including countries that may not provide the same level of data protection.

Where required, we implement appropriate safeguards — such as Standard Contractual Clauses (SCCs) — to ensure your data is protected in accordance with applicable law.

14. Third-Party Services

We use a limited number of third-party services to operate and improve Noteecard:

  • Apple App Store — payment processing
  • Google Analytics — aggregated traffic analysis
  • Pikapod (Umami) — privacy-focused analytics
  • ipapi.co — IP-based country detection
  • Social login providers (Google, Apple) — authentication

These providers process data in accordance with their own privacy policies. We encourage you to review them.

We do not share personal data beyond what is necessary for service delivery, unless required by law.

15. Children's Privacy

Noteecard is not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction).

We do not knowingly collect personal data from children. If we become aware that a child has provided personal information without parental consent, we will take steps to delete that information promptly.

If you believe a child has submitted personal data to us, please contact info@noteecard.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

When we make changes, we will revise the "Last updated" date at the top of this page. Continued use of Noteecard after an update constitutes acceptance of the revised policy.

17. Contact Information

If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact:

info@noteecard.com