Privacy Policy

1. Data Collection

To provide our notebook digitization service, we collect and process:

  • Images of notebook pages that you explicitly upload through our interface
  • Machine-generated transcriptions and embeddings derived from your uploaded images
  • Authentication data including email addresses and securely hashed passwords
  • Session tokens to maintain secure login states
  • Technical data including browser type, device information, and IP addresses for security and optimization

2. Data Processing & Storage

  • Images are processed using computer vision algorithms for optimization before transcription
  • Transcription is performed using OpenAI's GPT-4 API under strict data handling protocols
  • All data is stored in PostgreSQL databases hosted on Railway's secure infrastructure
  • Vector embeddings are generated and stored to enable content similarity features
  • Temporary processing data is handled through Redis queues and automatically purged after completion
  • We maintain data processing logs for security and debugging purposes

3. Data Sharing & Usage

  • Your data is processed only as necessary to provide the transcription service
  • We use OpenAI's API for transcription, subject to their enterprise privacy standards
  • We do not sell, rent, or lease your personal data to third parties
  • We do not use your data for advertising or marketing purposes
  • Anonymous usage statistics may be collected to improve service performance
  • We may share data if required by law, with appropriate notifications when permitted

4. Security Measures

  • All data transmission uses TLS 1.3 encryption
  • Stored data is encrypted at rest using industry-standard algorithms
  • Authentication uses secure password hashing with bcrypt
  • Regular security audits and updates are performed on all systems
  • Access to user data is limited to essential personnel and logged
  • Automated systems monitor for unauthorized access attempts
  • Security incidents are handled according to our incident response plan

5. User Rights & Control

You have the following rights regarding your data:

  • Access your complete data archive in machine-readable formats
  • Request deletion of all your data, which will be completed within 30 days
  • Export your notebooks in PDF, EPUB, Markdown, or plaintext formats
  • Correct or update any stored information
  • Request details about how your data has been processed
  • Opt out of non-essential data collection
  • Receive notification of significant privacy policy updates

6. Data Retention

  • Active account data is retained until you request deletion
  • Inactive accounts may be archived after 12 months of disuse
  • Processing logs are retained for 90 days
  • Security audit logs are retained for 1 year
  • Backup data is retained for 30 days

For privacy-related inquiries or to exercise your data rights, please contact our privacy team.

Last updated: March 09, 2025