stdnotes is an offline-first note app. This policy explains what we collect, how we use it, where it is stored, and the choices you have.
Information We Collect
- Account details: If you sign in with Google, we receive your Firebase user ID, email address, display name, and profile photo URL. We do not receive or store your Google password.
- Workspace content: Notes, folders, editor settings, version history, uploaded images, share settings, slugs, and related metadata you create in the app.
- Billing records: If you subscribe to a paid plan, our payment providers send us subscription status, customer IDs, plan information, renewal dates, cancellation state, and payment event metadata. We do not store full card numbers.
- Technical data: Server logs, request metadata, device/browser information, error details, and timestamps needed to operate, secure, debug, and improve the service.
Local Storage
You can use stdnotes without an account. In that case, your notes and preferences are stored in your browser using IndexedDB and localStorage. This local data stays on that device unless you export it, share it, clear browser storage, or sign in and import it into a cloud workspace.
Cloud Storage
When you sign in, cloud workspace data is stored with Google Firebase, including Cloud Firestore for account, note, folder, settings, sharing, and version data, and Firebase Storage for uploaded image files and export assets. Data is protected with authentication, access rules, HTTPS in transit, and provider-managed encryption at rest.
How We Use Information
- Authenticate users and protect accounts
- Save, sync, export, restore, and share notes at your direction
- Provide image uploads, version history, settings, and paid plan features
- Process subscriptions, billing portal access, and payment webhooks
- Maintain reliability, investigate abuse, fix bugs, and improve the product
- Respond to support, account, privacy, or legal requests
Sharing
Notes are private by default. If you enable public sharing, anyone with the share link may be able to view that note without signing in. Passwords, expiry dates, and custom slugs can reduce accidental access, but you should treat shared links as public until you revoke them.
Service Providers
We do not sell personal data and we do not share it with advertisers.
We use service providers only as needed to run stdnotes:
- Google Firebase for authentication, database, storage, and hosting infrastructure
- Stripe and Lemon Squeezy for checkout, subscriptions, tax, invoices, and billing portals
- Operational tools needed for hosting, security, logging, and support
- Legal, safety, or compliance recipients when required by law or valid process
Cookies & Tracking
stdnotes uses browser storage for sign-in sessions, editor state, settings, collapsed folders, recent notes, and recent searches. We do not use advertising cookies and do not run third-party ad tracking.
Retention
We keep cloud account and workspace data while your account remains active or while needed to provide the service. Deleted notes, images, and shares are removed from active systems, though backups, logs, and billing records may persist for a limited period when required for recovery, security, accounting, legal, or compliance reasons.
Your Choices
- Use stdnotes locally without signing in
- Export notes or your workspace from the app
- Delete notes, folders, images, and public shares you no longer want
- Revoke public sharing links at any time
- Contact us to request access, correction, export, or deletion of account data
Children
stdnotes is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can review and delete it where appropriate.
Policy Updates
We may update this policy as the service changes. When we make material changes, we will update the date at the top of this page. Continued use of stdnotes after an update means the revised policy applies.