How NoteKrypt handles privacy on the site and in the product.

This policy reflects the current NoteKrypt launch-site structure and the product direction described in the codebase: device-side encryption before sync, support for backups and recovery, and minimal readable content exposure wherever the architecture can avoid it.

Last updated: April 14, 2026 Contact: hello@notekrypt.app

Overview

This privacy policy explains how the NoteKrypt marketing site and the NoteKrypt product handle information when you browse the site, create an account, sync encrypted content, request support, or use pricing and download pages.

The short version is that NoteKrypt is designed so your device performs encryption before sync. The service still needs some account, billing, device, and operational metadata to run, but the product goal is to avoid storing readable note contents when encrypted sync is active.

What we collect

We may collect account identity details such as email address, authentication state, subscription plan, billing status, device or app version information, release-check metadata, support messages you send us, and operational records needed to keep sync, sharing, reminders, or downloads working.

If you use shared-note or collaboration features, the service may also process sharing metadata, permission records, collaborator identifiers, and view or access events needed to enforce access rules and operate those features.

Account and sign-in information
Plan, billing, and subscription state
Device, version, and update-check metadata
Support emails and launch-access requests
Sharing, permissions, and collaboration metadata where features require it

How encryption changes what the service sees

NoteKrypt documentation and app copy describe a model where notes are encrypted on your device before syncing to the cloud. The service stores encrypted payloads and related metadata for sync, soft deletion, recovery, sharing, or reminder delivery.

The codebase also references standard cryptographic primitives including AES-256-GCM, PBKDF2-HMAC-SHA256, HKDF, HMAC-SHA256, and RSA. This page is not a protocol specification, but it reflects the current product direction and technical documentation in the repository.

Passwords, passkeys, and autofill data

Password and passkey flows are part of the NoteKrypt product story. Platform-specific credential or autofill data may rely on secure OS facilities such as keychains or keystores when the operating system requires that integration.

Desktop browser flows can also involve the Browser Companion, while mobile flows use iOS Password AutoFill or the Android Autofill service instead of desktop extension packages.

Backups, recovery, and retention

The app emphasizes encrypted vault backups because a password reset without a vault recovery path can leave older encrypted notes inaccessible. Backup packages should be stored carefully because anyone with both the backup and its password may be able to decrypt the protected content.

Retention for encrypted content, deleted items, and recovery metadata can vary by feature, plan, or operational need. We may preserve operational records long enough to provide recovery, abuse prevention, billing support, or legal compliance.

Third-party providers and infrastructure

The NoteKrypt repository references third-party infrastructure for product hosting, sync, messaging, payments, release distribution, and app-store delivery. Those providers may process limited metadata necessary to deliver their part of the service.

Examples include identity or sync backends, payment processors, cloud hosting providers, release channels, and app-store operators. We try to keep the amount of readable user content exposed to providers as low as the product architecture allows.

Your choices and rights

You can contact the NoteKrypt team to ask about data handling, request account-help details, or raise privacy questions. Depending on your location, you may also have legal rights related to access, deletion, correction, portability, or objection.

Because encrypted content is designed to remain unreadable to the service in normal operation, some requests may depend on what metadata the service actually has access to. The best starting point is hello@notekrypt.app.

Policy updates

We may update this policy as the launch site, billing routes, collaboration features, or distribution channels evolve. When that happens, we will refresh the date on this page and publish the updated text on notekrypt.app.