Privacy Policy
Last updated July 13, 2026
This Privacy Policy explains what information DeNotes(“DeNotes”, “we”, “us”) collects, how it is used, and the choices you have. DeNotes is built so that your note content stays under your control — in most cases, inside your own Google Drive.
Summary
- We store the minimum needed to run your account and sync structure.
- Your note content lives in your storage: on your device, or in your Google Drive.
- We do not sell your data, and we do not read files in your Drive that DeNotes did not create.
Information we store
Account information. Authentication is handled by Clerk. When you sign in with Google or Apple, Clerk provides us with basic profile details such as your name, email address and avatar so we can identify your account. We never see your Google or Apple password.
Workspace metadata. We store lightweight structural data in our database (hosted on Supabase): your folders, file and note titles, note metadata (such as tags, timestamps and whether a note is archived or pinned), goals, and sync state. This metadata lets your workspace appear correctly across sessions.
Preferences.Small preferences such as your theme choice are stored in your browser’s local storage on your device.
What stays in Google Drive
When you connect Google Drive, the actual content of your notes is written as plain Markdown files inside a dedicated DeNotes folder in your own Drive account. This content is never copied into our database.
DeNotes requests only the drive.file scope, which limits our access to files that DeNotes itself creates. We cannot see, list or open the rest of your Drive. The OAuth tokens that permit this access are stored server-side and are never exposed to your browser.
What DeNotes does not access
- We do not access files in your Google Drive other than those DeNotes created.
- We do not store the body of your notes in our own database.
- We do not sell, rent or trade your personal information.
- We do not use your notes to train machine-learning models.
Service providers
We rely on a small number of trusted providers to operate DeNotes:
- Clerk — authentication and session management.
- Supabase — the database that stores account and workspace metadata.
- Google Drive — storage for your note content, within your own account.
Each provider processes data only as needed to deliver its part of the service and is subject to its own privacy commitments.
Data retention and deletion
We keep your account and metadata for as long as your account is active. You can disconnect Google Drive at any time from Settings. If you delete your account, we remove the metadata associated with it. Note content stored in your Google Drive remains yours and under your control; you can delete those files directly at any time.
Security
We use reputable providers, encrypt data in transit, and keep sensitive credentials such as OAuth tokens on the server. No system can be guaranteed perfectly secure, but we design DeNotes to hold as little of your data as possible.
Children
DeNotes is not directed to children under 13, and we do not knowingly collect personal information from them.
Changes to this policy
We may update this policy as DeNotes evolves. When we make material changes, we will update the date above and, where appropriate, notify you.
Contact
Questions about privacy? Email us at support@denotes.app.