This policy explains what we collect and why, how we handle your data, and your rights. We do not sell your data.

What we collect and why

Our principle is to collect only what we need.

• Identity and access: We ask for basics like name, email, and company so you can personalize your account and we can send essential updates. We may send optional surveys or newsletters with your consent. We will not sell your personal info or use your name/company in marketing without permission.
• Billing information: For paid plans, payment information from your credit card goes directly to our payment processor. It does not go through Northvane Technologies servers. We keep transaction records (e.g., last 4 digits) for history, invoicing, and support. We store billing addresses for charges, taxes, and fraud prevention. Aggregate billing data may inform marketing.
• Product interactions: Content you upload/store in your Readinote account stays on our servers while the account is active. If you delete your account, we remove that content within about 60 days.
• General geolocation: We log full IPs at signup and on access to fight spam/fraud and for security while your account is active.
• Website interactions: We collect browsing data (browser/OS, IP, pages, load times, referrer) for analytics and experiments. If signed in, analytics tie to your IP/account while active. See Advertising and Cookies for more detail.
• Anti-bot assessments: We use CAPTCHA to block brute-force and spam; it scores activity to detect bots. We see the score, not the raw evaluated signals.
• Cookies and similar technologies: We use essential, first-party cookies to operate the service. These include a session cookie (to keep you signed in), a security cookie (to remember trusted devices and reduce repeat sign-in alerts), and a CSRF token (to protect against cross-site request forgery). We do not use advertising cookies or third-party tracking cookies. Because these cookies are strictly necessary for the service to function, they do not require separate consent. You can manage cookies in your browser settings; turning them off will prevent you from signing in.
• Voluntary correspondence: Emails to us and survey responses are kept so we have history. Interviews are recorded only with your explicit consent.
• Mobile/desktop app permissions: Apps may request access to contacts, calendar, camera, etc. Consent is optional; declining may limit features.

When we access or disclose your information

• To deliver the services you request: We use subprocessors to run our apps and business functions (see our subprocessors list). Third-party integrations you enable may receive your data at your direction.
• Human access: No one views your content except with your express permission for support or to resolve rare automation errors, to secure our systems, or as required by law. We prefer root-cause fixes to avoid recurrence.
• Ads exclusion: Where lawful, we may hash your email to exclude you from seeing our ads.
• Abuse investigations: We may access accounts as a last resort to investigate restricted uses and may notify authorities if warranted.
• Aggregated/de-identified data: We may use de-identified or aggregated data for analytics or marketing.
• Legal requirements: As a U.S. company, we respond to valid U.S. legal process and MLAT requests; we notify affected users when allowed. We comply with proper preservation requests; absent continued legal process, preserved data is destroyed when the period ends. We may share minimal billing data if audited.
• Corporate changes: If Northvane Technologies is acquired/merged, we will notify you before personal info is transferred or subject to a new policy.

Your rights

We aim to honor these rights for all customers, regardless of location:

• Right to know what we collect/use/share.
• Right of access to your data and info on its use/storage/security.
• Right to correction.
• Right to erasure (“to be forgotten”), subject to legal/functional limits.
• Right to complain to authorities.
• Right to restrict processing/opt out of sale (we do not sell data).
• Right to object to certain processing.
• Right to portability (export your data).
• Right to avoid solely automated decisions with significant effects.
• Right to non-discrimination for exercising privacy rights.

Many rights can be exercised by signing in and updating your account. We may need to verify identity before fulfilling requests.

How we secure your data

Data in transit is encrypted via SSL/TLS; backups are encrypted. We secure data at rest extensively. Some products may not encrypt every field at rest; others (like certain mail services) encrypt fields with individual keys. See our Security Overview for details.

What happens when you delete content

Trashed content typically remains accessible in trash for ~25 days, then is removed from the app, then from active servers (~30 days), and finally from backups (~another 30 days). Deleted account content is generally purged within ~60 days. See our Cancellation Policy for specifics.

Data retention

We retain data as needed for its purpose and legal obligations, then delete or aggregate it. Some retention periods are specified in this policy.

Location of site and data

Our services and infrastructure are primarily in the United States. By using readinote.com or our Services, you consent to transfer and storage in the U.S.

When transferring personal data from the EU/UK

We use a Data Processing Addendum with Standard Contractual Clauses to protect EU/UK data. Some occasional transfers (e.g., newsletter signups, surveys, store purchases) may rely on applicable GDPR/UK GDPR derogations.

Changes and questions

We may update this policy to reflect regulations or practices; we will refresh the date and notify policy-update subscribers for significant changes.