NotelifyNotelify
Back to sign in

Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how Notelify ("we," "us," or "our") collects, uses, stores, and protects your information when you use our AI-powered study tools platform at notelifyapp.com (the "Service"). By using Notelify, you agree to the practices described below.

1. Information We Collect

1.1 Account Information

When you sign in with Google OAuth via Supabase Auth, we receive and store your name, email address, and profile picture URL. We do not have access to your Google password and never ask for it.

1.2 Uploaded Content

To generate study materials, you may provide us with content including:

  • YouTube video URLs
  • PDF, DOCX, and PPT documents
  • Audio and video files
  • Images (for OCR text extraction)
  • Pasted or typed raw text
  • Web article URLs

Uploaded files are temporarily stored in Supabase Storage for the duration of processing and are automatically purged within 24 hours of job completion. Generated study outputs (notes, flashcards, quizzes, mind maps) are stored in your account for as long as you maintain it.

1.3 Usage and Analytics Data

We collect anonymized usage analytics through Vercel Analytics and PostHog, including pages visited, features used, and session duration. This data does not contain personally identifiable information and is used solely to improve the product experience.

1.4 Payment Information

Subscription payments and credit purchases are processed by Dodo Payments. We do not store your credit card number, bank details, or any sensitive financial data. Dodo Payments handles all payment processing in compliance with PCI-DSS standards. We only receive confirmation of your subscription status and transaction IDs.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain your account
  • Process your uploaded content through our AI pipeline to generate study materials
  • Track your credit balance and enforce plan-specific usage quotas
  • Provide customer support and respond to inquiries
  • Improve our AI models, prompts, and overall product quality (using anonymized, aggregated data only)
  • Prevent abuse, fraud, and unauthorized access via rate limiting (Upstash Redis)
  • Send transactional emails related to your account (e.g., plan changes, billing receipts)

3. AI Processing & Third-Party Data Sharing

3.1 AI Content Processing

Your uploaded content (transcripts, extracted text, documents) is sent to Google Gemini API for AI processing. This is the core of how Notelify generates notes, flashcards, summaries, quizzes, mind maps, and other study outputs. Audio and video transcription may also use Groq Whisper API as a speech-to-text service.

Important: By using Notelify, you acknowledge that your content is transmitted to these third-party AI providers for processing. We do not use your content to train AI models. Google and Groq process your data under their respective API terms of service, which prohibit using API inputs for model training.

3.2 Third-Party Services

We integrate with the following services — each with limited, purpose-specific access to your data:

  • Supabase — Authentication, database, and file storage (hosts your account and generated content)
  • Google OAuth — Sign-in identity verification (receives no content data)
  • Google Gemini API — AI text generation (receives extracted text for processing)
  • Groq Whisper API — Audio-to-text transcription (receives audio data)
  • Dodo Payments — Subscription and payment processing (receives billing data only)
  • Upstash Redis — Rate limiting and caching (stores anonymized usage counters)
  • Vercel — Application hosting and edge analytics
  • PostHog — Product analytics (anonymized usage patterns)

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Data is shared only as described above and only to the extent necessary to provide the Service.

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with row-level security (RLS) policies enforcing that each user can only access their own records. All data is encrypted in transit via TLS/HTTPS and at rest via Supabase's infrastructure-level encryption.

Temporary file uploads (audio, video, PDFs) are stored in isolated Supabase Storage buckets with per-user path prefixes and are automatically deleted after processing completes. No uploaded source files are retained long-term.

While we implement industry-standard security measures, no internet-based service can guarantee absolute security. We encourage you to use a strong Google account password and enable two-factor authentication.

5. Data Retention

  • Account data — Retained for the lifetime of your account
  • Generated content (notes, flashcards, etc.) — Retained until you delete them or close your account
  • Uploaded source files — Automatically deleted within 24 hours of processing
  • Usage logs & analytics — Retained for up to 90 days, then aggregated and anonymized
  • Payment records — Retained as required by applicable tax and financial regulations

6. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Delete — Request permanent deletion of your account and all associated data
  • Export — Download your generated study materials (notes, flashcards, PDFs)
  • Correct — Update your profile information (managed via your Google account)
  • Withdraw consent — Stop using the Service at any time; your data will be deleted upon account closure

To exercise any of these rights, contact us at support@notelifyapp.com. We will respond within 30 days.

7. Cookies & Local Storage

Notelify uses essential cookies for authentication session management (Supabase Auth tokens) and local storage for UI preferences such as theme settings. We do not use advertising or third-party tracking cookies.

8. Children's Privacy

Notelify is not intended for children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will promptly delete that information.

9. International Data Transfers

Your data may be processed in regions where our infrastructure providers (Supabase, Google, Vercel) maintain servers. By using Notelify, you consent to the transfer of your data to these locations. All transfers are protected by the security measures described in Section 4.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice within the Service. Your continued use of Notelify after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: