Legal

Privacy Policy

Last updated: April 20, 2026

This policy explains what data Arythmatic Notes collects, why we collect it, who we share it with, and the controls you have. It applies to both the web app at notes.arythmatic.cloud and the mobile app.

1.What we collect

Account information. When you sign in via Auth0 we receive your email address, name, and profile picture. For business sign-in we also receive your Auth0 organisation identifier.

Content you create. Notebooks, notes (including rich-text content and tags), tasks and task columns, flashcards and decks, flowcharts, whiteboards, and templates. Notes are stored as structured JSON and rendered HTML.

Sharing data. When you share a notebook or note, we store the target user and the permission level (view, edit, admin). Public share links are identified by a random UUID.

Activity and version history. We record high-level actions (such as note created, notebook shared, flashcard reviewed) in an audit log, and we keep a version history of notes so you can restore earlier edits.

AI interactions. If you use the AI chat or AI generation features, the prompts, conversation history, and model responses are stored against your account. Prompts are transmitted to Anthropic for processing (see "Sub-processors").

Subscription and payment data. Your current plan and entitlements. If you upgrade, payments are processed by Stripe — we do not see or store full card numbers.

Technical data. Server logs capture your IP address, device / browser user-agent, and request metadata for operational and security purposes.

2.How we use your data

  • Operate the Service — sync your content across devices, render notes, run flashcard review schedules, deliver AI features you invoke.
  • Keep the Service safe and reliable — abuse detection, debugging, auditing.
  • Bill you for paid plans and handle support requests.
  • Communicate essential service updates and, if you opt in, product news.

We do not sell your personal data, and we do not use Your Content to train third-party models.

3.Legal bases (where applicable)

Where GDPR or similar laws apply, we rely on: contract (to deliver the Service you signed up for), legitimate interests (security, improvement), consent (optional cookies, marketing emails), and legal obligations (accounting, tax).

4.Sub-processors we use

  • Auth0 (Okta) — authentication and identity.
  • Anthropic — AI model inference for the chat and generation features.
  • Stripe — payment processing for paid subscriptions.
  • Hosting provider — our production infrastructure (PostgreSQL, Redis, app servers).
  • AskmeIdentity Comply — DPDP / consent banner on the web app.

Each sub-processor receives only the minimum data it needs and is bound by its own privacy commitments.

5.Data retention

Your Content is retained for as long as your account exists. Deleted items are soft-deleted (is_active flag) and then purged during routine cleanup. Activity logs are retained for security and support for up to 24 months. On account deletion we delete or anonymise your personal data within 30 days, except where law requires us to retain it longer (e.g. tax records).

5a.Deleting your account

How to request deletion. Email support@arythmatic.cloud from the address associated with your Arythmatic Notes account, with the subject line "Delete my account". You don't need to include anything else — the from-address is how we verify the request.

What gets deleted.

  • Your profile (name, email, picture, organisation membership).
  • Your content: notebooks, notes, tasks, task columns, flashcards and decks, flowcharts, whiteboards, templates, and any inline attachments.
  • Sharing relationships you own, AI chat sessions and messages, note version history, and activity logs associated with your account.
  • Cached identity records at Auth0 (we request upstream deletion via Auth0's Management API).

What may be retained. Aggregated and anonymised usage statistics that no longer identify you. Payment and invoice records that we are required to keep for tax and accounting purposes — typically 6–8 years depending on jurisdiction — without your name or email attached where possible.

Timeline. We confirm receipt within 2 business days and complete deletion within 30 days. For content shared into a business organisation, the organisation administrator may retain a copy under their tenancy; if you want that removed too, say so in the email and we will forward the request.

6.Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data or complete incomplete data.
  • Delete your account and personal data.
  • Export Your Content in a portable format.
  • Withdraw consent for anything based on consent (e.g. optional cookies, marketing).
  • Object to, or restrict, certain processing.

To exercise any of these, email support@arythmatic.cloud. You can also manage cookie/tracking consent from the "Manage Consent Preferences" link in the web footer.

7.Cookies and tracking

The web app uses a small number of strictly-necessary cookies (session, CSRF) and a consent banner for any optional analytics. The mobile app does not set browser cookies; it stores an authentication token in native secure storage and a local cache in MMKV to enable offline reads.

8.Children's privacy

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact support@arythmatic.cloud and we will delete it.

9.International data transfers

Depending on where your data is processed, it may be transferred to and processed in countries other than your own. We use standard contractual clauses and equivalent safeguards where required.

10.Security

All traffic to and from the Service is encrypted in transit (TLS). Passwords are never stored by us — authentication is delegated to Auth0. Access tokens on mobile are kept in Android Keychain / iOS Keychain. We take reasonable organisational and technical steps to protect your data, but no service is 100% secure.

11.Changes to this policy

We will post material changes to this policy on this page and update the "Last updated" date above. Significant changes will also be notified in-app or by email.

12.Contact

Questions, requests, or complaints? Email support@arythmatic.cloud.