Service Delivery — To provide, maintain, and improve Internote's functionality, including storing your content, processing interactions, and enabling collaboration.

Personalisation — To deliver personalised recommendations, search results, and featured content based on your interests and engagement.

Analytics — To understand how users interact with the platform, identify trends, and prioritise feature development (all analysis is aggregated and non-identifying).

Communication — To send account-related notifications (password resets, sharing notifications) and, if you opt in, updates about new features.

Legal Compliance — To comply with laws, regulations, and legitimate legal requests.

Security — To detect, prevent, and address fraud, abuse, and security incidents.

Where Data Is Stored — All data is stored on Supabase, a secure PostgreSQL database platform hosted on AWS infrastructure. Data is stored in encrypted form in transit and at rest.

Access Controls — We use row-level security (RLS) policies to ensure you can only access your own data. Administrative access is strictly limited and monitored.

No Third-Party Sharing — We do not sell, trade, or rent your personal information to third parties. Your data is never used for advertising or marketing without your explicit consent.

Retention — Your account data is retained as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Public content you created may remain visible in archives if other users have saved or shared it.

Access — You can view all your profile information in your account preferences at any time.

Correction — You can update your profile information directly through your account settings.

Deletion — You can delete individual content items at any time. You can also permanently delete your entire account, which removes all associated personal data.

Export — Contact us to request a copy of your data in a portable format.

Opt-Out — You control the visibility of all your content (public/private). You can also opt out of non-essential communications in your preferences.

Authentication — We use secure, httpOnly cookies to maintain your authentication session. These cookies contain an encrypted access token and are essential for the service to function.

Vercel Analytics — We use Vercel Analytics to track page performance metrics and user interactions (Web Vitals). This helps us identify performance issues and improve your experience. Vercel Analytics does not use cookies and respects your privacy.

No Invasive Tracking — We do not use invasive analytics cookies (like Google Analytics) or tracking pixels to build behavioural profiles for advertising. We analyse aggregated data to improve the platform, not to track individuals.

Private Content — Internotes and maps marked as "private" are only visible to you and anyone you explicitly share them with. Private content is not searchable and does not appear in public discovery features.

Public Content — When you publish content as "public," it becomes searchable and may appear in recommendations, featured sections, and community discovery. Public content can be viewed by anyone on the internet.

Shared Content — When you share content directly with other users, they gain the permission level you specified (view or edit). You can revoke access at any time.

If you have questions about this Privacy Policy, concerns about your data, or wish to exercise your rights, please contact us: