Privacy Policy

Last updated: May 2026

Short version: your notes never leave your device. We don't track you. We don't run ads. We don't have your data because we don't collect it.

Looking for the technical breakdown of how we keep your data safe? See our Privacy & Security Architecture page for the full explanation, including how to verify every claim in your browser.

1. What data we collect

Your notes

None. Your notes are stored in your browser's localStorage, on your device. They are not uploaded to our servers. They never reach us. We have no copy of them and no way to read them.

Account information

None. We don't have accounts. You don't sign up, you don't provide an email address, you don't create a password. There is nothing to collect.

Standard server logs

Like any web server, ours keeps minimal access logs containing:

The time of the request
The IP address that made the request
The URL requested
Your browser's User-Agent string
The HTTP response code (e.g., 200, 404)

These logs are retained for a limited period (typically 30 days) for security and abuse-prevention purposes, then automatically purged. They are not used for behavioral profiling, not joined to any other dataset, and not shared with third parties.

What our server does not see

The contents of your notes
The contents of localStorage
The fragment portion (#…) of any URL, including share links — by web standard, browsers never send fragments to servers
Mouse movements, scroll position, keystroke timing, or any other behavioral telemetry

2. Cookies and tracking

We do not set tracking cookies. We do not use:

Google Analytics or any other analytics product
Facebook Pixel or social-media trackers
Advertising networks (we don't run ads at all)
Heatmap or session-replay tools
Browser fingerprinting
A/B testing tools

The only browser storage we use is localStorage, which holds:

Your notes
Your theme preference (light/dark)
Your font-size preference
Your word-wrap setting

That's the entire list. You can verify it yourself in DevTools (F12) → Application → Local Storage.

3. Third parties

The notepad's runtime contains zero third-party JavaScript dependencies. Every resource the page loads comes from our own domain. We do not load fonts from Google Fonts, scripts from CDNs, or any other external resource. Open your browser's Network panel and verify — every request goes to our domain only.

4. How shareable links work

When you generate a share link, the note's content is encoded into the URL fragment (the part after #). Browsers, by web standard, never transmit fragments to servers. So when a recipient opens your shared link:

Their browser requests our page (we see the request, but not the fragment)
Our page loads, with the note content in the recipient's address bar
Our JavaScript decodes the fragment locally in their browser

Result: even when notes are shared, we never see them. We have no log of who shared what.

5. Children's privacy

This service is suitable for all ages. We don't knowingly collect personal information from anyone, including children, because we don't collect personal information at all.

6. International users

Because we don't collect personal data, GDPR (Europe), CCPA (California), and most other data-protection laws have very little to govern in our case. There is no "right to be forgotten" request to file — we don't have anything to forget. There is no "data portability" request — your notes are already entirely in your possession, on your device.

7. Changes to this policy

If we ever change this policy, we'll update the "Last updated" date at the top of this page. We won't quietly start collecting things. If we ever needed to (we don't anticipate it), we'd announce the change clearly on the home page.

8. Contact

Questions about this policy? Email us — see the contact information on our About page.

Back to the notepad →