Privacy Policy
Last updated: February 14, 2026
The short version: Your notes are yours. We don't sell them and we don't use them to train AI. Everything stays on our infrastructure — nothing gets sent to third parties.
1. Who We Are
Notelic is operated by CarbonVibe LLC, based in Fort Collins, Colorado. When we say "we", "us", or "our", we mean CarbonVibe LLC.
2. What We Collect
Account Information
When you create an account, we collect:
- Email address (for authentication and account recovery)
- Password (stored as a salted hash — we never see your plaintext password)
- Passkey credentials (if you choose passkey authentication)
Your Content
Notes, attachments, tags, and other content you create are stored in your individual encrypted database. This data is:
- Encrypted at rest using AES-256
- Isolated per user — each user has their own encrypted database file
- Never accessed by us — we cannot read your notes even if we wanted to
What We Don't Collect
- No analytics or tracking cookies
- No behavioral data or usage patterns
- No advertising identifiers
- No third-party analytics scripts (no Google Analytics, no Mixpanel, nothing)
3. How We Use Your Data
Your account information is used solely for:
- Authenticating you when you log in
- Sending essential account emails (password reset, subscription changes)
- Processing payments through Stripe (we never see your card details)
Your content is used solely to provide the Service to you — storing, searching, and displaying your notes.
4. AI and Semantic Search
Notelic uses AI for semantic search and related notes features. Here's exactly how:
- Embeddings are generated locally on our server using an open-source model (nomic-embed-text)
- No data is sent to OpenAI, Google, or any external AI service
- Your notes are never used to train any AI model
- AI models are stateless — they do not retain or learn from your data between requests
- Each user's data is isolated — embeddings are stored in your own database, never shared across users
- Embedding vectors are stored alongside your notes in your encrypted database
5. Third Parties
We use a minimal number of third-party services:
- Stripe — payment processing. Stripe receives your payment information directly; we never see your card number. See Stripe's Privacy Policy.
- DigitalOcean / Google Cloud — infrastructure hosting. Our servers run on these platforms. Your data is encrypted at rest on disk.
We do not use any advertising, analytics, or data broker services.
6. Data Retention
- Your data is retained as long as your account is active
- Deleted notes go to trash and are permanently removed after 30 days
- If you delete your account, all data is permanently erased within 30 days
- We do not keep backups of deleted accounts
7. Data Export
You can export all your data at any time through the app. We support multiple export formats. Your data is yours — you should always be able to take it with you.
8. Security
- All connections use TLS (HTTPS)
- Databases are encrypted at rest with AES-256
- Each user's data is stored in a separate encrypted database file
- Passwords are hashed with bcrypt
- Passkey authentication uses the WebAuthn standard
9. Children's Privacy
Notelic is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us and we will delete it.
10. Your Rights
You have the right to:
- Access your data (it's all in the app)
- Export your data at any time
- Delete your account and all associated data
- Correct your account information
11. Changes to This Policy
If we make significant changes to this policy, we'll notify you via email or in-app notification before the changes take effect.
12. Contact
Questions or concerns? Contact us at support@notelic.com.