Privacy Policy

1. Information We Collect

Personal Information

• Account Information: Email address, display name when you create an account
• Authentication Tokens: Secure access tokens for Notion, Twitter/X, and LinkedIn integrations
• Usage Data: Generation counts, subscription tier, billing information

Content Data

• Notion Content: Only the specific Notion pages you explicitly request to process
• Generated Content: AI-generated tweets, threads, and LinkedIn posts you create
• Metadata: Character counts, generation timestamps, source page IDs

Technical Data

• Browser Extension Data: Extension version, Chrome browser version, extension usage analytics
• Page Detection: Only detects when you're on Notion pages (notion.so) to enable the extension
• URL Information: Extracts Notion page IDs from URLs for content generation (no page content is accessed)
• Error Logs: Technical error information to improve service reliability

2. How We Use Your Information

We use your information solely to provide and improve our service:

• Service Provision: Authenticate your account, process Notion content, generate social media posts
• Content Generation: Use OpenAI's API to create personalized tweets, threads, and LinkedIn posts
• Social Media Integration: Post generated content to your connected Twitter/X account
• Subscription Management: Process payments, manage billing cycles, track usage limits
• Service Improvement: Analyze usage patterns to enhance features and performance
• Technical Support: Resolve issues and provide customer support

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Chrome Extension Permissions

Our Chrome extension requests the following permissions:

• Active Tab Access: To detect when you're on a Notion page and enable the extension
• Tabs Permission: To query the active tab and extract Notion page IDs from URLs
• Side Panel: To provide a dedicated interface for content generation and management
• Storage: To temporarily store authentication tokens and generated content in your browser
• Host Permissions: Access to notion.so to detect Notion pages and notesocial.app for API communication

Important: The extension does NOT read the content of Notion pages directly. Instead, it only extracts the page ID from the URL and uses our secure API to fetch content through Notion's official API. This ensures your data remains secure and private.

4. Data Storage and Security

Where We Store Your Data

• Supabase Database: Secure, encrypted storage for user accounts, tokens, and generated content
• Row-Level Security: Database-level access controls ensure you can only access your own data
• Browser Storage: Temporary storage of generated content in your browser for editing

Security Measures

• Encryption: All sensitive data is encrypted in transit and at rest
• Secure Tokens: Authentication tokens are encrypted and never exposed client-side
• API Security: All API communications use HTTPS with proper authentication
• Access Controls: Strict database permissions and user authentication
• Regular Updates: Security patches and updates applied regularly

5. Third-Party Service Integration

We integrate with the following third-party services to provide our functionality:

• Notion: Access your notes and content (only when you request it)
• Twitter/X API: Post generated content to your Twitter account
• LinkedIn: Generate LinkedIn-optimized content (posting not yet implemented)
• OpenAI: AI-powered content generation using GPT models
• Supabase: Secure database and authentication services
• Polar: Subscription and payment processing
• Vercel: Web application hosting and analytics

Each service has its own privacy policy and data practices. We recommend reviewing their privacy policies as well.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party services that help us operate our platform (e.g., OpenAI for content generation, Polar for payments)
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice)
• Consent: When you explicitly consent to sharing your information

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: View and download your account data and generated content
• Modify: Update your account information and preferences
• Delete: Remove specific generated content or your entire account
• Disconnect: Revoke access to third-party services (Notion, Twitter, LinkedIn)
• Export: Download your generated content and account data
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at liam@loughystudios.com or use the account management features in the application.

8. Cookies and Tracking Technologies

We use the following technologies:

• Essential Cookies: Session management and authentication
• Analytics: Vercel Analytics for service improvement (anonymous usage data)
• No Tracking: We do not use advertising cookies or cross-site tracking
• Browser Storage: Local storage for temporary content editing

You can disable cookies in your browser settings, though this may affect some functionality.

9. Data Retention

We retain your data as follows:

• Account Data: Until you delete your account or request deletion
• Generated Content: Until you delete it or close your account
• Authentication Tokens: Until you revoke access or close your account
• Usage Logs: 12 months for service improvement and support
• Billing Records: As required by law (typically 7 years)

You can request deletion of your data at any time, and we will process such requests within 30 days.

10. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses and other legal mechanisms.

11. Children's Privacy

NoteSocial is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date, and we will notify users via email or through the application. Continued use of NoteSocial after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: