Back to Home

Privacy Policy

Last updated: April 11, 2026

The short version: NoteCORE, operated by Palindev, collects only the data that is strictly necessary to run the app — your Google account profile, your notes, and payment records if you upgrade. We use Google Analytics to understand how the app is used (pages visited, session duration, and button clicks). Analytics cookies are only set after you give explicit consent. We run no advertising and will never sell, rent, or trade your personal data to anyone. You can request full deletion of your data at any time by emailing contact@palindev.com.

Jump to section
1. Introduction
2. Information We Collect
3. How We Collect Your Information
4. How We Use Your Information
5. Information We Do NOT Collect
6. Cookies & Browser Storage
7. Third-Party Services
8. Data Sharing & Disclosure
9. Data Storage & Security
10. Data Retention
11. Your Rights & Choices
12. Children's Privacy
13. International Data Transfers
14. Changes to This Policy
15. Contact Us
1. Introduction

This Privacy Policy ("Policy") describes how Palindev ("we", "us", "our"), the individual operator of NoteCORE, collects, uses, stores, and protects your personal information when you use the NoteCORE web application and any related services (collectively, the "Service") available at https://notecore.app.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please discontinue your use of the Service.

This Policy should be read alongside our Terms of Service, which governs your overall use of the Service.

2. Information We Collect

We collect the minimum amount of information necessary to provide you with a functional, secure note-taking service. Below is a complete inventory of every piece of data we store, why we store it, and how long we retain it.

Data
Why We Collect It
How Long We Keep It

Google Subject ID (google_sub)

Unique identifier from Google used to recognise your account on future sign-ins.

Until account deletion

Email address

Account identification and communication if you contact support.

Until account deletion

Display name

Shown in the profile page and app UI.

Until account deletion

Profile picture URL

Displayed as your avatar in the app. We store the URL only — not the image itself.

Until account deletion

Note titles & content

Core application function — storing and syncing your writing across devices.

Until you delete the note or your account

Note timestamps

Sorting notes by last edited; displaying creation and update dates.

Until note or account deletion

Subscription plan & status

Enforcing plan limits (3 notes vs unlimited) and showing your current plan.

Until account deletion

Payment order records

Legal and financial record-keeping; verifying that a Pro upgrade was paid for.

7 years (tax & legal compliance)

Razorpay order & payment IDs

Verifying payment authenticity against Razorpay's servers; resolving disputes.

7 years (tax & legal compliance)

Anonymous analytics events (pages visited, session duration, button clicks)

Understanding how the app is used in aggregate so we can improve the product. Only collected when you give cookie consent.

26 months (Google Analytics default, then auto-deleted)

We do not collect any other personal information beyond what is listed in the table above. In particular, we do not collect IP addresses, device identifiers, browser fingerprints, location data, or behavioral analytics of any kind. See Section 5 for the full list of what we do not collect.

3. How We Collect Your Information
3.1Google OAuth 2.0 (at sign-in). When you click "Continue with Google", you are redirected to Google's OAuth consent screen. If you grant permission, Google sends us a cryptographically signed ID token containing your Google Subject ID, email address, display name, and profile picture URL. We verify this token against Google's public keys and store the extracted profile fields in our database. We never see your Google password.
3.2Your usage of the editor (when you write notes). As you type in the NoteCORE editor, your note content is autosaved to our servers. We store the title and the Editor.js JSON body of each note, along with created and updated timestamps. We do not read, analyse, or process your note content for any purpose other than storing and returning it to you.
3.3Payment processing (when you purchase Pro). When you initiate a Pro Plan purchase, our server creates a payment order and calls Razorpay's API to generate a payment session. Your payment card details are entered directly on Razorpay's payment interface and never transmitted to our servers. After payment is confirmed, Razorpay sends us a payment ID and order ID, which we store alongside the transaction amount, currency, and status for financial record-keeping.
3.4Contact you initiate. If you send us an email (e.g. for account deletion or support), we retain that correspondence to resolve your request. We do not add you to any mailing list or contact you for any other purpose.
4. How We Use Your Information

We use the information we collect exclusively for the following purposes:

  • To authenticate you and maintain your account session.

  • To store, sync, and retrieve your notes across devices.

  • To display your profile information (name, avatar) in the app UI.

  • To enforce plan-based feature limits (e.g. the 3-note limit on the Basic plan).

  • To process and verify your payment for the Pro Plan upgrade.

  • To maintain financial and legal records required by applicable law.

  • To respond to support requests or account deletion requests that you initiate.

  • To detect and prevent fraud, abuse, or security incidents.

  • To measure anonymous, aggregate usage patterns via Google Analytics — only when you have given explicit cookie consent.

We do not use your information for advertising, profiling, automated decision-making, or any purpose not listed above.

5. Information We Do NOT Collect

We want to be explicit about what we do not collect, because we believe that is just as important as disclosing what we do collect:

📍

IP addresses

📱

Device or hardware identifiers

🌐

Browser type or user-agent strings

🎯

Advertising or retargeting data

🗺️

Location or GPS data

🖥️

Screen recordings or heatmaps

📧

Email marketing lists

🔗

Cross-site tracking identifiers

🧬

Biometric data

🏦

Full payment card details

NoteCORE does not use advertising networks, session-recording tools, or any marketing automation. We use Google Analytics only with your explicit consent, and only in an anonymised, aggregate form — no personal data is linked to analytics events.

6. Cookies & Browser Storage
6.1Essential localStorage (no cookies). The following data is stored in your browser's localStorage (not cookies). It is local to your device and is never automatically transmitted to any server:

  • JWT access & refresh tokens — used to authenticate your API requests. Cleared when you sign out.

  • nc_color_mode — stores your UI colour preference (light or dark mode). No personal data.

  • Redux application state — stores temporary editor state. Also saved server-side via autosave.

  • nc_cookie_consent — stores your cookie consent decision (accepted / declined + timestamp). No personal data.

6.2Analytics cookies (opt-in only). If you click "Accept Analytics" on the cookie banner, Google Analytics 4 sets two first-party cookies on your browser. These cookies contain no personally identifiable information:
Cookie
Expires
Purpose

_ga

2 years

Assigns an anonymous client ID to distinguish unique visitors.

_ga_XXXXXXX

2 years

Maintains session state for the current analytics session.

6.3Your consent choice. Analytics cookies are only set after you explicitly click "Accept Analytics" on the cookie banner shown on your first visit. You can withdraw consent at any time by clearing your browser cookies or by emailing contact@palindev.com to request data deletion from Google Analytics.
6.4IP anonymisation. We have configured Google Analytics with IP anonymisation enabled. Your full IP address is never stored in GA4 — only a truncated, anonymised version is used to approximate country-level location.
7. Third-Party Services

NoteCORE relies on the following third-party service providers to operate. Each of these providers may process some of your data as part of delivering their service to us. We have selected providers we trust and reviewed their privacy practices.

Google Analytics 4
Usage analytics (opt-in only)
https://analytics.google.comPrivacy Policy ↗
Google (OAuth 2.0)
Authentication provider
https://google.comPrivacy Policy ↗
Razorpay
Payment processing
https://razorpay.comPrivacy Policy ↗
Railway
Backend API hosting & infrastructure
https://railway.appPrivacy Policy ↗
Neon
Managed PostgreSQL database
https://neon.techPrivacy Policy ↗
Netlify
Frontend hosting & CDN
https://netlify.comPrivacy Policy ↗

We do not integrate any advertising networks, session-recording tools (e.g. Hotjar, FullStory), or marketing automation services. Google Analytics is used exclusively for anonymous, aggregate usage measurement and is only active when you have given explicit cookie consent.

These providers act as data processors on our behalf. They are contractually restricted from using your data for their own independent purposes. Your note content is stored encrypted at rest in the Neon database hosted on Railway's infrastructure.

8. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. Ever.

Your personal information is never disclosed to third parties for commercial, marketing, or advertising purposes. The only circumstances in which we share your data are described below.

8.1Service providers. We share the minimum necessary data with our infrastructure providers (Railway, Neon, Netlify, Razorpay, Google) solely to operate the Service, as described in Section 7.
8.2Legal obligation. We may disclose your information if we are required to do so by applicable law, a court order, or a lawful request from a government or regulatory authority. We will make reasonable efforts to notify you of such requests unless prohibited by law.
8.3Protection of rights. We may disclose your information if we reasonably believe it is necessary to: (a) prevent fraud or abuse of the Service; (b) protect the rights, property, or safety of Palindev, our users, or the public; or (c) investigate a potential violation of these Terms.
8.4Business transfer. If Palindev or the NoteCORE Service is acquired, transferred, or merged, your information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
9. Data Storage & Security
9.1Where data is stored. Your data is stored in a managed PostgreSQL database provided by Neon, hosted on cloud infrastructure. The backend API that processes your requests is deployed on Railway. Both providers use enterprise-grade data centres with physical and logical security controls.
9.2Encryption in transit. All communication between your browser and the NoteCORE API is encrypted using TLS (HTTPS). Your data is never transmitted over an unencrypted connection.
9.3Encryption at rest. Data stored in the Neon PostgreSQL database is encrypted at rest by the database provider using industry-standard AES-256 encryption.
9.4Access controls. Access to the production database is restricted to the NoteCORE backend server. No human has routine access to your note content. Administrative access is protected by strong credentials and is used only when strictly necessary (e.g. to fulfil a deletion request).
9.5Security limitations. Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you become aware of a security vulnerability, please report it to contact@palindev.com.
10. Data Retention
10.1Active accounts. We retain your account information and note content for as long as your account is active. There is no time limit on active accounts; your data persists until you request deletion.
10.2Payment records. Payment transaction records (order IDs, amounts, payment provider IDs) are retained for up to 7 years from the date of the transaction to comply with financial record-keeping requirements under applicable Indian tax law (GST/Income Tax Act). This retention period applies even after account deletion.
10.3Account deletion. When you request deletion of your account, we permanently delete your account record, Google profile data, and all your notes from our active database. Deletion is immediate and irreversible — we do not keep backups of your personal data after deletion. Only anonymised payment transaction records (as described in 10.2) are retained for the legally required period.
10.4Inactive accounts. We do not currently have an automatic inactive account deletion policy. We may introduce one in the future with advance notice.
11. Your Rights & Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data. We respect these rights regardless of where you are located.

11.1Right to access. You can request a copy of all personal data we hold about you at any time by emailing contact@palindev.com. We will respond within a reasonable timeframe.
11.2Right to deletion ("right to be forgotten"). You may request complete deletion of your account and all associated personal data by emailing us. We will process the deletion promptly. Note that payment transaction records are retained for 7 years as described in Section 10.2.
11.3Right to correction. If any information we hold about you is inaccurate (e.g. your name or email changed via Google), you can sign out and sign back in to refresh your profile data from Google. For other corrections, contact us directly.
11.4Right to portability. You may request an export of your note data in a machine-readable format. Contact us to arrange this.
11.5Right to withdraw analytics consent. If you previously accepted analytics cookies, you can withdraw that consent at any time by clearing your browser cookies (which removes the _ga and _ga_XXXXXXX cookies) or by reloading the page after clearing nc_cookie_consent from localStorage. The cookie banner will reappear and you can select "Decline analytics".
11.6Right to withdraw service consent. You may stop using the Service at any time. Ceasing use does not automatically delete your account or data; you must explicitly request deletion if you want your data removed.
11.7How to exercise your rights. Email us at contact@palindev.com with the subject line "Privacy Request — [Your Request Type]". We will verify your identity and respond within 30 days.
12. Children's Privacy

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at contact@palindev.com.

Upon receiving such a report, we will promptly verify the claim and, if confirmed, permanently delete all data associated with that child's account without notice.

13. International Data Transfers

NoteCORE is built and operated from India. However, the third-party infrastructure providers we use (Railway, Neon, Netlify) may store and process data in data centres located in the United States and/or the European Union/European Economic Area, depending on their infrastructure configuration.

If you are accessing the Service from the European Union or United Kingdom, please be aware that your data may be transferred to and processed in countries that may not have data protection laws equivalent to those in your jurisdiction.

By using the Service, you consent to this transfer. We take steps to ensure that our service providers implement appropriate security measures (including encryption at rest and in transit) to protect your data during such transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Any changes will be posted on this page with an updated "Last Updated" date. The most current version of this Policy is always available at https://notecore.app/privacy.

For material changes that significantly affect how we handle your personal data, we will make reasonable efforts to provide notice (such as a prominent banner in the app or a notification). Your continued use of the Service after any such changes constitutes your acceptance of the updated Policy.

15. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or how we handle your personal data, please reach out — we genuinely want to help.

Palindev / NoteCORE

Emailcontact@palindev.com

Websitepalindev.com

Apphttps://notecore.app

JurisdictionRajasthan, India

© 2026 Palindev / NoteCORE. All rights reserved.
Terms of ServiceHome