Privacy Policy

SnapNote stores the information required to create notes, share them, authenticate users, and enforce expiry or revocation rules.

Depending on how you use the product, stored data can include:

• note titles, note content, and extracted plain-text summaries
• guest note content and rich editor content for temporary notes
• folders, sections, section icons, and section colors
• share tokens, expiry timestamps, and share-link status such as active, revoked, or expired
• account information returned during Google sign-in, such as name, email address, and profile image
• session data needed to keep authenticated users signed in

SnapNote currently supports Google login for authenticated accounts.

Google authentication is used to identify the account owner and create a workspace. SnapNote does not ask for unnecessary Google data beyond what is required for authentication and basic account setup.

Shared links in SnapNote should be treated like access keys. Anyone who has a live share link can access the linked note while that link remains active.

At the time of this policy, active public share links may allow editing if the product UI indicates the shared note is editable. A link stops working when it is revoked or reaches its expiry time.

Share tokens are generated as hard-to-guess random values, but you should still only send them to people you trust to access the note.

Guest notes are temporary by design and always require an expiry period.

When a guest note expires, SnapNote marks its associated links as expired and may delete the guest note record during cleanup. Cleanup can happen opportunistically during product activity and can also run through a scheduled cleanup process.

Because cleanup may not happen at the exact same second a note expires, there can be a short delay between expiry and permanent deletion.

Authenticated notes remain in your workspace until you delete them.

Deleting a note removes it from the workspace database. Revoking a share link disables public access to that note link.

Guest notes are retained only for their active lifetime and may be deleted after expiry by the cleanup process described above.

Deleting a folder or section does not necessarily delete the underlying notes inside it. The product may retain those notes while removing the grouping object.

SnapNote uses authenticated sessions for logged-in accounts and tokenized public links for note sharing.

No internet-facing product can guarantee absolute security. You should avoid placing highly sensitive, regulated, or mission-critical confidential material into any public share flow unless you are comfortable with the access model and your deployment controls.

If you control a self-hosted deployment, you are responsible for infrastructure security, backups, server access, database hardening, HTTPS, and secret management.

Like most web applications, SnapNote may generate server logs, error logs, process-manager logs, and database activity required for debugging, uptime, and product maintenance.

These operational records may include request metadata such as timestamps, paths, response codes, and infrastructure-level details needed to operate the service.

SnapNote may update this Privacy Policy as product behavior changes. Updated versions should describe the service as it currently operates.

If you operate this service yourself, you are the party responsible for handling privacy requests for your deployment. If this instance is run by a third party, contact that operator for data access or deletion questions.