Legal

Privacy Policy

Effective date: May 14, 2026 · Last updated: May 14, 2026

Notaker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information when you use Notaker at notaker.co (the "Service").

By using Notaker, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account information. When you create an account, we collect your email address and a hashed version of your password. We never store your password in plain text.

Content you create. We store documents, annotations, recordings, and other content you create or upload within the Service on Cloudflare R2 (cloud object storage).

Usage data. We collect structured logs of application activity (such as errors and request metadata) to maintain and improve the Service. This data is processed by Axiom and Sentry (see Third-Party Services below).

Like most web services, our servers and third-party tools automatically receive standard browser request information when you use the Service, including your IP address, browser type and version, and the pages you visit. This information is used solely for operating and improving the Service.

2. Google Drive Integration

Notaker's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Notaker offers an optional Google Drive integration that allows you to import files from your Google Drive into the Service. This integration requires you to grant Notaker permission to access files you explicitly select.

What we access. When you connect your Google Drive account, we request the drive.file scope, which grants access only to files you explicitly select through the file picker. We do not access, read, or index any other files in your Google Drive.

How we use it. When you select a file to import, we download the file to our servers solely for the purpose of processing and converting it into a Notaker document. The file is converted to PDF or parsed as appropriate, split into individual pages, and stored on Cloudflare R2 as part of your Notaker document.

What we store. The processed file pages are stored on Cloudflare R2 as part of your Notaker document. We store your Google OAuth refresh token in our database solely to generate short-lived access tokens for Drive API requests on your behalf. We do not sell, share, or use your Google Drive data for advertising or any purpose other than providing the import feature.

Revoking access. You can disconnect your Google Drive integration at any time from your account settings. Doing so will delete your stored refresh token. Previously imported documents will remain in your account unless you delete them.

3. Authentication, Cookies, and Local Storage

Notaker uses cookie-based authentication. When you sign in, we issue a secure, HTTP-only session cookie that identifies your session. This cookie is not accessible to JavaScript and is only transmitted over HTTPS.

We do not use tracking cookies, advertising cookies, or any cookies beyond those necessary for authentication and basic session management.

We use your browser's local storage and session storage to store lightweight application state such as user preferences and editor session information. Some of this information may be transmitted to our servers as part of normal application functionality.

4. Third-Party Services

We use the following third-party services to operate the Service:

Cloudflare R2 — Cloud object storage for user-uploaded files and document pages. Data is encrypted at rest.
Axiom — Structured application logging and request metadata. Used to monitor service health and diagnose errors.
Sentry — Frontend error tracking. Captures JavaScript errors, stack traces, and associated request context (such as IP address, browser user agent, and page URL) to help us identify and fix bugs.

These services act as data processors on our behalf and are contractually obligated to handle data securely and only for the purposes we specify. We do not sell your data to any third party.

5. Data Retention and Deletion

Your data is retained for as long as your account is active. If you request account deletion, your account will be marked for deletion. If you do not log back in within 30 days, all data associated with your account — including documents, recordings, stored files, and your Google OAuth refresh token — will be permanently and irreversibly deleted from our systems.

To request account deletion, use the account deletion option in your account settings or contact us at joshua.j.bunzel@gmail.com.

6. Data Security

We take reasonable measures to protect your information. All data is transmitted over HTTPS. Session cookies are secure and HTTP-only. Passwords are stored using a strong one-way hashing algorithm. Files are stored on Cloudflare R2, which encrypts data at rest.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to following industry best practices.

7. Children's Privacy

Notaker is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

If you have any questions or concerns about this Privacy Policy, please contact us at:

joshua.j.bunzel@gmail.com