Privacy Policy

1. Introduction

Welcome to AI Note Taker ("we," "our," or "us"). This Privacy Policy explains how Zora Digital collects, uses, discloses, and safeguards your information when you use our AI-powered note-taking application and related services.

By using AI Note Taker, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Note Content: The notes, titles, and categories you create and store
• Feature Requests: Your name, email, and feature suggestions you submit
• Payment Information: Processed securely through Stripe and PayPal (we do not store your payment card details)

2.2 Automatically Collected Information

• Usage Data: How you interact with our service, features used, and time spent
• Device Information: Browser type, operating system, and IP address
• Cookies: We use cookies and similar technologies to enhance your experience

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining our service
• Processing AI-powered note generation and expansion using OpenAI's services
• Processing donations and payments through Stripe and PayPal
• Improving and personalizing your experience
• Sending important updates and notifications
• Responding to your feature requests and support inquiries
• Analyzing usage patterns to improve our service
• Preventing fraud and ensuring security

4. AI Processing

When you use our AI features (note generation and content expansion), your prompts and content are sent to OpenAI's API for processing. OpenAI processes this data according to their privacy policy and data usage policies. We do not use your notes to train AI models, and OpenAI's API data retention policies apply.

5. Data Storage and Security

Your data is stored securely using industry-standard encryption. We use:

• Database: PostgreSQL with encrypted connections
• Authentication: Clerk for secure user authentication
• Hosting: Vercel with SSL/TLS encryption
• Payment Processing: PCI-compliant providers (Stripe & PayPal)

5.1 Security Measures

We implement comprehensive security measures to protect your data and transactions:

• Account Security Monitoring: Google Cross-Account Protection (RISC) monitors for suspicious activity and unauthorized access attempts
• Payment Security: All payment transactions undergo ownership verification, amount validation, and fraud detection
• Webhook Verification: Cryptographic signature verification for all payment webhooks to prevent tampering
• Transaction Limits: Enforced minimum and maximum donation amounts to prevent fraudulent transactions
• Error Sanitization: Sensitive error information is filtered to prevent information leakage
• Rate Limiting: API rate limits to prevent abuse and automated attacks
• Session Management: Secure session handling with automatic timeout

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Third-Party Services

We use the following third-party services that may collect information:

• Clerk: User authentication and management
• Google RISC (Cross-Account Protection): Monitors your account for security events and suspicious activity to protect against unauthorized access
• OpenAI: AI-powered note generation and expansion
• Stripe: Payment processing for donations
• PayPal: Alternative payment processing
• Vercel: Hosting and deployment

Each service has its own privacy policy governing how they handle your data. Google RISC helps protect your account by detecting and alerting us to security threats such as hijacking attempts, phishing, and other suspicious activities.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and data
• Export: Download your notes and data
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at inf@zora.digital

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal compliance.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our service, you consent to such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: inf@zora.digital
• Company: Zora Digital
• Jurisdiction: Illinois, United States