Legal

Privacy Policy

Last updated: 5 June 2026

This policy explains what data notaru collects, why, how we protect it, and the rights you have over it. notaru is built to remove busywork — not to harvest your data. We don't sell it, and we don't use your private content to train AI models.

1. Who is responsible for your data

The data controller for notaru is Notaru AI, based in Puerto Rico, United States. For any privacy question or request, contact luka@notaru.ai.

2. What we collect

• Account data. When you sign in with Google, we receive your name, email address, and basic profile information (the email, profile, and openid scopes). We do not access your Gmail, Drive, or other Google data.
• Your content. The notes, tasks, people, events, projects, and journal entries you create in notaru.
• Technical & usage data. Basic information needed to run and secure the service — such as IP address, device/browser type, and log data.
• Billing data. Handled by Stripe, our payment processor. Stripe processes your payment details; we receive limited information such as your subscription status and the brand and last four digits of your card, but not your full card number.

3. How we use your data

• To provide notaru: authenticate you, store your content, and use AI to file, tag, and link it.
• To operate, secure, debug, and improve the service.
• To manage your subscription and provide support.
• To contact you about important changes, security, or your account.

4. AI processing of your content

notaru's core feature is that it reads your lines and structures them for you. To do this, your content is sent to a third-party AI provider that processes it on our behalf, only to provide the service to you. That provider does not use your content to train its models, and retains it only briefly for processing. We choose AI providers that contractually prohibit training on customer data and that process data in the United States or European Union.

5. Who we share data with (sub-processors)

We don't sell your data and we don't share it for advertising. We share it only with the providers that help us run notaru:

• Google — sign-in / authentication.
• Our AI provider — to process your content as described above.
• Railway — application hosting and database (United States).
• Stripe — payment processing and billing.

Each acts under agreements that require them to protect your data and use it only to provide their service to us. We'll keep this list current; email luka@notaru.ai for the latest.

6. Legal bases (GDPR)

If you're in the EEA or UK, we process your data on these bases: performance of a contract (to provide notaru you signed up for), legitimate interests (to secure and improve the service), and consent where required. You can withdraw consent at any time.

7. International transfers

notaru is hosted in the United States, and your data is processed there and, for AI processing, in the United States or European Union. Where data is transferred out of the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses.

8. Security

Your data is encrypted in transit (TLS/HTTPS) and at rest. Because notaru works by reading and structuring your content with AI, it is not end-to-end encrypted — our systems and our AI provider must be able to process your content to deliver the service. We limit access, and we never sell your content or use it to train models.

9. How long we keep it

We keep your content and account data while your account is active. If you delete content, or close your account, we delete the associated data within a reasonable period, except where we must retain limited records to comply with legal, tax, or accounting obligations.

10. Your rights

You can:

• access, correct, or delete your data;
• export your content;
• object to or restrict certain processing, and withdraw consent;
• if you're in California, exercise your CCPA/CPRA rights — including that we do not sell or share your personal information.

To exercise any right, email luka@notaru.ai. You also have the right to complain to your local data-protection authority.

11. Cookies

We use only the essential cookies needed to keep you signed in and to keep the service secure. We do not use third-party advertising or cross-site tracking cookies.

12. Children

notaru is not intended for anyone under 18, and we do not knowingly collect data from children.

13. Changes to this policy

We may update this policy as notaru evolves. If we make material changes — especially to how your content is processed — we will notify you before they take effect.

14. Contact

Privacy questions or requests: luka@notaru.ai.