Privacy Policy

Last Updated: March 4, 2026

The short version: Your notes are yours. They are stored locally on your device. When you use sync, your data is end-to-end encrypted before it leaves your device — we cannot read it. We don't track you, profile you, or sell your data.

1. Overview

Klarinotte is a privacy-first note-taking application. This policy explains what data we collect, how we handle it, and what choices you have. We designed the app so that we know as little about you as possible.

2. Local Data Storage

By default, all your data lives exclusively on your device:

Notes, folders, tags, bookmarks, and settings are stored in your browser's IndexedDB — a local database that never leaves your device.
Attachments (images, files) are stored alongside your notes in IndexedDB.
Semantic search models and OCR processing run entirely on your device using local machine learning. No text, images, or queries are sent to any server.

We have no access to your locally stored data. If you clear your browser data or your device fails, local data may be lost — we strongly recommend using the sync feature or maintaining your own backups via export.

3. Sync & Cloud Storage

If you create an account and enable sync, your data is transmitted to our servers. Here's exactly what happens:

3.1 End-to-End Encryption

All note content, attachments, folder structures, bookmarks, and settings are encrypted on your device before upload using AES-256-GCM. The encryption key is derived from your password and never leaves your device. This means:

We cannot read your notes or attachments — ever.
Our server operators cannot decrypt your data.
If you lose your password, we cannot recover your data — there is no backdoor.

3.2 What Our Servers Store

When sync is enabled, our infrastructure stores:

Encrypted blobs — your notes and attachments in encrypted form (we cannot read them).
Encrypted metadata — sync sequence IDs, timestamps, device identifiers, and entity type labels needed for the sync protocol to function.
Account information — your email address and authentication credentials (password is never stored in plaintext; only a hashed derivative is used for authentication).

3.3 Authentication

When you create an account, your email address is stored by the Authentication server to facilitate login. We use JWT-based authentication — no session cookies are used for tracking.

4. What We Do NOT Collect

To be explicit — we do not collect or have access to:

The content of your notes
Your search queries (full-text or semantic)
Your tags, folder names, or organizational structure
Your images, attachments, or OCR-extracted text
Usage analytics, page views, click tracking, or behavioral data
Third-party tracking cookies or advertising identifiers
Device fingerprints (beyond the hashed IP in security telemetry)

5. Data Retention

Local data: Persists until you clear it, uninstall the app, or clear your browser storage. We have no control over it.
Sync data: Retained on our servers as long as your account exists. If you delete your account, your encrypted data is removed from our servers.
Security telemetry: Retained for a limited period for analysis, then purged.

6. Your Rights

You have the right to:

Export your data — at any time, in full, in standard Markdown format with attachments.
Delete your data — locally by clearing browser storage; from our servers by deleting your account.
Use the app without an account — sync is optional. The full application works without any server connection.
Know what we store — this policy tells you everything. There are no hidden data flows.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be posted with a new "Last Updated" date. Continued use of Klarinotte after changes constitutes acceptance of the updated policy.

8. Contact

For privacy-related questions or requests, please use our contact form.