Privacy Policy

At Archie Note (also referred to as "ArchieNote", "we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web-based learning platform and services.

1. Information We Collect

1.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Email address, display name, and avatar URL when you create an account
• Profile Information: Role, subscription plan, newsletter preferences, and onboarding completion status
• User Content: Notes, notebooks, labels, quizzes, quiz attempts, chat sessions, and other content you create or upload
• Authentication Data: When you register or log in using email and password, we collect your credentials via our authentication service. When you sign in using a third-party OAuth provider (Google or Facebook), we receive your name, email address, and profile picture as provided by that provider. We do not store your OAuth provider password.
• Feedback: Content you submit through our feedback form, including feedback type and message
• Invitation Data: When you invite others to Archie Note, we collect the name and email address of the person you are inviting. By sending an invitation, you confirm you have that person's consent to share their contact information with us for the purpose of sending the invitation.

1.2 Automatically Collected Information

We automatically collect certain information when you use our Service, including:

• Usage Data: Information about how you interact with the Service, such as pages visited, features used, and time spent on each feature
• Behavioral Events: We use PostHog, a product analytics platform, to capture named behavioral events including account registration (with email address, display name, and sign-in provider), friend invitation actions, and session duration data for core features. PostHog is configured to only build user profiles for authenticated (identified) users.
• Device Information: Browser type, device type, operating system, and IP address
• Log Data: Server logs, error reports, and performance data
• Activity Data: Recent activities, quiz attempts, chat interactions, and review logs
• Session Storage: We temporarily store data (such as in-progress quiz attempt state) in your browser's sessionStorage. This data is local to your browser session and is automatically cleared when you close your browser tab.

1.3 File Uploads

When you upload files (such as PDFs or documents), we process these files to extract text and create notes. We do not permanently store your uploaded documents on our servers. Files are processed and then removed from our systems after processing is complete.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process and fulfill your requests, including creating notes, generating quizzes, and providing AI chat assistance
• Authenticate your identity and manage your account
• Track and manage your credit usage for AI features
• Send you service-related communications, including a welcome email upon registration and an onboarding email sequence (sent at days 1, 3, 7, 14, and 30 after signup) to help you get started. You can unsubscribe from the onboarding sequence at any time via the unsubscribe link included in each email.
• Respond to your inquiries, comments, and support requests. When you submit feedback, your display name, email address, and feedback content are forwarded to our internal admin for review.
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues, fraud, or security threats
• Comply with legal obligations and enforce our Terms of Service
• Send you marketing communications (with your consent, where required by law)

3. AI Services and Data Processing

3.1 AI-Powered Features

Our Service uses artificial intelligence services, including Google Generative AI (Gemini), to provide quiz generation and chat assistance features. When you use these features:

• Your notes and content may be processed by third-party AI services to generate quizzes and chat responses
• Chat conversation history is used to provide context for AI responses
• We do not use your content to train third-party AI models without your explicit consent

3.2 Credit System

We track your usage of AI features through a credit system. Credit usage data is collected to manage your subscription and feature access.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Claude via AWS Bedrock (Generative AI): For AI-powered quiz generation and chat features. Your note content and chat messages are processed through AWS Bedrock, which hosts Claude models provided by Anthropic. This data flow is covered by your AWS Customer Agreement and the AWS DPA. AWS Bedrock FAQ
• Google (OAuth): If you choose to sign in with Google, Google shares your name, email address, and profile picture with us as part of the authentication flow. Google Privacy Policy
• Facebook (OAuth): If you choose to sign in with Facebook, Facebook shares your name, email address, and profile picture with us as part of the authentication flow. Meta Privacy Policy
• Supabase (self-hosted): For user authentication and account management. Your authentication data is processed by our self-hosted Supabase instance and is not shared with external Supabase servers. Supabase Privacy Policy
• Amazon Web Services (AWS) S3: For temporary file storage during upload processing. AWS Privacy Policy
• PostHog: For product analytics and behavioral event tracking. PostHog receives usage event data including user identifiers and behavioral signals. Analytics requests are proxied through our own domain to minimize direct third-party exposure. PostHog Privacy Policy
• Amazon Web Services SES (Email): We use AWS Simple Email Service to send transactional and onboarding emails from noreply@archienote.com. Your email address is transmitted to AWS SES solely for the purpose of delivering these emails. AWS Privacy Policy
• Hosting and Infrastructure Providers: For hosting our Service and databases

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Archie Note, our users, or others.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Storage and Security

5.1 Data Storage

Your information is stored on secure servers and databases. We use industry-standard security measures to protect your data, including encryption, access controls, and regular security assessments.

5.2 File Storage

Uploaded files are processed and then removed from our systems. We do not permanently store your uploaded documents. Processed content (extracted text) may be stored as part of your notes.

5.3 Security Measures

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your account information, including display name and profile settings, through your account settings page.

6.2 Data Deletion

You may request deletion of your account and associated data by contacting us. We will delete your information in accordance with applicable law, subject to our legal obligations to retain certain data.

6.3 Content Control

You can delete, modify, or export your notes, notebooks, quizzes, and other content at any time through the Service interface.

6.4 Marketing Communications

You can opt out of marketing communications by updating your newsletter preferences in your account settings or by following the unsubscribe instructions in our emails.

6.5 Regional Rights

Depending on your location, you may have additional rights under applicable data protection laws (such as GDPR, CCPA), including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, please contact us using the information provided in the Contact section.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are small data files stored on your device. We use cookies to:

• Maintain your session and authenticate your identity
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide personalized content and features

7.1 Analytics (PostHog)

We use PostHog for product analytics. PostHog sets cookies and uses local storage to identify returning users and associate behavioral events with user sessions. The specific events we track include: account creation (sign-up), friend invitation actions, and session engagement duration on key features. PostHog analytics requests are routed through our own domain (/ingest/*) rather than directly to PostHog servers. PostHog is configured with person_profiles: identified_only, meaning user profiles are only created for authenticated (logged-in) users — anonymous pre-authentication browsing is not individually profiled.

7.2 Browser Session Storage

We use your browser's sessionStorage to temporarily hold state during active sessions (for example, in-progress quiz attempt data). This information never leaves your browser and is automatically cleared when you close the tab.

You can control cookie preferences through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

10. Data Retention

We retain different types of data for different periods depending on their purpose. The table below sets out our retention periods. When a retention period expires, data is permanently deleted or irreversibly anonymized. We may retain data beyond these periods only where required by law or to resolve an active legal dispute.

11. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party services you use, including:

• Google (AI & OAuth): Google Privacy Policy
• Meta / Facebook (OAuth): Meta Privacy Policy
• Supabase: Supabase Privacy Policy
• AWS: AWS Privacy Policy
• PostHog: PostHog Privacy Policy

12. Security Incidents and Breach Notification

12.1 What We Do in the Event of a Breach

Despite our security measures, no system is immune to incidents. In the event we become aware of a data breach that affects your personal information, we will:

• Investigate and contain the incident as quickly as possible
• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law (including GDPR Article 33)
• Notify affected users without undue delay when the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34)
• Provide clear information about what happened, what data was affected, the likely consequences, and the steps we are taking to address it

12.2 How We Notify You

We will notify you of a qualifying breach via the email address associated with your account. If you believe your account has been compromised, please contact us immediately at privacy@archienote.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

14. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in the Contact section.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to access your personal data
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us using the information provided in the Contact section.