Privacy policy
Last updated: 2026-05-27
1. Who we are
Noteloop GmbH ("we", "us") operates the website noteloop.io and the hosted product. Contact: hello@noteloop.io.
2. What we collect
- Marketing site visits: aggregated, anonymized analytics (no cookies, no third-party trackers).
- Contact form: name, email, company and message you submit. Used solely to answer your inquiry. Stored encrypted for up to 24 months.
- Hosted product: account email, password (hashed with bcrypt), team metadata and feedback submitted by your end-users (screenshots, descriptions, console & network logs, voice notes, custom data you choose to send).
- End-user feedback: the data your users submit through your installation of Noteloop. You are the data controller for that data; we are the processor.
3. Legal basis (GDPR)
- Performance of contract (Art. 6 (1) (b) GDPR) for product usage.
- Legitimate interest (Art. 6 (1) (f) GDPR) for security logs and abuse prevention.
- Consent (Art. 6 (1) (a) GDPR) for optional marketing email.
4. Where we host
EU region: Frankfurt, Germany (Hetzner). US region: Virginia (AWS). Self-hosted installations: wherever you decide. We never transfer customer data between regions without an explicit instruction.
5. Retention
Account data: deleted within 30 days of account cancellation. Backups purge within 90 days. End-user feedback you ingest is retained according to your plan and your own retention settings.
6. Your rights
You have the right to access, rectify, delete, restrict processing, object to processing and data portability. Email privacy@noteloop.io — we respond within 30 days.
7. Subprocessors
Stripe (payments), Hetzner / AWS (hosting), Postmark (transactional email), Cloudflare (CDN / WAF). Full list updated on our trust page.
8. Cookies
We use a single first-party cookie for authentication. No marketing or analytics cookies.
9. Changes
Material changes are announced 30 days in advance via email and on this page.
Template — please replace with the policy reviewed by your data protection officer.