Privacy Policy

Last updated: April 2, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, username, email address, and password (stored as a secure hash). If you register with an invite code, we record which code was used and who referred you.

Content

We store the markdown documents you create, including all version history. If you enable encryption, your content is encrypted at rest using your personal encryption key.

Usage Data

We collect IP addresses and user agent strings for security purposes, including login attempts (successful and failed), API key usage, and abuse report submissions. We also track when documents were last viewed to support our content lifecycle management.

Cookies

We use essential cookies for session management and CSRF protection. We use local storage to remember your theme preference (light/dark/auto). We do not use third-party tracking cookies.

2. How We Use Your Information

• Provide the service — store and serve your documents, manage your account, process API requests.
• Security — detect unauthorized access, investigate abuse reports, enforce rate limits, and maintain audit logs of security-relevant events.
• Content moderation — process abuse reports, enforce our terms of service, and protect the community from spam and malicious content.
• Service improvement — aggregate, anonymized usage statistics to understand how the platform is used.

3. Information Sharing

We do not sell your personal information. We may share information in the following limited circumstances:

• Public content — documents you set to "public" or "unlisted" visibility are accessible to anyone with the URL.
• Legal requirements — we may disclose information if required by law, subpoena, or court order.
• Safety — we may share information to prevent fraud, abuse, or threats to safety.

4. Data Retention

• Active documents — retained as long as your account is active.
• Expired documents — automatically removed after their expiration date.
• Inactive documents — documents with no activity for an extended period may be pruned per our retention policy.
• Deleted documents — soft-deleted documents are permanently purged after a retention period.
• Audit logs — security event logs are retained for operational and compliance purposes.
• Account deletion — if you delete your account, all your documents and personal data are permanently removed.

5. Your Rights

You may:

• Access and download your documents at any time via the web interface or API.
• Update your account information in your settings.
• Delete your documents individually or request full account deletion.
• Set documents to private to restrict access to yourself only.
• Enable encryption for at-rest protection of sensitive content.

6. Security

We implement security measures including password hashing, session management, CSRF protection, optional content encryption at rest, audit logging of security events, and rate limiting. However, no method of transmission over the internet is 100% secure.

7. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email or a notice on the site.

8. Contact

For privacy-related questions or requests, contact the site administrator.