For material changes that impact the collection, use, disclosure or retention of personal information, or for other changes where obtaining your prior consent may be required by applicable law, we will provide notice by sending you an email at the address we have on file for you prior to any changes.
What Information Does NotesMate Collect about Me and Why?
In order to set up an account, we will ask you to input a limited amount of personal information (like email address and payment details, if you pay us), and we will also collect (though won’t save any payment details like Credit card etc.) some information in the background (like device type, operating system, etc.) as part of our efforts to understand how you and others access and use the Service. And of course we store the Content you add to your account.
NotesMate offers several ways for you to purchase access to select content via the NotesMate Platform: You can either pay for every content in one-go (“Direct Purchase”) to access to certain content.
NotesMate is owned and operated by NotesMate Inc. Read our Copyright Policies to understand how we protect the website and content uploaded by you on the website.
Promotes or design instructions to copy the content accessed on the “NotesMate Platform” and/or the “App”.
Constitutes, promotes, or provide instructions on illegal or unauthorized access or creating a copy of another users’ copyright content.
Violates or attempts to violate in any way, the copyright, privacy right, publicity rights, trademark rights, contract rights, or any other rights of any person or organization.
Shares login credentials with other users in order to allow them use of “NotesMate Platform” and/or the “App” and the contents present therein on the users’ account.
Creates, contains, distributes or promotes or provide instructions to create, promote, distribute or include password only access pages or hidden pages or images.
Obtain, or design to obtain website access of individual or organization for performing unauthorized commercial or unlawful activities, or pay/accept payments from any individual or organization to perform activities on the mobile application.
Involved in creation, promotion, and distribution of junk email, mass emailing, email stalking, spamming, etc. using the content viewed via “NotesMate Platform” and/or the “App”.
Exploits group or individual in a sexual, personal, or violent manner.
Constitutes, promotes, distributes and manages content that promotes illegal activities like making or buying of drugs, illegal weapons, violating a group, groups or individual privacy, pornography, fraud, gambling, harassment, defamation, sending of viruses or harmful files, or creating, copying, modifying, distributing, downloading, scrapping, transmitting or sharing the content, present on the mobile application fully or partially.
Creates, promotes, or displays information that creates privacy or security risk and breach to any group or individual.
Creates, destroys, modifies, or distributes instructions to harm the network, database, security technology software, hardware, affecting the “NotesMate Platform” and/or the “App” functioning.
Falsify or delete author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of content contained in a file uploaded.
Violate any applicable laws or regulations for the time being in force in or outside India.
Creating, performing or distributing instructions to implement manufactured installed copy-protect devices, or activity that involves of use of viruses, bots, worms, computer code, pirated programs, files, software, hardware, etc. that hampers, destroys or disrupts the functionality of any computer hardware or software, or permit unauthorized use or access to a computer or a computer network to interfere, damage, modify, or disrupt NotesMate’s design, icons, and other parts of NotesMate via CSS/HTML 5 or any script/media file including the access to anything hosted on 3rd party server/location under the ownership of NotesMate Inc.
Notes purchased at NotesMate are delivered to users instantly on the “NotesMate Platform” and/or the “App”. The buyers can access their purchased contents by going to the ‘My Notes’ tab in the account section of the “NotesMate Platform” and/or the “App” and view them using our online file viewer software.
Since the product is delivered to the user in digital format, we offer no refunds. However, if the buyer wishes to make a complaint, a claim can be filed within 24 hours of buying the product. The seller on the other hand also has to reply to the claim within 24 hours after receiving the claim. Not replying the claim can result in seller payment getting delayed. Claim request can be sent to NotesMate at email@example.com
You must officially report any infringement to NotesMate in the form of an infringement notice before taking any steps to take up the infringement case in a legal manner. You can find the notice format in our Copyright Policy.
NotesMate users trust us with billions of their notes and ideas. That trust is based upon us keeping that data both private and secure. The information on this page is intended to provide transparency about how we protect that data. We will continue to expand and update this information as we add new security capabilities and make security improvements to our products.
Security Team is a dedicated department within NotesMate. Our security team's charter is protecting the data you store in our service. We drive a security program that includes the following focus areas: product security, infrastructure controls (physical and logical), policies, employee awareness, intrusion detection, and assessment activities.
The security team runs an in-house Incident Response program and provides guidance to NotesMate employees on how to report suspicious activity. Our IR team has procedures and tools in place to respond to security issues and continues to evaluate new technologies to improve our ability to detect attacks against our infrastructure, service, and employees.
We periodically assess our infrastructure and applications for vulnerabilities and remediate those that could impact the security of customer data. Our security team continually evaluates new tools to increase the coverage and depth of these assessments.
NotesMate defines its network boundaries using a combination of load balancers, firewalls, and VPNs. We use these to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We limit who has access to our production infrastructure based on business need and strongly authenticate that access.
We protect our service against distributed denial of service (DDoS) attacks using an on-demand mitigation service.
NotesMate never stores your password in plaintext. When we need to securely store your account password to authenticate you, we use PBKDF2 (Password Based Key Derivation Function 2) with a unique salt for each credential. We select the number of hashing iterations in a way that strikes a balance between user experience and password cracking complexity.
NotesMate offers two-step verification (2SV), also known as two-factor authentication, for all accounts. Our two-step verification mechanism is based on a time-based one-time password algorithm (TOTP). All users can generate codes locally using an application on their mobile device
NotesMate gives you a way to create notes in your account by sending emails to a unique NotesMate email address.
When you receive an email from NotesMate, we want you to be confident that it really came from us. We publish an enforcing DMARC policy to improve your confidence that email you receive from NotesMate is legitimate. Every email we send from @NotesMate.in and @email.NotesMate.in will be cryptographically signed using DKIM and originate from an IP address we publish in our SPF record.
Securing our Internet-facing web service is critically important to protecting your data. Our security team drives an application security program to improve code security hygiene and periodically assess our service for common application security issues including: CSRF, injection attacks (XSS, SQL), session management, URL redirection, and clickjacking.
Our web service authenticates all third party client applications using OAuth. OAuth provides a seamless way for you to connect a third party application to your account without needing to give the application your login credentials. Once you authenticate to NotesMate successfully, we return an authentication token to the client to authenticate your access from that point forward. This eliminates the need for a third party application to ever store your username and password on your device.
Every client application that talks to our service uses a well-defined thrift API for all actions. By brokering all communications through this API, we’re able to establish authorization checks as a foundational construct in the application architecture. There is no direct object access within the service and each client’s authentication token is checked upon each access to the service to ensure the client is authenticated and authorized to access a particular note or notebook. Please see dev.NotesMate.com for more information.
The NotesMate service is multi-tenant and does not segment your data from other users’ data. Your data may live on the same servers as another user’s data. We consider your data private and do not permit another user to access it unless you explicitly share it. See the Product Security section for how we enforce our authorization model for access to private and shared content.
NotesMate retains your content unless you take explicit steps to delete notes and/or notebooks. Deactivating a personal account or revoking access to a business account does not automatically remove content.
For personal notes and notebooks, you can remove your content by deleting all the notes in a notebook and then deleting all the notes residing in your trash. Deleting a notebook automatically moves all the notes associated with that notebook to your trash. When a note is deleted, all references and connections to the data in that note are removed from our databases.
We never repurpose storage media for use outside our production environment if it has ever been used to store user data. We have procedures to securely destroy storage media by degaussing and physically smashing prior to disposal. Additional details can be found on our blog.
The NotesMate service performs server-side logging of client interactions with our services. This includes web server access logging, as well as activity logging for actions taken through our API. These logs also include successful and unsuccessful login events. Due to the nature of our client / server architecture, we cannot reliably know whether a synced note was viewed. We do not automatically collect activity logs from our software clients. You can view the recent access times and IP addresses for each application connected to your account in the Access History section of your Account Settings.
NotesMate uses industry standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. In addition, we support HTTP Strict Transport Security (HSTS) for the NotesMate service (www.NotesMate.in). We support a mix of cipher suites and TLS protocols to provide a balance of strong encryption for browsers and clients that support it and backward compatibility for legacy clients that need it. We plan to continue improving our transport security posture to support our commitment to protecting your data.
We support STARTTLS for both inbound and outbound email. If your mail service provider supports TLS, your email will be encrypted in transit, both to and from the NotesMate service.
We operate two data centers in the US and transmit data between them using a dedicated network link that isn’t connected to the Internet. We encrypt all traffic flowing across this link using GCM-AES-128 encryption via the MACsec protocol.