Privacy Policy

Privacy Policy

NotesMate values your privacy. We make this clear in our 3 Laws of Data Protection. This Privacy Policy explains more specifically what information NotesMate Inc. collect data about you and why, what we may do with that information and how we handle your Content.

What is the Scope of This Privacy Policy?

This Privacy Policy is incorporated into the NotesMate Terms of Service and applies to the information obtained by us through your use of the Service. Capitalized terms used in this Privacy Policy and not otherwise defined shall have the meanings provided for those terms in the Terms of Service.

Will This Privacy Policy Ever Change?

As NotesMate evolves, we may need to update this Policy to keep pace with changes in the Service, our business and laws applicable to us and you; we will, however, always maintain our commitment to respect your privacy. We will post any revisions to this Policy, along with their effective date, in an easy to find area of our web site, so we recommend that you periodically check back here to stay informed of any changes. As long as you continue to use the Service, you are bound by the terms of the Privacy Policy. If you disagree with any changes to this Policy and do not wish your information to be subject to a revised Policy, you will need to close your account and/or stop using the Service.

For material changes that impact the collection, use, disclosure or retention of personal information, or for other changes where obtaining your prior consent may be required by applicable law, we will provide notice by sending you an email at the address we have on file for you prior to any changes.

Information Collection and Use

What Information Does NotesMate Collect about Me and Why?

In order to set up an account, we will ask you to input a limited amount of personal information (like email address and payment details, if you pay us), and we will also collect (though won’t save any payment details like Credit card etc.) some information in the background (like device type, operating system, etc.) as part of our efforts to understand how you and others access and use the Service. And of course we store the Content you add to your account.

Paid Access

NotesMate offers several ways for you to purchase access to select content via the NotesMate Platform: You can either pay for every content in one-go (“Direct Purchase”) to access to certain content.

Property Rights

NotesMate is owned and operated by NotesMate Inc. Read our Copyright Policies to understand how we protect the website and content uploaded by you on the website.

User Content And Penalties

You agree to adhere to the Terms of Use, Rules and Regulations regarding the User Content and Penalties of the “NotesMate Platform” and/or the “App” provided in the Terms of Use. The following are examples of user content and activities that cannot be performed on “NotesMate Platform” and/or the “App”. And any violation of the terms of Use will result in NotesMate terminating your account, and reporting such activities to law enforcement agencies, of users involved in performing the below mentioned activities that:

Promotes or design instructions to copy the content accessed on the “NotesMate Platform” and/or the “App”.

Constitutes, promotes, or provide instructions on illegal or unauthorized access or creating a copy of another users’ copyright content.

Violates or attempts to violate in any way, the copyright, privacy right, publicity rights, trademark rights, contract rights, or any other rights of any person or organization.

Shares login credentials with other users in order to allow them use of “NotesMate Platform” and/or the “App” and the contents present therein on the users’ account.

Creates, contains, distributes or promotes or provide instructions to create, promote, distribute or include password only access pages or hidden pages or images.

Obtain, or design to obtain website access of individual or organization for performing unauthorized commercial or unlawful activities, or pay/accept payments from any individual or organization to perform activities on the mobile application.

Involved in creation, promotion, and distribution of junk email, mass emailing, email stalking, spamming, etc. using the content viewed via “NotesMate Platform” and/or the “App”.

Exploits group or individual in a sexual, personal, or violent manner.

Constitutes, promotes, distributes and manages content that promotes illegal activities like making or buying of drugs, illegal weapons, violating a group, groups or individual privacy, pornography, fraud, gambling, harassment, defamation, sending of viruses or harmful files, or creating, copying, modifying, distributing, downloading, scrapping, transmitting or sharing the content, present on the mobile application fully or partially.

Creates, promotes, or displays information that creates privacy or security risk and breach to any group or individual.

Creates, destroys, modifies, or distributes instructions to harm the network, database, security technology software, hardware, affecting the “NotesMate Platform” and/or the “App” functioning.

Falsify or delete author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of content contained in a file uploaded.

Violate any applicable laws or regulations for the time being in force in or outside India.

Creating, performing or distributing instructions to implement manufactured installed copy-protect devices, or activity that involves of use of viruses, bots, worms, computer code, pirated programs, files, software, hardware, etc. that hampers, destroys or disrupts the functionality of any computer hardware or software, or permit unauthorized use or access to a computer or a computer network to interfere, damage, modify, or disrupt NotesMate’s design, icons, and other parts of NotesMate via CSS/HTML 5 or any script/media file including the access to anything hosted on 3rd party server/location under the ownership of NotesMate Inc.

Return Policy

Notes purchased at NotesMate are delivered to users instantly on the “NotesMate Platform” and/or the “App”. The buyers can access their purchased contents by going to the ‘My Notes’ tab in the account section of the “NotesMate Platform” and/or the “App” and view them using our online file viewer software.

Since the product is delivered to the user in digital format, we offer no refunds. However, if the buyer wishes to make a complaint, a claim can be filed within 24 hours of buying the product. The seller on the other hand also has to reply to the claim within 24 hours after receiving the claim. Not replying the claim can result in seller payment getting delayed. Claim request can be sent to NotesMate at notesmateapp@gmail.com

We will try to return/transfer the purchase money back to the buyer only after the claim is settled. It is very important that you read our ‘Deletion of Account after filing of complaint’ clause provided in the Terms of Use of the “NotesMate Platform” and/or the “App”.

You must officially report any infringement to NotesMate in the form of an infringement notice before taking any steps to take up the infringement case in a legal manner. You can find the notice format in our Copyright Policy.

Security Overview


NotesMate users trust us with billions of their notes and ideas. That trust is based upon us keeping that data both private and secure. The information on this page is intended to provide transparency about how we protect that data. We will continue to expand and update this information as we add new security capabilities and make security improvements to our products.

Security Program

Security Team is a dedicated department within NotesMate. Our security team's charter is protecting the data you store in our service. We drive a security program that includes the following focus areas: product security, infrastructure controls (physical and logical), policies, employee awareness, intrusion detection, and assessment activities.

The security team runs an in-house Incident Response program and provides guidance to NotesMate employees on how to report suspicious activity. Our IR team has procedures and tools in place to respond to security issues and continues to evaluate new technologies to improve our ability to detect attacks against our infrastructure, service, and employees.

We periodically assess our infrastructure and applications for vulnerabilities and remediate those that could impact the security of customer data. Our security team continually evaluates new tools to increase the coverage and depth of these assessments.

Network Security

NotesMate defines its network boundaries using a combination of load balancers, firewalls, and VPNs. We use these to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We limit who has access to our production infrastructure based on business need and strongly authenticate that access.

We protect our service against distributed denial of service (DDoS) attacks using an on-demand mitigation service.

Account Security

NotesMate never stores your password in plaintext. When we need to securely store your account password to authenticate you, we use PBKDF2 (Password Based Key Derivation Function 2) with a unique salt for each credential. We select the number of hashing iterations in a way that strikes a balance between user experience and password cracking complexity.

NotesMate offers two-step verification (2SV), also known as two-factor authentication, for all accounts. Our two-step verification mechanism is based on a time-based one-time password algorithm (TOTP). All users can generate codes locally using an application on their mobile device

Email Security

NotesMate gives you a way to create notes in your account by sending emails to a unique NotesMate email address.

When you receive an email from NotesMate, we want you to be confident that it really came from us. We publish an enforcing DMARC policy to improve your confidence that email you receive from NotesMate is legitimate. Every email we send from @NotesMate.in and @email.NotesMate.in will be cryptographically signed using DKIM and originate from an IP address we publish in our SPF record.

Product Security

Securing our Internet-facing web service is critically important to protecting your data. Our security team drives an application security program to improve code security hygiene and periodically assess our service for common application security issues including: CSRF, injection attacks (XSS, SQL), session management, URL redirection, and clickjacking.

Our web service authenticates all third party client applications using OAuth. OAuth provides a seamless way for you to connect a third party application to your account without needing to give the application your login credentials. Once you authenticate to NotesMate successfully, we return an authentication token to the client to authenticate your access from that point forward. This eliminates the need for a third party application to ever store your username and password on your device.

Every client application that talks to our service uses a well-defined thrift API for all actions. By brokering all communications through this API, we’re able to establish authorization checks as a foundational construct in the application architecture. There is no direct object access within the service and each client’s authentication token is checked upon each access to the service to ensure the client is authenticated and authorized to access a particular note or notebook. Please see dev.NotesMate.com for more information.

Customer Segregation

The NotesMate service is multi-tenant and does not segment your data from other users’ data. Your data may live on the same servers as another user’s data. We consider your data private and do not permit another user to access it unless you explicitly share it. See the Product Security section for how we enforce our authorization model for access to private and shared content.

Data Destruction

NotesMate retains your content unless you take explicit steps to delete notes and/or notebooks. Deactivating a personal account or revoking access to a business account does not automatically remove content.

For personal notes and notebooks, you can remove your content by deleting all the notes in a notebook and then deleting all the notes residing in your trash. Deleting a notebook automatically moves all the notes associated with that notebook to your trash. When a note is deleted, all references and connections to the data in that note are removed from our databases.

Media Disposal and Destruction

We never repurpose storage media for use outside our production environment if it has ever been used to store user data. We have procedures to securely destroy storage media by degaussing and physically smashing prior to disposal. Additional details can be found on our blog.

Activity Logging

The NotesMate service performs server-side logging of client interactions with our services. This includes web server access logging, as well as activity logging for actions taken through our API. These logs also include successful and unsuccessful login events. Due to the nature of our client / server architecture, we cannot reliably know whether a synced note was viewed. We do not automatically collect activity logs from our software clients. You can view the recent access times and IP addresses for each application connected to your account in the Access History section of your Account Settings.

Transport Encryption

NotesMate uses industry standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. In addition, we support HTTP Strict Transport Security (HSTS) for the NotesMate service (www.NotesMate.in). We support a mix of cipher suites and TLS protocols to provide a balance of strong encryption for browsers and clients that support it and backward compatibility for legacy clients that need it. We plan to continue improving our transport security posture to support our commitment to protecting your data.

We support STARTTLS for both inbound and outbound email. If your mail service provider supports TLS, your email will be encrypted in transit, both to and from the NotesMate service.

We operate two data centers in the US and transmit data between them using a dedicated network link that isn’t connected to the Internet. We encrypt all traffic flowing across this link using GCM-AES-128 encryption via the MACsec protocol.