Privacy Policy

1. Introduction

Welcome to NotaBeen. We are committed to protecting your privacy and personal data. This Privacy Policy explains our practices regarding the collection, use, and protection of your information when you use our services. Our data practices vary depending on whether you use the Hosted (Professional) service or the Self-Hosted (Open Core) version.

Last updated: October 7, 2025

2. Information We Collect

We collect and process the following types of information when you use our Hosted (Professional) Service:

• Personal Information (Hosted): Information you provide directly to us, such as your name and email address when you create an account using an OAuth provider (e.g., Google) for the hosted service.
• Google User Data (Hosted): With your explicit consent via Google OAuth, we access your Gmail inbox emails (read-only) to retrieve and prioritize them. For more details, see the dedicated section below. Note: This data is not collected for the Self-Hosted (Open Core) version.
• Usage Data (Hosted & Website): Non-personal, aggregated information related to how you use our hosted service and our website, such as features accessed and error logs. This data is collected solely to improve our services.

3. Limited Use of Your Google User Data (Hosted Professional Service Only)

This entire section applies only to users of our Hosted (Professional) service. Users of the Self-Hosted (Open Core) version are responsible for their own data handling and compliance.

NotaBeen accesses Gmail inbox emails only with user consent via Google OAuth using the `gmail.readonly` scope. We comply with Google’s strict Limited Use Policy:

• Your email content is used only for providing the core functionality of NotaBeen: prioritizing, summarizing, and displaying emails within the NotaBeen dashboard.
• We do not store, share, sell, or transfer Google user data for serving advertisements or for any non-service-related purpose.
• Access is read-only. We cannot send, delete, or modify your emails in Gmail.

4. How We Use Your Information

We use the information we collect for the following legitimate purposes:

• Service Provision: To provide and improve our Hosted (Professional) services, including displaying and prioritizing emails within our dashboard.
• Communication: To communicate with you about your account, service updates, and changes to this policy.
• Security: To ensure the security and reliability of our platform and prevent fraud.

5. GDPR, Open Core, and Your Rights

As a data processor/controller for the Hosted service, we are fully compliant with GDPR regulations. You have several rights regarding your data:

• Right to Access, Rectification, and Erasure (Hosted): You can exercise these rights directly via your Profile settings or by contacting us.
• Right to Withdraw Consent (Hosted): Revoke consent for data processing (e.g., Gmail access) at any time.
• Data Sovereignty (Open Core): If you choose to use the Self-Hosted (Open Core) version, you have complete and direct control over all data storage and processing, as the software runs entirely on your infrastructure.

For further assistance regarding the Hosted service, please contact us using the information below.

6. Data Security

We implement robust technical and organizational measures to protect your personal data used in the Hosted (Professional) service against unauthorized access, alteration, disclosure, or destruction. This includes encryption at rest and in transit, regular security audits, and strict access controls. Furthermore, our Open Coremodel allows for public scrutiny and audit of the source code, providing an additional layer of trust and transparency regarding data handling.