← Home

Privacy Policy

Last Updated: April 11, 2026

1. Introduction

Notly ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Notly Email: legal@getnotly.com Website: https://www.getnotly.com

2. Scope and Application

This policy applies to:

  • The Notly web application (getnotly.com)
  • The Notly mobile application
  • All services provided under the Notly brand

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide services you've signed up for
  • Legitimate Interest: To improve our service and prevent fraud
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with tax, accounting, and legal requirements

4. Data We Collect

4.1 Local Tier (No Cloud Storage)

When using the Local Tier:

  • No personal data is collected or transmitted to our servers
  • All notes and tasks remain exclusively on your device
  • We do not track, access, or process your local content
  • No account registration is required

4.2 Cloud and Team Tiers

Account Information:

  • Email address (required for account creation and authentication)
  • Name (optional, for personalization)
  • Password (encrypted, never stored in plain text)

Content Data:

  • Notes, tasks, and other user-created content
  • File attachments (if uploaded)
  • Organization structure (projects, tags, etc.)

Usage Data:

  • Login timestamps and session information
  • Device type and browser information
  • IP address (for security and fraud prevention)
  • Feature usage patterns (aggregated and anonymized)

Payment Information:

  • Billing details (processed by third-party payment providers)
  • Transaction history
  • We do not store full credit card numbers

Team Tier Additional Data:

  • Team member email addresses
  • Role and permission settings
  • Collaboration activity (who edited what, when)

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service
  • Authenticate your account and prevent unauthorized access
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets, payment confirmations)
  • Respond to support requests
  • Improve service quality and develop new features
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not:

  • Sell your personal data to third parties
  • Use your notes or tasks for advertising
  • Train AI models on your private content
  • Share your data without your consent, except as described in this policy

6. Data Sharing and Third Parties

We share data only with:

Service Providers:

  • Cloud hosting provider (for data storage)
  • Email service provider (for transactional emails)
  • Payment processors (for billing)
  • Analytics providers (anonymized data only)

All third-party processors are GDPR-compliant and process data only on our instructions.

Legal Requirements: We may disclose data when required by law, court order, or to protect our rights and safety.

Business Transfers: If Notly is acquired or merged, your data may be transferred to the new entity, subject to this Privacy Policy.

7. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When we transfer data internationally:

  • We use Standard Contractual Clauses approved by the European Commission
  • We ensure adequate protection mechanisms are in place
  • We comply with GDPR requirements for international transfers

8. Data Retention

Active Accounts:

  • We retain your data for as long as your account is active
  • Content is retained to provide continuous service

Deleted Accounts:

  • Personal data is deleted within 30 days of account deletion
  • Backups may retain data for up to 90 days for disaster recovery
  • Legal and financial records are retained as required by law (typically 7 years)

Local Tier:

  • No data retention on our servers (data exists only on your device)

9. Your Rights Under GDPR

You have the right to:

Access: Request a copy of your personal data Rectification: Correct inaccurate or incomplete data Erasure: Delete your personal data ("right to be forgotten") Restriction: Limit how we process your data Portability: Receive your data in a machine-readable format Objection: Object to processing based on legitimate interests Withdraw Consent: For processing based on consent Lodge a Complaint: With your local data protection authority

To exercise these rights, contact us at privacy@getnotly.com. We will respond within 30 days.

10. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for stored data
  • Secure authentication mechanisms
  • Regular security audits and updates
  • Access controls and monitoring
  • Employee training on data protection

No system is 100% secure. We cannot guarantee absolute security but commit to reasonable measures to protect your data.

11. Cookies and Tracking

See our Cookie Policy for detailed information about cookies and tracking technologies.

Essential Cookies:

  • Authentication tokens (to keep you logged in)
  • Session management
  • Security and fraud prevention

Analytics Cookies (Optional):

  • Usage statistics (anonymized)
  • Can be disabled in settings

12. Children's Privacy

Notly is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have collected data from a child, contact us immediately for deletion.

13. Marketing Communications

With your consent, we may send:

  • Product updates and new features
  • Tips and best practices
  • Special offers (for eligible users)

You can unsubscribe at any time via the link in emails or in account settings.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

15. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

Material changes will be notified via email or in-app notification at least 30 days before taking effect.

16. Contact and Data Protection Officer

For privacy questions or to exercise your rights:

For EU users, you may also contact your local supervisory authority.

17. EU Representative

For users in the European Union, our representative for GDPR matters can be reached at eu-representative@getnotly.com.