11# Privacy Policy for TrustyNotes
22
3- Last updated: 12/19/2024s
3+ Last updated: 05/22/2024
44
55## Overview
66
@@ -9,16 +9,22 @@ TrustyNotes is committed to protecting your privacy. This Privacy Policy explain
99## Information Collection and Use
1010
1111### Notes and Content
12- - All notes and content you create are encrypted end-to-end using AES-GCM encryption
12+ - All notes and content you create are encrypted end-to-end using AES-GCM (Advanced Encryption Standard with Galois/Counter Mode)
1313- Encryption keys are derived from your sync code, which is never transmitted to our servers
1414- Notes are stored locally in your browser and optionally synchronized with our servers in encrypted form
1515- We cannot access, read, or decrypt your notes as we don't have access to your encryption keys
1616
17+ ### Encryption Technology
18+ - We implement quantum-resistant cryptographic methods
19+ - For key exchange, we use ML-KEM (Module-Lattice Key Encapsulation Mechanism)
20+ - ML-KEM securely generates and encapsulates a shared secret key, which is then used to derive an AES key
21+ - Data encryption is performed using AES-GCM for authenticated encryption
22+ - This hybrid approach combines quantum-resistance with high-performance encryption
23+
1724### Technical Data We Collect
1825- Basic usage analytics through Plausible Analytics (privacy-focused analytics)
1926- Sync timestamps and note metadata (without content) for synchronization purposes
2027- Error logs (without personal information) for troubleshooting
21- - Browser extension status and version information
2228
2329### Data Storage
2430- Notes are stored locally in your browser's storage
@@ -31,20 +37,14 @@ TrustyNotes is committed to protecting your privacy. This Privacy Policy explain
3137- Communication with our servers uses HTTPS encryption
3238- Notes are signed using ECDSA to verify authenticity
3339- Server access is restricted and monitored
40+ - We implement regular updates
3441
3542## Data Sharing
3643We do not share your data with third parties. Your encrypted notes are only:
3744- Stored locally on your devices
3845- Transmitted to our servers for sync purposes (if enabled)
3946- Accessible only with your sync code
4047
41- ## Browser Extension
42- The TrustyNotes browser extension:
43- - Accesses only the trustynotes.app domain
44- - Stores encrypted notes locally
45- - Communicates with the web application for synchronization
46- - Requires explicit user permission for storage and tab access
47-
4848## Your Rights
4949You have the right to:
5050- Export your notes at any time
@@ -54,8 +54,9 @@ You have the right to:
5454- Generate new sync codes
5555
5656## Data Retention
57- - Deleted notes are permanently removed after 24 hours
58- - You can manually purge deleted notes immediately
57+ - Deleted notes are permanently removed from the server immediately upon sync
58+ - You can manually purge deleted notes from your local storage at any time
59+ - All user data on the server (including encrypted notes) is automatically deleted after 180 days of inactivity (no syncing)
5960- Server logs are retained for 30 days
6061- You can delete all your notes at any time
6162
@@ -69,4 +70,4 @@ If you have any questions about this Privacy Policy, please contact us at:
6970
7071## Open Source
7172TrustyNotes is open-source software. You can review our code and security implementations at:
72- https://github.com/toolworks-dev/trusty-notes
73+ https://github.com/toolworks-dev/trusty-notes
0 commit comments