Hillnote Logo

Privacy & data protection • Effective June 9, 2025 • Last updated July 9, 2026

Privacy Policy

Hillnote ("us", "we", or "our") operates the Hillnote desktop and mobile applications and its optional cloud services — sync, collaboration, and publishing (together, the "Service"). This page explains how we collect, use, and handle your data when you use Hillnote. We believe in local-first, privacy-respecting productivity tools: nothing leaves your device until you turn on a feature that sends it.

1. Definitions

Service
The Hillnote text editor application and optional cloud sync service.
Personal Data
Data that can identify an individual, such as email address or username.
Usage Data
Data collected automatically related to usage of the app (e.g., sync timestamps, feature toggles).
Cookies
Small files stored on a user's device; currently not used in the desktop app.
Data Controller
The developer of Hillnote.
User
Anyone using the Hillnote app or cloud service.

2. Information we collect

Personal data (only if you opt into sync)

  • Email address (used to authenticate cloud sync)
  • Username or display name (if provided)

Local data (never collected)

Everything you keep only on your device — your documents, edit history, and settings — stays on your disk. As long as sync is off, Hillnote does not collect your document content or editing behavior at all.

Synced document content (optional)

When you turn on sync, the documents in that workspace are uploaded to our cloud storage. A note you sync without password protection is readable by the Service so that features like full-text search, AI, routines, and publishing can operate on it. A note you password-protect is end-to-end encrypted on your device before it leaves — we store only the ciphertext and cannot read it (see § 5).

Sync & activity metadata (optional)

Alongside synced content we process metadata such as last-modified time, sync success/failure, content versioning, and a per-workspace activity log recording who changed which files and when (including changes made by agents connected over MCP).

Collaboration data (optional)

If you invite people to a shared workspace, we process the email addresses you invite and each collaborator's role (e.g. editor or admin) to grant access. People you invite can read and edit the content of the workspaces you share with them, and keep their own copy on their own device.

Published content (optional)

If you publish a workspace to the web, the content you publish becomes publicly accessible at a hillnote.com address (or a custom domain you map). Comments and any details visitors submit on a published site are processed to provide that feature.

Billing data (optional)

If you buy a paid plan, our payment processor handles your payment details; we receive the subscription status and limited billing information needed to manage your account. We do not store full card numbers on our servers.

Premium model data (optional)

When using premium AI models (OpenAI, Claude, Gemini), your queries and content may be processed on their servers. This data may be used for model training according to their respective privacy policies.

3. How we use data

We use the collected data to:

  • Provide and improve sync, collaboration, and publishing
  • Run features you invoke on synced content — search, AI, routines, and triggers
  • Grant collaborators access to workspaces you share, and maintain the activity log
  • Manage your subscription and process payments through our payment processor
  • Communicate updates or bug notices
  • Analyze crash logs (anonymously, and only if you opt-in)
  • Route premium model queries to their respective services when you choose to use them

4. Data retention

Synced data is retained only as long as your account is active or as needed to provide the service. You can delete it at any time.

5. Data storage and transfers

  • All synced data is stored on Amazon Web Services (AWS), using Amazon S3 and related services, in one or more AWS regions.
  • Encryption is used in transit (HTTPS) and at rest (AES-256). Each workspace is isolated to your account and gated by authentication and role checks on every request.
  • A note you password-protect is end-to-end encrypted with a key derived from your password on your own device. That key never reaches our servers, so we cannot read those notes — we store only the encrypted envelope. Notes synced without a password are readable by the Service to power search, AI, routines, and publishing.
  • We never sell your data, and we do not share it except as described in this policy.

6. Data breach protocol

In the event of a data breach affecting synced user data, we will notify affected users via email within 72 hours.

7. Your rights

If you reside in the EU or similar jurisdictions:

  • You may request access, deletion, or correction of your data by emailing [email protected]
  • You can withdraw consent to sync at any time by disabling the sync feature in-app

8. Legal basis (GDPR)

We rely on your consent and our legitimate interest to provide and improve the sync service as the legal basis for processing data.

9. Children's privacy

Hillnote does not knowingly collect data from children under the age of 18. If you believe this has occurred, contact us to remove the data.

10. Third parties

We do not use advertising SDKs or third-party analytics libraries. We rely on a small set of sub-processors to run the Service: Amazon Web Services (AWS) hosts synced data, and a payment processor handles subscription billing. Any premium AI models you choose to use process your queries under their own privacy policies (see § 11).

11. Premium model data handling

When you choose to use premium AI models:

12. Changes to this policy

You will be notified of material changes through the app interface. Your continued use constitutes agreement to updated policies.

13. Legal jurisdiction and dispute resolution

This Privacy Policy shall be governed by the laws of India. Any disputes will be subject to the jurisdiction of courts located in Bangalore, India.

14. Contact

If you have any questions about this Privacy Policy, email [email protected].