Privacy & data protection • Effective June 9, 2025 • Last updated July 9, 2026
Privacy Policy
Hillnote ("us", "we", or "our") operates the Hillnote desktop and mobile applications and its optional cloud services — sync, collaboration, and publishing (together, the "Service"). This page explains how we collect, use, and handle your data when you use Hillnote. We believe in local-first, privacy-respecting productivity tools: nothing leaves your device until you turn on a feature that sends it.
1. Definitions
- Service
- The Hillnote text editor application and optional cloud sync service.
- Personal Data
- Data that can identify an individual, such as email address or username.
- Usage Data
- Data collected automatically related to usage of the app (e.g., sync timestamps, feature toggles).
- Cookies
- Small files stored on a user's device; currently not used in the desktop app.
- Data Controller
- The developer of Hillnote.
- User
- Anyone using the Hillnote app or cloud service.
2. Information we collect
Personal data (only if you opt into sync)
- Email address (used to authenticate cloud sync)
- Username or display name (if provided)
Local data (never collected)
Everything you keep only on your device — your documents, edit history, and settings — stays on your disk. As long as sync is off, Hillnote does not collect your document content or editing behavior at all.
Synced document content (optional)
When you turn on sync, the documents in that workspace are uploaded to our cloud storage. A note you sync without password protection is readable by the Service so that features like full-text search, AI, routines, and publishing can operate on it. A note you password-protect is end-to-end encrypted on your device before it leaves — we store only the ciphertext and cannot read it (see § 5).
Sync & activity metadata (optional)
Alongside synced content we process metadata such as last-modified time, sync success/failure, content versioning, and a per-workspace activity log recording who changed which files and when (including changes made by agents connected over MCP).
Collaboration data (optional)
If you invite people to a shared workspace, we process the email addresses you invite and each collaborator's role (e.g. editor or admin) to grant access. People you invite can read and edit the content of the workspaces you share with them, and keep their own copy on their own device.
Published content (optional)
If you publish a workspace to the web, the content you publish becomes publicly accessible at a hillnote.com address (or a custom domain you map). Comments and any details visitors submit on a published site are processed to provide that feature.
Billing data (optional)
If you buy a paid plan, our payment processor handles your payment details; we receive the subscription status and limited billing information needed to manage your account. We do not store full card numbers on our servers.
Premium model data (optional)
When using premium AI models (OpenAI, Claude, Gemini), your queries and content may be processed on their servers. This data may be used for model training according to their respective privacy policies.
3. How we use data
We use the collected data to:
- Provide and improve sync, collaboration, and publishing
- Run features you invoke on synced content — search, AI, routines, and triggers
- Grant collaborators access to workspaces you share, and maintain the activity log
- Manage your subscription and process payments through our payment processor
- Communicate updates or bug notices
- Analyze crash logs (anonymously, and only if you opt-in)
- Route premium model queries to their respective services when you choose to use them
4. Data retention
Synced data is retained only as long as your account is active or as needed to provide the service. You can delete it at any time.
5. Data storage and transfers
- All synced data is stored on Amazon Web Services (AWS), using Amazon S3 and related services, in one or more AWS regions.
- Encryption is used in transit (HTTPS) and at rest (AES-256). Each workspace is isolated to your account and gated by authentication and role checks on every request.
- A note you password-protect is end-to-end encrypted with a key derived from your password on your own device. That key never reaches our servers, so we cannot read those notes — we store only the encrypted envelope. Notes synced without a password are readable by the Service to power search, AI, routines, and publishing.
- We never sell your data, and we do not share it except as described in this policy.
6. Data breach protocol
In the event of a data breach affecting synced user data, we will notify affected users via email within 72 hours.
7. Your rights
If you reside in the EU or similar jurisdictions:
- You may request access, deletion, or correction of your data by emailing [email protected]
- You can withdraw consent to sync at any time by disabling the sync feature in-app
8. Legal basis (GDPR)
We rely on your consent and our legitimate interest to provide and improve the sync service as the legal basis for processing data.
9. Children's privacy
Hillnote does not knowingly collect data from children under the age of 18. If you believe this has occurred, contact us to remove the data.
10. Third parties
We do not use advertising SDKs or third-party analytics libraries. We rely on a small set of sub-processors to run the Service: Amazon Web Services (AWS) hosts synced data, and a payment processor handles subscription billing. Any premium AI models you choose to use process your queries under their own privacy policies (see § 11).
11. Premium model data handling
When you choose to use premium AI models:
- Your queries and content are sent to the respective model provider's servers
- Data may be used for model training according to each provider's privacy policy
- You can review each provider's data handling practices:
- You can choose to use only local models to keep all data on your device
12. Changes to this policy
You will be notified of material changes through the app interface. Your continued use constitutes agreement to updated policies.
13. Legal jurisdiction and dispute resolution
This Privacy Policy shall be governed by the laws of India. Any disputes will be subject to the jurisdiction of courts located in Bangalore, India.
14. Contact
If you have any questions about this Privacy Policy, email [email protected].
See also our Terms of Service, or delete your account.