DATA PROTECTION / PRIVACY NOTICE

1.1 Introduction

Welcome to Noteastic (“we,” “us,” or “our”). We are based in Vienna, Austria, and operate primarily within the European Economic Area (EEA). Noteastic provides a digital note-taking service accessible via the Microsoft Store. We are committed to safeguarding your privacy and ensuring that your personal data is protected in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

This Privacy Notice explains how we collect, use, disclose, and protect your personal data when you use our website, mobile/desktop applications, and any other products or services we offer (collectively, the “Services”).

1.2 Data Controller

For the purposes of the GDPR, the data controller is Noteastic. If you have any questions about this Privacy Notice or our data protection practices, please contact us at:

• E-Mail: contact@noteastic.app
• Adresse: Anton-Baumgartnerstrasse 44 C8/1504, 1230 Vienna, Austria

1.3 Personal Data We Collect

1. Account Information

   • Mandatory: Name, email address (or via Google/Microsoft account sign-in).
   • Payment Information: Payment data (card details, billing address) is collected and processed by our third-party payment processor (Stripe). We do not store full card numbers on our servers.

2. Device and Usage Data

   • Regional Data: We collect your approximate location (region) for analytics.
   • Tracking & Analytics: In the app, we collect session duration, usage frequency, and feature utilization.

1.4 How We Use Your Personal Data

We use your personal data for the following purposes:

1. Service Provision and Account Management

   • To create and manage your user account, authenticate your identity, and provide our Services.
   • To process payments for subscriptions via our payment processor (Stripe).

2. Analytics and Improvements

   • To analyze how you use our Services and improve functionality, user experience, and performance.

3. Security and Fraud Prevention

   • To protect our users, systems, and databases from unauthorized access, malicious activity, or illegal behavior.

4. Legal Compliance

   • To comply with applicable legal obligations, respond to government requests, or enforce our legal rights.

1.5 Legal Bases for Processing

We process your personal data on one or more of the following legal bases under GDPR:

• Contract Performance: Processing is necessary to perform our contract with you (e.g., providing access to the Services).
• Legitimate Interests: We may process data for legitimate interests such as improving our Services, maintaining security, or preventing fraud.
• Consent: Where required by law, we will request your consent (e.g., for personal identifieable analytics or marketing).
• Legal Obligations: To comply with legal requirements (e.g., financial regulations, tax laws).

1.6 Data Sharing & International Transfers

• Third-Party Service Providers: We share data with payment processors (Stripe), analytics providers, hosting providers, or other third parties who assist in delivering our Services.
• International Transfers: Although our primary operations are within the EEA, some of our service providers may be located outside the EEA. In such cases, we ensure safeguards such as the EU Standard Contractual Clauses are in place to protect your personal data.

1.7 Data Retention

We retain your personal data as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law. Under GDPR, you have the right to request deletion of your data (see Section 1.9 below).

1.8 Children’s Privacy

Our Services are not intended for individuals under 16 years of age without parental or guardian consent. If we become aware that we have collected personal data from a child under 16 without proper authorization, we will take steps to delete that data promptly.

1.9 Your Rights Under GDPR

You have the right to:

1. Access your personal data and request a copy.
2. Rectify or update any inaccurate or incomplete data.
3. Erase or delete your personal data where permissible by law.
4. Restrict or object to certain processing of your data.
5. Port your data to another service provider where technically feasible.
6. Withdraw Consent at any time, where processing is based on consent.

To exercise these rights, please email us at privacy@noteastic.app. We will respond to your request in accordance with GDPR guidelines.

1.10 Data Security

We implement appropriate technical and organizational security measures to protect your data (e.g., encryption in transit and at rest, secure servers, strict access controls). However, no system is 100% secure, and we cannot guarantee absolute security of your data.

1.11 Updates to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will become effective upon posting the revised Notice. We encourage you to review this Notice periodically.