Luckynote logo

Privacy policy

Your privacy is important to us, and we are committed to being transparent about how we collect, use, and protect your information. We store as little data as possible to create a great experience, and we will never store data that we don't use. This policy is intended to help you understand:

  • What information we collect from you

  • What we do with your information

  • How long we keep information

  • Our payment services

  • Third-party services we use

Your data is yours, not ours. Delete anything (or everything) whenever you'd like. We will never sell your data. Data collection and/or sale is not the kind of business we're in.

Information Gathering and Usage

When you create a Luckynote account to sync your notes across devices, we ask for basic account information like an email address and password. Your notes are stored on a central server, allowing them to be synced on your other devices. Subscribing to Luckynote Pro requires billing information, but we only use your information internally and will not share it with others.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address

  • Name (if provided)

  • Cookies and Usage Data

We may use your Personal Data to contact you through newsletters, marketing materials, or promotional materials, as well as other communication that may interest you. Opting out of these communications can be done by following the unsubscribe link or instructions provided in any sent email, or by contacting us.

Usage Data

We may collect Usage Data, including information related to how our Service is accessed and used. This data can include your computer's Internet Protocol address (IP address), browser type and version, visited pages of our Service, date and time of your visit, time spent on these pages, unique device identifiers, and diagnostic data.

Tracking & Cookies Data

We use minimal cookies and similar tracking technologies. Our authentication system uses browser localStorage (not cookies) to store your login tokens securely on your device.

We use one cookie to remember your cookie consent preference. Third-party analytics services (Google Analytics, Facebook Pixel) may set cookies only after you grant consent via our cookie banner. You can revoke this consent at any time, and refusing cookies will not affect the core functionality of our Service.

Cookies we use:

  • Consent Cookie (`luckynote_cookie`): Remembers your cookie consent preference so you don't have to see the banner every time.

  • Third-party Analytics Cookies: Google Analytics and Facebook Pixel may set cookies only after you grant consent. These are used for understanding website usage and are entirely optional.

Note: Our authentication tokens are stored in browser localStorage, not cookies, for enhanced security and privacy.

Your Information is Protected

We are fully committed to protecting your privacy. We use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit, and your files are encrypted at rest using 256-bit Advanced Encryption Standard (AES).

SSL/TLS creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

We use Amazon Web Services (AWS), Cloudinary, and Bunny.net as data storage and CDN partners. All data is encrypted at-rest in storage and in-transit to and from storage. These services are certified under significant privacy and security standards, such as the EU General Data Protection Regulation (GDPR). Learn more at https://aws.amazon.com/privacy/, https://cloudinary.com/privacy, and https://bunny.net/privacy.

How Long We Keep Information

Your information remains with Luckynote while you use our service. To delete content, move your notes to the trash, then empty it. This will eliminate the data on the server and any devices you've logged into. You can delete your account at any time through your account settings. Upon deletion, your account data will be removed from our systems within 30 days, after which point it will be entirely unrecoverable. Please note this process is irreversible.

Data Portability

In Luckynote, you can download individual files and images to use elsewhere. Our principle is simple: your data is yours, and we have no interest in getting in the way of that.

3rd Party Partners

We work with the following third-party services to provide and improve our Service:

AI Services

  • OpenRouter - We use OpenRouter to provide access to AI models (Claude, Google AI, OpenAI, xAI, etc.) for chat completions, text analysis, and content generation. This data is anonymized and is never used for model training. Learn more

  • OpenAI - We use OpenAI models (via OpenRouter or directly) to expand responses and encode user requests. This data is anonymized and is never used for model training. Learn more

  • Groq - We use Groq for fast speech-to-text transcription. Learn more

Data Storage & CDN

  • AWS - We use AWS as a data storage partner, and all data is encrypted at-rest in storage and in-transit to and from storage. AWS also handles our authentication (login, logout, signup), and so securely stores email addresses and user names to support that. Learn more

  • Cloudinary - We use Cloudinary for image processing and storage. All data is encrypted at-rest and in-transit. Learn more

  • Bunny - We use Bunny as a secure CDN to serve images at different resolutions to users that have access to see them. For example, if you save an image to Luckynote, we use Bunny to be able to serve it to you at multiple sizes on any device with minimal latency. Learn more

Email Services

  • SendGrid - We use SendGrid to deliver welcome emails to users, as well as updates about the product. You can unsubscribe to these at any time. Learn more

Analytics

  • Google Analytics - We use Google Analytics to understand usage and traffic on our public marketing site. Google also provides other basic essential functionality such as serving assets and fonts, hosting and other core utilities. The Google Analytics opt-out browser add-on allows you to prevent Google Analytics JavaScript from sharing visit activity information with Google Analytics. More information about Google's privacy practices can be found at https://policies.google.com/privacy

  • Mixpanel - We use Mixpanel to track the anonymized performance of features inside the product, to understand what is useful and what isn't in an aggregate sense. For example, "a new note was created 12,000 times this week". Learn more

Payments

We may offer paid products and/or services within our Service. In these cases, third-party services handle payment processing (e.g., payment processors).

We don't store or collect your payment card details; this information is provided directly to third-party payment processors, whose use of your personal information is governed by their Privacy Policy. These processors adhere to PCI-DSS standards managed by the PCI Security Standards Council, a collaboration between brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements ensure the secure handling of payment information.

Our payment processors:

  • Stripe - We use Stripe for web-based payment processing. Their Privacy Policy can be viewed at https://stripe.com/us/privacy

  • RevenueCat - We use RevenueCat for mobile app (iOS and Android) subscription management and payment processing. RevenueCat securely handles in-app purchases and subscription management. Their Privacy Policy can be viewed at https://www.revenuecat.com/privacy

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

🍪We use cookies to improve your site experience.