Notebin

Privacy Policy

Last updated June 21, 2026

This Privacy Policy explains how Notebin ("Notebin", "we", "us") collects and uses information when you use notebin.net (the "Service"). If you have questions, you can reach us through the contact options provided on notebin.net.

1. Information we collect

  • Note content. The Markdown text, title, and theme of notes you create.
  • Highlights & comments. If you are signed in, the text you highlight and any notes you attach.
  • Account information (only if you sign in). We use Google Sign-In. When you sign in, Google shares your name, email address, profile picture, and Google account identifier with us. We never receive or store your Google password.
  • Technical data. Your IP address and browser user-agent, used for rate limiting and abuse prevention, plus timestamps of activity.
  • Cookies & local storage. A session cookie (nb_session) to keep you signed in, a short-lived sign-in cookie during the Google login flow, your theme preference (stored locally in your browser), and analytics cookies (see §4).

2. How we use information

  • To provide the Service — create, render, store, and share your notes.
  • To authenticate you and associate notes/highlights with your account.
  • To prevent abuse, spam, and fraud, and to enforce rate limits.
  • To understand usage and improve the Service (analytics).

3. Legal bases

Where applicable (e.g. under the GDPR/UK GDPR), we process personal data on the bases of performing our contract with you (providing the Service), our legitimate interests (security, abuse prevention, and improvement), and your consent (analytics cookies, where required).

4. Analytics & third parties

We rely on a small number of processors and do not sell your personal data:

  • Google — for Sign-In (authentication).
  • Google Analytics (GA4) — aggregate usage analytics, where enabled.
  • Microsoft Clarity — usage analytics including heatmaps/session replay, where enabled.
  • Hosting provider — our servers, which process data to operate the Service.

These providers process data under their own terms and privacy policies. Analytics may be disabled on a given deployment; when enabled, the relevant scripts load on page view.

5. Public nature of notes

Notes are unlisted — they are not indexed by search engines (we send a noindex header) and are not listed publicly, but anyone with the link can view them. Please do not put passwords, personal, or otherwise sensitive information in a note you share.

6. Data retention

  • Anonymous notes expire automatically after 30 days.
  • Account notes are kept according to your plan until you delete them or they expire.
  • Deleted notes are soft-deleted and purged after a short grace period.
  • Sessions expire after 30 days.
  • Analytics data is retained per each provider's policies.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete your notes at any time, sign out to end a session, and request account deletion through the contact options provided on notebin.net. We will respond within the period required by applicable law.

8. Security

We use industry-standard measures (HTTPS, hashed API tokens, scoped cookies). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data.

10. International transfers

Your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

11. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above and, for material changes, take additional steps where required by law.

12. Contact

For questions or requests about this policy, please use the contact options provided on notebin.net.