Privacy Policy

NoteOCR Inc. is the data controller responsible for your personal data. We are a technology company incorporated under Swiss law and headquartered in Zug, Switzerland. Our Services include an AI-powered handwriting OCR platform, a cloud-based document editor, and a developer API. If you have questions about how we handle your personal data, you may contact our data protection point of contact at support@noteocr.com. We are committed to handling your data transparently, lawfully, and with the level of care it deserves.

We use your personal data only for the purposes for which it was collected, on the following legal bases: (a) Performance of Contract, to create and manage your account, process your page credits, execute document conversions, and deliver the Services you have purchased; (b) Legitimate Interests, to prevent fraud, maintain platform security, resolve technical issues, and generate aggregated analytics that help us improve the product; (c) Legal Obligation, to comply with applicable tax, accounting, and regulatory requirements in Switzerland and the EU; (d) Consent, to send optional product updates and feature announcements by email, which you may withdraw at any time. We never sell your personal data or use it for advertising purposes. We do not share your data with data brokers, ad networks, or any third party for commercial profiling.

We use a minimal set of cookies and similar technologies to operate and improve our Services. Strictly Necessary Cookies are essential to authenticate your session and keep you logged in, these cannot be disabled. Functional Cookies remember your preferences such as language and theme. Analytics Cookies (optional) help us understand how pages are used at an aggregate level so we can improve the product. We use privacy-respecting analytics and do not deploy third-party advertising cookies or cross-site tracking pixels of any kind. You can manage your cookie preferences at any time through your browser settings or our in-platform cookie banner. Disabling optional cookies will not affect your ability to use the core Services.

We share personal data with a limited set of trusted service providers who assist us in operating our platform, and only to the extent necessary. These include: (a) Stripe, payment processing, subject to PCI-DSS compliance; (b) Google OAuth, optional sign-in authentication; (c) Cloud Infrastructure Providers, encrypted server storage and compute, available in US-East (N. Virginia), EU (Frankfurt), and APAC (Singapore) regions; (d) Email Delivery, transactional and notification email services. All third-party processors are bound by data processing agreements (DPAs) that prohibit them from using your data for any purpose other than the service they provide to us. We do not transfer personal data to third parties for marketing, profiling, or any commercial purpose beyond operating the Services.

NoteOCR is headquartered in Switzerland, which the European Commission recognises as providing an adequate level of data protection. Where we transfer personal data to service providers operating outside the EEA or Switzerland (for example, cloud infrastructure in the US or APAC), we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms to ensure that your data receives the same level of protection as it would within the EEA. You may select your preferred data processing region (EU, US, or APAC) within your account settings. By default, new accounts are assigned to the EU (Frankfurt) region.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy. Account Information is retained for the duration of your account and for up to 90 days after account closure to allow for recovery or dispute resolution, after which it is permanently deleted. Processed source files are deleted automatically upon conversion completion. Documents stored in your NoteOCR library are retained until you delete them or close your account. Payment and transaction records are retained for 7 years in compliance with Swiss and EU tax regulations. Support communications are retained for up to 3 years. Anonymised and aggregated analytics data may be retained indefinitely as it does not identify any individual.

NoteOCR is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. Users between 13 and 18 must have parental or guardian consent before using our Services, as stated in our Terms of Service. If you are a parent or guardian and believe your child has provided personal data to NoteOCR without your consent, please contact us at support@noteocr.com. We will promptly investigate and delete any such data. We do not knowingly serve personalised content or advertising to minors.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify registered users by email and update the 'Last Updated' date at the top of this page. We may also display a banner within the platform to draw attention to significant changes. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acceptance of those changes. We encourage you to review this policy periodically. Previous versions of this policy are available upon request.

If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us. We are committed to resolving all privacy-related enquiries promptly and in good faith. You also have the right to escalate unresolved concerns to a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). In the EU, you may contact the data protection authority in your member state.