Privacy Policy
Last Updated: August 12, 2025
Our Privacy Commitment
darkdown is built with privacy in mind. We want to be completely transparent:
- No Marketing: We never use your data for marketing or advertising
- No Selling: We never sell, rent, or trade your personal information
- Functionality Only: Third-party services are used solely to provide and improve darkdown
- Minimal Data: We collect only what's necessary to run and improve the service
- Your Control: You own your notes and can delete everything anytime
Introduction
Welcome to darkdown's Privacy Policy. darkdown ("we," "us," or "our") is committed to protecting your privacy and ensuring you understand how your information is used. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using darkdown, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Information You Provide to Us
Account Information
When you create an account, we collect:
- Email address - Used for authentication and account recovery
- Password - Securely hashed and stored by our authentication provider
- Display name - Auto-generated or customized username for your profile
Content You Create
- Notes - The markdown content you write
- Note metadata - Titles, creation dates, update timestamps
- Visibility settings - Whether each note is public or private
Information Collected Automatically
When you use darkdown, we automatically collect:
- Usage information - When you access notes, create content, or share links
- Device information - Browser type, operating system, screen size
- Log data - IP address, access times, pages viewed
Ask AI Feature
When you use the Ask AI feature:
- Your questions - The queries you submit to the AI
- Note context - Relevant portions of your notes are sent to the AI to provide contextual answers
- AI responses - The answers generated by the AI are temporarily displayed but not stored
Important: Your data is NOT used for AI training
When you use Ask AI, your notes and queries are processed by OpenAI's API to generate responses. However, OpenAI does not use customer API data to train their models. Your content remains private and is only used to provide you with immediate answers.
Information We Don't Collect
We do not collect:
- Personal information in analytics for unauthenticated users (we use privacy-focused analytics)
- Advertising identifiers or marketing profiles
- Behavioral data for advertising purposes
- Third-party cookies for tracking of unauthenticated users
How We Use Third-Party Services
We carefully selected third-party services that respect your privacy and use them ONLY for:
Essential Functionality
- Supabase: Stores your notes and handles authentication
- OpenAI: Processes Ask AI queries (only when you use the feature)
- Deepgram: Converts speech to text (only when you use voice notes)
- Stripe: Processes payments (only if you upgrade to Pro)
Service Improvement
- PostHog: Privacy-focused analytics to understand feature usage
- User ID and email for identifying unique users
- Feature usage and interaction patterns
- No cross-site tracking or advertising profiles
- Data used only to improve darkdown, never for marketing
- Sentry: Error monitoring to fix bugs quickly
- Captures technical errors and performance issues
- User ID/email used only to group errors, not for tracking
- Helps us identify and fix problems faster
Important: By signing in, you consent to this necessary data processing to provide the service.
Analytics and Privacy
We use PostHog for privacy-respecting analytics:
- What we track: Feature usage, page views, general app performance, user sessions
- User identification: We use your user ID and email to understand usage patterns per user
- What we DON'T track: Note contents, search queries, or any data for marketing purposes
- Why: To understand which features to improve and fix issues
- Your choice: Analytics only activate after you sign in (implicit consent)
How We Use Your Information
Provide and Maintain the Service
- Create and manage your account
- Store and display your notes
- Enable sharing of public notes
- Sync your content across devices
Improve the Service
- Understand how users interact with darkdown
- Fix bugs and improve performance
- Develop new features
Communicate With You
- Send important service updates
- Respond to your questions or support requests
- Notify you of changes to our policies
Legal and Safety
- Comply with legal obligations
- Protect against fraud and abuse
- Enforce our Terms of Service
How We Share Your Information
We Don't Sell Your Data
We never sell, rent, or trade your personal information to third parties.
Service Providers
We share information with service providers ONLY as necessary to operate darkdown:
- Supabase - Backend infrastructure (your notes, authentication)
- OpenAI - AI responses when you use Ask AI (not used for their training)
- PostHog - Product analytics with user ID and email for understanding usage patterns
- Sentry - Error tracking to maintain reliability
- Stripe - Payment processing for Pro subscriptions
- Deepgram - Voice transcription when you record audio
Public Content
When you make notes public:
- Anyone can view them via the shareable link
- They may appear in search results
- Other users can share links to your public notes
Legal Requirements
We may disclose information if required to:
- Comply with legal processes
- Protect our rights or property
- Prevent fraud or security issues
- Protect users' safety
Cookies and Similar Technologies
darkdown uses cookies and similar technologies for:
- Essential Cookies: Authentication and security
- Analytics Cookies: Understanding how you use darkdown (via PostHog)
- Functional Cookies: Remembering your preferences
You can control cookies through your browser settings. Note that disabling cookies may limit some functionality.
Data Storage and Security
Where Your Data is Stored
Your data is stored on servers managed by Supabase, with primary data centers in the United States. By using darkdown, you consent to the transfer and storage of your information in these locations.
Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted connections (HTTPS/TLS)
- Secure password hashing (bcrypt)
- Regular security updates
- Access controls and authentication
- Row Level Security (RLS) at the database level
No Absolute Security
While we strive to protect your information, no method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.
Data Encryption
Encryption at Rest
Your data is encrypted at rest. All user data stored in our database is automatically encrypted using industry-standard AES-256 encryption through Supabase's infrastructure (powered by AWS). This means your notes, profile information, and all other data are encrypted when stored on disk.
Encryption in Transit
All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols. This protects your information from interception while it travels across the internet.
End-to-End Encryption
darkdown does not currently offer end-to-end encryption. This means that while your data is strongly protected with encryption at rest and in transit, it's not zero-knowledge encryption. We're exploring E2EE options for future releases.
Our Security Practices
- Access to production systems is strictly limited and audited
- We only access user data when necessary for support or legal compliance
- Row Level Security (RLS) ensures users can only access their own data
- Regular security updates and vulnerability monitoring
- All infrastructure managed by trusted providers (Supabase/AWS)
Your Rights and Choices
Access and Portability
- View all your notes and account information at any time
- Export your notes in markdown format
- Access your profile settings
Update and Correction
- Edit your notes anytime
- Update your display name in settings
- Change your email address
Deletion
- Delete individual notes permanently
- Delete your entire account and all associated data
- Note: Deletion is permanent and cannot be undone
Privacy Controls
- Choose whether each note is public or private
- Control who can see your content
- Manage your account visibility
Data Retention
Active Accounts
We retain your information as long as your account is active and as needed to provide you with our services.
Specific Retention Periods
- Your notes: Until you delete them
- Analytics data: 90 days
- Error logs: 30 days
- Voice recordings: Not stored (processed in real-time)
- Payment records: As required by law (typically 7 years)
Deleted Content
- When you delete a note, it's permanently removed from our servers
- When you delete your account, all your data is permanently deleted within 30 days
- We may retain anonymized, aggregated data for service improvement
Legal Obligations
We may retain certain information longer if required by law or for legitimate business purposes.
Children's Privacy
darkdown is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If we discover we've collected data from a child under 13, we will promptly delete it.
International Data Transfers
darkdown is available globally. Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using darkdown, you consent to these transfers.
Third-Party Links
darkdown may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.
Your California Privacy Rights
If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt-out of sale (we don't sell your data)
- Right to non-discrimination
European Privacy Rights
If you're in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access your data
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent
Legal Basis for Processing (GDPR)
| Processing Activity |
Legal Basis |
| Account creation & authentication |
Contract performance |
| Storing and displaying notes |
Contract performance |
| Analytics (PostHog) |
Legitimate interests |
| Error monitoring (Sentry) |
Legitimate interests |
| AI features (OpenAI) |
Consent (when you use Ask AI) |
| Voice transcription (Deepgram) |
Consent (when you use voice) |
| Payment processing (Stripe) |
Contract (for Pro users) |
| Security and fraud prevention |
Legitimate interests |
Our Sub-processors
We carefully select third-party services that respect your privacy:
| Service |
Purpose |
Data Processed |
Location |
| Supabase |
Infrastructure |
All user data |
US |
| OpenAI |
AI features |
Queries & note context |
US |
| PostHog |
Analytics |
Usage data, user ID |
EU |
| Sentry |
Error monitoring |
Errors, user context |
US |
| Stripe |
Payments |
Payment info (Pro only) |
US |
| Deepgram |
Voice transcription |
Audio recordings |
US |
Changes to This Policy
We may update this Privacy Policy from time to time. We'll notify you of changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending an email for significant changes
Your continued use of darkdown after changes indicates acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or your data, please contact us:
Email: [email protected]
For EU residents, our Data Protection Officer can be reached at: [email protected]