Privacy Policy

Last updated: December 31, 2025

Introduction

At ComfyNote, we take your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it.

Data We Collect

Account Information

When you create an account, we collect your email address and a securely hashed password. We do not store your password in plain text.

Content You Create

We store the notes, tasks, reminders, and workspaces you create in ComfyNote. This content is necessary to provide the service to you.

Usage Data

We collect basic usage data such as login times, feature usage, and error logs. This helps us improve the service and diagnose issues.

Payment Information

If you subscribe to a paid plan, we collect billing information. Payment processing is handled by secure third-party providers. We do not store your full credit card details on our servers.

How We Use Your Data

  • To provide and maintain the service
  • To notify you of changes, updates, or important information
  • To provide customer support
  • To improve our service based on usage patterns
  • To prevent fraud and ensure security

How We Protect Your Data

Encryption

All data transmitted between your device and our servers is encrypted using HTTPS (TLS). Data stored in our database is encrypted at rest.

Row-Level Security

We use row-level security (RLS) policies to ensure you can only access your own notes and workspaces you're a member of. Access to production systems is restricted to authorized personnel and logged for audit purposes.

Access Controls

Access to our production systems is restricted to authorized personnel only and is logged for audit purposes.

Data Sharing

We do not sell your data. We do not share your content with third parties for marketing purposes.

We may share limited data with service providers who help us operate ComfyNote (e.g., hosting, payment processing), but only to the extent necessary and under strict confidentiality agreements.

AI Processing (OpenAI)

When you use AI-powered features (Organize, Edit, Transcribe, OCR), your content is sent to OpenAI's API for processing. This happens only when you explicitly click an AI button—we never process your notes automatically.

OpenAI's data handling:

  • OpenAI processes your content to generate AI responses
  • OpenAI does not use your data to train their models (per OpenAI API terms)
  • OpenAI retains API data for 30 days for abuse monitoring, then deletes it
  • OpenAI's full policy: OpenAI API Data Usage

By using AI features, you acknowledge and accept that your content will be processed by OpenAI as described above.

Cookies and Sessions

We use cookies to maintain your login session and remember your preferences. These are essential for the service to function. You can control cookie settings in your browser.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, please contact us via our contact page.

Data Retention

We retain your data as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we're required to retain it for legal or regulatory reasons.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service.

Contact Us

If you have questions about this Privacy Policy, please contact us via our contact page.