N2Inote2it

Privacy Policy

Last updated: 6/13/2026

This Privacy Policy explains how note2it ("we", "us", "our") collects, uses, discloses, and protects personal information when you visit our website or use our note-taking application (the "Service"). We handle personal information in accordance with Québec's Act respecting the protection of personal information in the private sector, as amended by Law 25, the European Union General Data Protection Regulation (GDPR) where it applies to you, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Scope of this policy

This policy covers our public website and the authenticated application. It does not cover third-party websites or services that we link to but do not control. Capitalized terms not defined here have the meaning given in our Terms of Service.

Person responsible for protecting your information

In accordance with Law 25, we have designated a person responsible for the protection of personal information (our "Privacy Officer"). This person oversees our privacy practices and handles access requests, corrections, and complaints. You can reach the Privacy Officer using the details in the Contact section below.

Personal information we collect

We collect the following categories of personal information:

  • Account information: your name, email address, and a securely hashed password when you create an account.
  • Content you create: the notebooks, sections, pages, text, tags, and media (images, files, and audio) you add to the Service. This content may itself contain personal information that you choose to include.
  • AI inputs: when you use optional AI features, the text or audio you submit for transcription, summarization, or rewriting.
  • Technical and usage information: IP address, browser and device information, log data, and security and audit records generated when you use the Service.
  • Cookies and similar technologies: described in the Cookies section below.

Please do not store personal information that you are not authorized to process.

How and why we use your information

We use personal information to provide, operate, secure, and maintain the Service; to authenticate you and protect your account, including our audit trail; to deliver features you request, such as AI transcription, summaries, sharing, import, and export; to communicate with you about your account, support, and material changes; and to comply with our legal obligations. We use your information only for the purposes identified when it is collected, for compatible purposes, or where the law otherwise permits. Where the GDPR applies, our legal bases are the performance of our contract with you, your consent for optional features such as analytics, our legitimate interests in operating and improving the Service, and compliance with legal obligations.

Artificial-intelligence features

Optional features such as meeting transcription, summaries, and text rewriting send the content you submit to a third-party AI provider, acting as our processor, to generate a result that is returned to you and stored in your notebook. These features run only when you trigger them. AI output may be inaccurate or incomplete and should be reviewed before you rely on it; it is not professional advice. This processing may take place outside Québec and Canada (see Where your information is processed). We do not use your personal information to make decisions about you based solely on automated processing.

Connected apps (AI assistants)

On plans that include it, you can connect third-party applications — such as the Claude AI assistant — to your account through an authorization screen. A connected app can read and, only if you grant it, edit your notebook content on your behalf, within the permissions you approve. Your content is shared with a connected app only at your direction, and the app's provider then processes it under its own privacy policy, which you should review; unlike the AI features above, a connected app acts on your instructions, not as our processor. For each connection we store the app's name, the permissions you granted, and an access credential in hashed form — never the credential itself. Connected-app activity on your account is recorded in our security log. You can see every connection and revoke its access at any time in the app's Settings; revocation takes effect immediately. We never connect an app to your account ourselves, and no app gains access without your explicit approval.

Cookies and similar technologies

By default our website uses only strictly necessary cookies — for example, to remember your language preference and your cookie-consent choices. We do not use advertising cookies, and we do not load analytics or marketing technologies unless you opt in through our cookie banner or "Cookie settings". If you opt in to analytics, we use Google Analytics (provided by Google), with IP anonymization, to understand how the website is used; it sets the _ga cookies, and the data may be processed outside Québec and Canada (see Where your information is processed). You can review or change your choices at any time using the "Cookie settings" link in the website footer. The authenticated application uses a small number of strictly necessary cookies and local storage to keep you signed in and to remember interface preferences.

Service providers and disclosure

We do not sell your personal information. We share it only as needed to operate the Service, with service providers acting on our behalf under contract, including:

  • Cloud hosting and infrastructure providers.
  • A database provider, to store account and content data.
  • An object-storage provider, to store uploaded media.
  • An AI provider, for the optional AI features described above.
  • An email provider, for transactional messages.

We may also disclose personal information where required by law, to protect our rights or the safety of others, or in connection with a business transaction such as a merger or sale, subject to applicable law. A current list of our service providers is available on request from our Privacy Officer.

Where your information is processed

Some of our service providers store or process personal information outside the Province of Québec, including elsewhere in Canada and in the United States. Before transferring personal information outside Québec, we assess the protection it will receive, taking into account the sensitivity of the information, the purposes of its use, the safeguards in place (including contractual clauses), and the legal framework of the destination. Where the GDPR applies, transfers outside the European Economic Area rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. Contact our Privacy Officer for more information about these safeguards.

How long we keep your information

We keep personal information only for as long as necessary to fulfil the purposes described in this policy, to provide the Service, and to meet our legal, accounting, and security obligations. Account and content data are retained while your account is active. After your account is deleted, we delete or anonymize your personal information within a reasonable period, except where retention is required by law or to establish, exercise, or defend legal claims. Backups are deleted on a rolling schedule. Specific retention periods are available on request.

How we protect your information

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, tenant isolation, and an immutable audit trail of changes. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a confidentiality incident that presents a risk of serious injury, we will take reasonable steps to reduce the risk and will notify the Commission d'accès à l'information du Québec and affected individuals as required by Law 25, and other authorities or individuals as required by applicable law.

Your rights

Subject to applicable law, you may:

  • Access the personal information we hold about you and obtain a copy.
  • Have inaccurate or incomplete information corrected.
  • Withdraw your consent to optional processing.
  • Request deletion of your personal information, or that we stop disseminating it or de-index it, where the law allows.
  • Request portability of the computerized personal information you have provided, in a structured, commonly used technological format.
  • Where the GDPR applies, object to or request restriction of certain processing.

To exercise any of these rights, contact our Privacy Officer using the details in the Contact section. We will respond within the time required by law (generally 30 days under Law 25). We may need to verify your identity first. These services are provided free of charge, subject to the limited exceptions permitted by law.

Children and minors

The Service is not directed to children. We do not knowingly collect personal information from a minor under 14 years of age without the consent of a person having parental authority, unless collecting it is clearly for the minor's benefit. If you believe a minor has provided us personal information without appropriate consent, contact our Privacy Officer and we will take appropriate steps.

Questions and complaints

If you have a question or concern about how we handle your personal information, please contact our Privacy Officer first and we will do our best to resolve it. If you are not satisfied, you may file a complaint with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca). If the GDPR applies to you, you may also lodge a complaint with your local supervisory authority. Residents of other Canadian provinces may contact the Office of the Privacy Commissioner of Canada.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after the changes take effect means you acknowledge the updated policy.

Contact and Privacy Officer

Votie Solutions Inc.

Montreal, Quebec, Canada

Vitaliano Torchia, Privacy Officer

privacy@note2it.com