Legal

Privacy Policy

Last updated: 27 May 2026 · Qynte Pty Ltd · Australia

Qynte Pty Ltd ("Qynte", "we") operates NotePlus from Australia. This policy explains what data we collect, why, who we share it with, and your choices. We're committed to handling your data in line with the Australian Privacy Principles, and, where applicable, the EU/UK GDPR.

1. What we collect

Account data: name, email, password (hashed), avatar, role (student / parent), grade, board / syllabus, country, school, language. Some of this is optional and lives only on your account.

Your content: notes, files (PDF, docs, images, audio you upload), generated quizzes, flashcards, mock exams, study plans, AI-tutor conversations.

Usage data: sessions, streak activity, XP earned, quiz attempts and answers, flashcard reviews, time spent in features, device + browser metadata, IP address, pages visited.

Billing data: plan, billing period, invoices, payment status. We never see your card number — Stripe processes payments and we only store a customer / subscription reference plus the last 4 digits of the card.

Communications: emails you send to support, in-app messages between you and friends or study-group members.

2. Why we use it

  • To run the Service. Generate AI content from your notes, render the dashboard, run spaced repetition, track streaks, deliver notifications.
  • To improve learning outcomes. Aggregate usage shapes recommendations and product changes. We don't train third-party AI models on your private content.
  • To bill paid plans. Stripe receives the minimum data needed to process payments.
  • To keep accounts safe. Rate-limiting, fraud signals, audit logs.
  • To comply with the law. Tax invoicing, valid legal requests.

3. AI providers

To produce AI summaries, quizzes, flashcards, and tutor replies we send the relevant slice of your content to a third-party AI model (currently OpenAI, with the possibility of other providers in future). We use API endpoints that have data-retention controls in line with our supplier's enterprise terms. The AI provider does not use your data to train its public models.

4. Children & guardians

NotePlus is designed for students aged 13+ with parental consent where required by local law. Parent / guardian accounts only ever see read-only views of progress (streak, study plan, exam countdown) for students who explicitly approve the link. Parents never see private notes, AI-tutor chats, or messages.

5. Sharing

We don't sell personal data. We share it only with:

  • Infrastructure providers (hosting on AWS in Asia-Pacific (Singapore), email transit via your configured SMTP, file storage).
  • Payment processor (Stripe) for billing.
  • AI providers for the slice of content you've asked us to process.
  • Authorities when required by valid legal process — and we'll resist over-broad requests.
  • People you choose to share with through features in the Service: friends, study groups, parent linkup, public profile, shared resources.

6. Where your data lives

NotePlus runs primarily in AWS Asia-Pacific (Singapore). Some sub-processors (AI providers, Stripe, email senders) operate in the United States, EU, and other regions. We use standard contractual clauses or equivalent safeguards where personal data crosses borders.

7. How long we keep it

Account + content data is kept while your account is active. After you delete your account we remove your content within 30 days. Backups roll out within 90 days. Billing records are retained for 7 years to meet Australian tax law.

8. Your choices

  • See or export your data. Ask any time at contact@noteplus.io and we'll provide a copy.
  • Correct it. Edit most fields directly in the app; ask us for anything you can't change yourself.
  • Delete your account. From Account settings, or by emailing us.
  • Opt out of marketing emails. Use the unsubscribe link in any email, or turn off engagement emails in profile settings. We still send essential account / billing emails.
  • Cookie preferences. See the Cookie Policy.

9. Security

We use TLS in transit, encryption at rest for sensitive secrets (Stripe / SMTP credentials), bcrypt for passwords, JWT + CSRF for sessions, per-IP rate-limiting on auth endpoints, and access logs. No system is perfectly secure — please tell us right away at contact@noteplus.io if you notice anything wrong.

10. Changes

We may update this policy from time to time. For material changes we'll email you at least 14 days before they take effect.

11. Contact

Privacy questions, requests, or complaints: contact@noteplus.io.

If you're not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.