CimanoteCimanoteJoin waitlist

Privacy Policy

Cimanote | cimanote.com

Last updated: 2026-03-04

Introduction

Cimanote is a web-based note-taking application operated by Zhivko Golubovski, an individual doing business as Cimanote ("we," "us," or "our"). This Privacy Policy explains what personal information we collect when you use Cimanote, why we collect it, how we use and protect it, and what choices you have over your data.

We aim to be straightforward and transparent. If something in this document is unclear, please reach out to us at privacy@cimanote.com.

By using Cimanote (including cimanote.com and the Cimanote Chrome extension), you agree to the practices described in this policy. If you do not agree, please do not use the service.

1. Who We Are

Cimanote is built and operated by Cimanote, LLC. For privacy-related inquiries, contact us at: privacy@cimanote.com

2. Information We Collect

2.1 Account Information (via Google Sign-In)

Cimanote uses Google OAuth as its only authentication method. We do not offer username/password registration. When you sign in with Google, we receive the following from your Google account:

  • Your email address
  • Your display name
  • Your profile photo URL

We use this information solely to create and identify your Cimanote account.

2.2 Content You Create

When you use Cimanote, we store the content you create on our servers, including:

  • Notes — the text content of your notes, stored as structured JSON
  • Notebooks — organisational groupings you create
  • Tags — labels you apply to notes
  • Attachments — files you upload, such as images, PDFs, and other documents (up to 25 MB per file)

This content belongs to you. We store it so the service works as intended.

2.3 Usage and Technical Metadata

We collect certain technical information to keep the service running and to improve it:

  • Timestamps (when notes are created, modified, or synced)
  • Sync event logs
  • Subscription status (Free or Pro tier)
  • Referral codes and referral relationships (if you use our referral programme)
  • In-app notification history

2.4 Payment Information

If you subscribe to Cimanote Pro, payments are processed by Stripe. We do not store your full payment card details. Stripe provides us with a payment confirmation, your subscription status, and billing timestamps. See Section 4 for more on Stripe.

2.5 Web Clipper (Chrome Extension)

The Cimanote Chrome extension allows you to save content from web pages directly to your account. When you clip a page, the extension sends the following to Cimanote:

  • The page URL
  • The page title
  • The clip timestamp
  • The page content (full page, article extract, or your selected text — depending on your chosen clip mode)

This data is stored in your Cimanote account alongside your other notes. You are responsible for ensuring you have the right to save and store third-party content. We do not verify the copyright status of clipped material.

2.6 Error and Diagnostic Data

We use Sentry to monitor application errors. Sentry may collect anonymised stack traces, error messages, and associated user identifiers (such as your internal user ID) when the application encounters a problem. This data is used only to diagnose and fix bugs. Sentry may use session-scoped cookies for this purpose.

3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis (GDPR)
Providing the Cimanote service (storing and syncing your notes)Performance of a contract
Authenticating your identity via Google OAuthPerformance of a contract
Processing Pro subscription paymentsPerformance of a contract
Diagnosing errors and improving reliabilityLegitimate interest
Communicating service updates, security noticesLegitimate interest / contract
Administering the referral programmeLegitimate interest
Complying with legal obligationsLegal obligation

We do not:

  • Sell your personal data or note content to any third party
  • Use your note content to train AI or machine learning models
  • Display advertising of any kind
  • Share your data with third parties except as described in Section 4

4. Third-Party Services and Data Processors

To operate Cimanote, we rely on the following third-party service providers. Each processes data only as necessary to provide their respective service to us.

4.1 Supabase

Role: Database, file storage, and authentication relay.
Data processed: All user data, including account information, note content, and attachments.
Server location: United States.
More info: supabase.com/privacy

4.2 Stripe

Role: Payment processing for Cimanote Pro subscriptions.
Data processed: Billing information, payment confirmation, subscription status. Stripe retains billing records as required by law (typically 7 years).
More info: stripe.com/privacy

4.3 Vercel

Role: Frontend hosting and content delivery network (CDN).
Data processed: Web request logs (IP addresses, browser information) as part of standard CDN operation.
Server location: United States (primary).
More info: vercel.com/legal/privacy-policy

4.4 Resend

Role: Transactional email delivery.
Data processed: Name and email address submitted via the waitlist form on cimanote.com. This data is used solely to notify us of new signups and is not stored by us beyond what Resend retains as part of its email delivery logs.
Server location: United States.
More info: resend.com/privacy

4.5 Sentry

Role: Application error monitoring.
Data processed: Anonymised error reports, stack traces, and user identifiers.
More info: sentry.io/privacy

4.6 Google

Role: OAuth identity provider (sign-in only).
Data processed: Google manages your Google account credentials. We receive only your email, display name, and profile photo URL.
More info: policies.google.com/privacy

We require all third-party processors to maintain appropriate security standards and to process data only for the purposes we specify.

5. Data Storage and Security

All Cimanote data is stored in the United States on infrastructure provided by Supabase and Vercel. If you are located outside the United States, your data will be transferred to and processed in the United States. By using Cimanote, you consent to this transfer.

We take reasonable technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Database-level access controls via Supabase Row Level Security
  • Authentication handled through Google OAuth — we never store your password

No system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@cimanote.com.

6. Cookies

Cimanote uses a minimal number of cookies:

  • Session cookies — set by Supabase to maintain your authenticated session. These are necessary for the service to function. They expire when you sign out or your session ends.
  • Sentry error-tracking cookies — Sentry may set session-scoped cookies to help trace and diagnose application errors.

We do not use advertising cookies, third-party tracking cookies, or any cookies for behavioural profiling.

You can control cookies through your browser settings, but disabling session cookies will prevent you from signing in to Cimanote.

7. Data Retention

Data typeRetention period
Notes, notebooks, tags, attachmentsRetained until you delete them or close your account
Account informationRetained until account deletion
Usage metadata and sync logsRetained until account deletion
Referral and notification recordsRetained until account deletion
Stripe billing recordsRetained as required by applicable law (typically 7 years)
Sentry error logsSubject to Sentry's retention policy (typically 90 days)

On account deletion: Your notes and personal data are deleted within 30 days of your request. Encrypted database backups are purged within 90 days. Stripe billing records are retained separately in accordance with financial regulations.

8. Your Rights and Choices

8.1 All Users

Regardless of where you live, you can:

  • Access your data — sign in to Cimanote to view all your notes, notebooks, tags, and account information.
  • Export your data — export your notes in Markdown, HTML, or PDF format from within the app.
  • Delete individual notes — delete any note or attachment at any time from within the app.
  • Delete your account — request full account deletion by contacting us at privacy@cimanote.com. We will process your request within 30 days.

8.2 GDPR Rights (EEA and UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or the UK GDPR:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate personal data.
  • Right to erasure — request deletion of your personal data ("right to be forgotten").
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to restriction — request that we restrict processing of your data in certain circumstances.
  • Right to withdraw consent — where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at privacy@cimanote.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Note on legal basis: Our primary legal basis for processing your data is the performance of the contract between you and Cimanote (i.e., providing the service). Where we rely on legitimate interests, we have balanced them against your privacy rights.

Data controller: Zhivko Golubovski, trading as Cimanote, contactable at privacy@cimanote.com.

8.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, and the business purpose for collecting it.
  • Right to delete — request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@cimanote.com. We will respond within 45 days.

Categories of personal information collected: identifiers (name, email, user ID); internet/network activity (sync logs, error logs); commercial information (subscription status, billing records); and content you create (notes, attachments).

We do not sell personal information. We do not share personal information with third parties for cross-context behavioural advertising.

9. Children's Privacy

Cimanote is not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created a Cimanote account, please contact us at privacy@cimanote.com and we will delete the account promptly.

10. Links to Other Websites

Cimanote may display links to external websites (for example, in clipped content). We are not responsible for the privacy practices of those websites. This Privacy Policy applies only to Cimanote.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document and, where the changes are material, notify you by email or via an in-app notice. Continued use of Cimanote after changes are posted constitutes your acceptance of the revised policy.

12. Governing Law

This Agreement will be governed by the laws of the State of California. Any action related to or arising out of this Agreement will be subject to the exclusive jurisdiction of the state courts in San Mateo County, California or the federal district court for the Northern District of California.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Cimanote
Email: privacy@cimanote.com
Website: cimanote.com

We aim to respond to all privacy enquiries within 30 days.