Privacy Policy
Required ReadingAt When Notes Fly, we take your privacy seriously. This policy explains how we collect, use, store, and protect your personal information.
1. Information We Collect
When Notes Fly collects various types of information to provide you with our services, improve your experience, and maintain our platform's quality. We are transparent about what we collect and why.
Personal Information
Information you provide directly:
- Account Information: Name, email address, username, and password when you create an account or subscribe to our newsletter
- Author Information: Full credentials, professional title, institutional affiliation, biography, author photo, and contact information for contributors
- Content Submissions: Article manuscripts, research notes, citations, source materials, and any supplementary files you submit
- Payment Information: Billing address and payment details (processed securely by Stripe or PayPal - we never store full credit card numbers)
- Communication Records: Emails, messages, and correspondence with our editorial team, customer support, or other users
- Survey Responses: Feedback, opinions, and preferences you share through surveys or feedback forms
- Profile Customization: Reading preferences, saved articles, bookmarks, and personalization settings
Usage & Technical Information
Information collected automatically:
- Browsing Activity: Pages viewed, articles read, time spent on each page, scroll depth, and navigation patterns
- Engagement Metrics: Article likes, shares, comments, bookmarks, search queries, and content recommendations clicked
- Device Information: Device type, operating system, browser type and version, screen resolution, and language settings
- Network Data: IP address, geographic location (city/country level only), internet service provider, and connection type
- Referral Information: Source of traffic (search engines, social media, direct links), referring URLs, and campaign parameters
- Technical Logs: Access times, error logs, server response times, and system diagnostics for troubleshooting
- Cookie Data: Session identifiers, authentication tokens, and preference settings (see Cookie Policy below)
Information We Don't Collect
We do not collect:
- Precise geolocation data (GPS coordinates)
- Biometric information (fingerprints, facial recognition)
- Financial account details beyond payment processing
- Social Security numbers or government ID numbers
- Health or medical information
- Political opinions or religious beliefs
- Data from children under 16 years old
2. How We Use Your Information
We use the information we collect for legitimate business purposes and to enhance your experience. Here's a comprehensive breakdown:
Content Delivery & Personalization
- Article Delivery: Serving requested articles, managing your reading history, and tracking your progress through long-form content
- Personalized Recommendations: Using your reading patterns, interests, and engagement to suggest relevant articles you might find valuable
- Search Functionality: Powering our search engine to help you discover content based on your queries and preferences
- Saved Content: Maintaining your bookmarks, reading lists, and favorite authors for easy access
- Accessibility Features: Remembering your font size, contrast preferences, and other accessibility settings
- Content Formatting: Adapting article layout and presentation based on your device and preferences
Communication & Engagement
- Newsletter Distribution: Sending curated digests, new article notifications, and editorial highlights (you can unsubscribe anytime)
- Editorial Correspondence: Communicating with contributors about submissions, revisions, and publication status
- Transactional Emails: Sending account confirmations, password resets, and important service notifications
- Community Interaction: Facilitating discussions, comments, and author-reader engagement
- Customer Support: Responding to inquiries, resolving issues, and providing technical assistance
- Updates & Announcements: Informing you about site improvements, new features, and policy changes
Analytics & Improvement
- Traffic Analysis: Understanding visitor patterns, peak usage times, and popular content to optimize performance
- Content Performance: Measuring article reach, engagement rates, and reader retention to guide editorial decisions
- A/B Testing: Experimenting with layouts, features, and designs to enhance user experience
- Technical Optimization: Monitoring page load times, error rates, and system performance
- User Behavior Studies: Analyzing how readers navigate, what they search for, and where they engage most
- Conversion Tracking: Understanding subscription rates, newsletter sign-ups, and content sharing patterns
Quality Control & Editorial Standards
- Author Verification: Confirming credentials, academic affiliations, and professional qualifications of contributors
- Content Authenticity: Using AI detection tools and plagiarism checkers to ensure original, human-written content
- Fact-Checking: Verifying sources, citations, and claims made in submitted articles
- Editorial Review: Maintaining quality standards through peer review and expert evaluation
- Spam Prevention: Detecting and blocking fraudulent submissions, spam comments, and malicious activity
- Community Moderation: Enforcing guidelines, removing inappropriate content, and maintaining respectful discourse
Legal Compliance & Security
- Regulatory Compliance: Meeting obligations under GDPR, CCPA, and other privacy laws
- Copyright Protection: Enforcing intellectual property rights and responding to DMCA notices
- Fraud Prevention: Detecting unusual activity, preventing unauthorized access, and protecting against security threats
- Legal Proceedings: Responding to subpoenas, court orders, and lawful government requests when required
- Terms Enforcement: Investigating violations of our Terms of Service and taking appropriate action
- Audit & Compliance: Maintaining records for regulatory audits and compliance verification
Business Operations
- Payment Processing: Handling subscriptions, author payments, and licensing transactions
- Financial Reporting: Managing accounts, tracking revenue, and maintaining financial records
- Partnership Management: Coordinating with content partners, advertisers, and service providers
- Research & Development: Developing new features, improving algorithms, and enhancing services
- Business Analytics: Understanding market trends, reader demographics, and growth opportunities
Important: We will never sell your personal information to third parties, rent our email lists, or use your data for purposes incompatible with those disclosed in this policy without your explicit consent.
3. Data Storage & Security
Protecting your personal information is our highest priority. We implement comprehensive security measures across infrastructure, access controls, and operational procedures.
Where We Store Your Data
When Notes Fly uses secure, enterprise-grade hosting infrastructure:
- Primary Servers: Hosted on AWS (Amazon Web Services) in US-East data centers with SOC 2 Type II compliance
- Database Hosting: PostgreSQL databases on managed AWS RDS instances with automated failover
- File Storage: User-uploaded files stored on AWS S3 with versioning and lifecycle management
- CDN Distribution: Content cached globally via Cloudflare CDN for fast delivery worldwide
- Email Services: Transactional emails via SendGrid with DKIM and SPF authentication
- Analytics Data: Anonymized analytics stored separately with strict access controls
Data Retention Periods
We retain data only as long as necessary for legitimate purposes:
- Active Accounts: Data retained while your account is active and for 3 years after last login
- Published Content: Articles remain accessible indefinitely as part of our permanent archive
- Newsletter Subscribers: Email addresses kept until you unsubscribe, then deleted within 30 days
- Payment Records: Transaction history retained for 7 years to comply with tax and financial regulations
- Support Correspondence: Customer service records kept for 2 years for quality assurance
- Analytics Data: Aggregated, anonymized data retained for 26 months following Google Analytics standards
- Server Logs: Technical logs retained for 90 days for troubleshooting and security monitoring
- Backup Data: Rolling 30-day backup retention, then automatically purged
Early Deletion: You can request deletion of your data at any time (subject to legal retention requirements). We'll process requests within 30 days.
Organizational Security Measures
- Staff Training: All employees complete annual security awareness and privacy training
- Confidentiality Agreements: Every team member signs NDAs protecting user information
- Principle of Least Privilege: Staff access limited to minimum necessary for job functions
- Vendor Management: Third-party service providers vetted for security and privacy compliance
- Incident Protocols: Documented procedures for breach notification and user communication
- Regular Audits: Quarterly internal security audits and annual external assessments
4. Third-Party Services & Data Sharing
When Notes Fly works with carefully vetted third-party service providers to deliver our services. We share data only when necessary and ensure all partners meet our privacy and security standards.
Service Providers We Use
Analytics & Performance Monitoring
- Google Analytics: Website traffic analysis with IP anonymization enabled. Data used to understand visitor behavior and improve content. You can opt-out via browser settings or Google Analytics Opt-out Browser Add-on.
- Cloudflare Analytics: Server performance monitoring, DDoS protection, and CDN caching. Cloudflare processes IP addresses and HTTP headers for security purposes.
- Sentry: Error tracking and application monitoring to identify and fix technical issues quickly. Error logs are anonymized and retained for 90 days.
Communication Services
- SendGrid (by Twilio): Transactional email delivery for account notifications, password resets, and editorial correspondence. Email addresses stored securely with unsubscribe tracking.
- Mailchimp: Newsletter distribution and subscriber management. We share email addresses and engagement data only. You can unsubscribe anytime via email footer links.
- Zendesk: Customer support ticketing system. Support conversations retained for 2 years for quality assurance and training purposes.
Payment Processing
- Stripe: Credit card processing for subscriptions and payments. Stripe handles all payment data according to PCI DSS Level 1 compliance. We never see or store full credit card numbers.
- PayPal: Alternative payment method. PayPal processes payments under their own privacy policy. We receive only transaction confirmations.
Infrastructure & Hosting
- Amazon Web Services (AWS): Cloud hosting, database management, and file storage. AWS complies with SOC 2, ISO 27001, and GDPR. Data encrypted at rest and in transit.
- Cloudflare: Content Delivery Network (CDN) for fast global content delivery, DDoS protection, and SSL/TLS certificate management.
Content & Quality Tools
- Copyscape: Plagiarism detection for submitted articles. Content checked against web sources; no personal data shared.
- GPTZero / Originality.ai: AI content detection tools to verify human authorship. Text content analyzed; author identities not shared.
- Grammarly Business: Editorial proofreading and grammar checking (editor use only). Documents processed transiently; not stored by Grammarly.
Advertising & Monetization
- Google AdSense: Display advertising network that shows contextual ads based on page content and user interests. AdSense uses cookies to serve relevant ads and prevent ad fraud. You can control ad personalization via Google Ads Settings.
- Media.net: Contextual advertising network serving ads based on article topics. Uses cookies and browsing data to optimize ad relevance and performance.
- Amazon Associates: Affiliate program for product recommendations. We may earn commissions when you purchase through our affiliate links. Product suggestions are editorially relevant and clearly disclosed.
- Carbon Ads: Privacy-focused advertising for tech and design audiences. Minimal tracking with contextual ad placement based on content, not personal profiling.
When We Share Your Information
We share personal data only in specific, limited circumstances:
- Service Providers: With vendors listed above who perform services on our behalf under strict data processing agreements
- Legal Requirements: When required by law, subpoena, court order, or government regulation
- Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)
- Consent-Based: With your explicit permission for specific purposes
- Public Information: Published articles, author bios, and public comments are accessible to all visitors
- Aggregated Data: De-identified, anonymized statistics that cannot identify individual users may be shared publicly or with partners
What We Never Do
We NEVER:
- Sell your personal information to third parties for non-advertising purposes
- Rent or lease our email lists
- Share data with data brokers or marketing lists
- Use your content submissions for AI training without permission
- Track you across other websites (no cross-site tracking beyond ad networks)
- Use sensitive personal information for advertising (health, finances, beliefs)
Advertising Transparency
How Advertising Works on Our Site:
- Contextual Ads: Most ads are selected based on page content, not personal browsing history
- Third-Party Cookies: Ad networks may use cookies to measure ad effectiveness and prevent fraud
- Interest-Based Ads: Some ad partners may show ads based on your inferred interests. You can opt out via DAA Opt-Out or NAI Opt-Out
- Affiliate Disclosure: Articles may contain affiliate links. We only recommend products/services editorially relevant to the content
- Sponsored Content: Any paid partnerships or sponsored articles are clearly labeled as "Sponsored" or "Partner Content"
- Revenue Model: Advertising helps us maintain free access to quality content. Ad revenue supports writers, editors, and infrastructure
Control Your Ads: You can limit ad personalization through browser settings, ad blockers, or privacy tools. Essential site functionality will still work without ads.
Third-Party Privacy Policies: Each service provider operates under their own privacy policy. We recommend reviewing their policies: Google, Cloudflare, Stripe, Mailchimp, AWS, Media.net.
5. Your Privacy Rights
You have comprehensive rights regarding your personal data. We're committed to honoring these rights promptly and transparently.
Request a complete copy of all personal data we hold about you, including how we obtained it and who we've shared it with
Update or correct inaccurate, incomplete, or outdated information in your account or profile
Request deletion of your personal data (right to be forgotten), subject to legal retention requirements
Receive your data in a structured, machine-readable format (JSON/CSV) to transfer to another service
Object to processing of your personal data for direct marketing, profiling, or legitimate interests
Request limitation of how we process your data while disputes or verifications are pending
Not be subject to decisions based solely on automated processing without human review
File complaints with supervisory authorities if you believe your rights have been violated
Unsubscribe from newsletters and promotional emails at any time via email footer or account settings
How to Exercise Your Rights
Submit Your Request
Email privacy@whennotesfly.com with your request. Include:
- Your full name and email address associated with your account
- Specific right you wish to exercise
- Any relevant details or context
Identity Verification
We'll verify your identity to protect your data security. You may need to:
- Confirm your email address via verification link
- Answer security questions about your account
- Provide government-issued ID (for sensitive requests)
Processing & Response
We'll process your request according to these timelines:
- Acknowledgment: Within 48 hours
- Completion: Within 30 days (may extend to 60 days for complex requests)
- Updates: You'll receive status updates every 10 days
Receive Your Data or Confirmation
Depending on your request:
- Data Access: Secure download link to encrypted file
- Deletion: Confirmation email once complete
- Correction: Updated information reflected in your account
Limitations on Rights
In certain circumstances, we may be unable to fulfill your request due to:
- Legal Obligations: We must retain data to comply with tax, financial, or legal regulations (e.g., payment records for 7 years)
- Active Legal Claims: Data relevant to ongoing litigation or disputes cannot be deleted
- Fraud Prevention: Security logs and fraud prevention records must be maintained
- Published Content: Articles you've published remain in our archive but can be anonymized upon request
- Aggregated Data: Once data is anonymized and aggregated, it can't be individually extracted
If we cannot fulfill your request, we'll explain why and provide information about alternative options or appeal procedures.
Costs & Fees
No Charge: Exercising your privacy rights is free of charge for reasonable requests.
Excessive Requests: If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse the request. You'll be notified in advance if fees apply.
To exercise any of these rights, contact us at privacy@whennotesfly.com or write to our Data Protection Officer at the address listed in the GDPR section below.