Privacy Policy

Notiky (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over it.

This policy applies to the Notiky platform at notiky.com and all associated services. By using the Service, you agree to the practices described here.

Information you provide directly:

• Account data: email address, name (collected at signup via email OTP, Google OAuth, or GitHub OAuth)
• Workspace content: product decisions, brainstorm conversations, documents, specifications, hypotheses, and any other content you create in Notiky
• Onboarding data: your role, experience level, and environment preferences
• Waitlist data: email address, referral source, and position
• Communications: emails you send to our support or feedback channels

Information collected automatically:

• Usage data: pages visited, features used, actions taken, session duration
• Technical data: IP address, browser type, device type, operating system, referring URLs
• AI interaction data: prompts sent to AI features and responses (stored to provide service continuity)
• Billing data: subscription tier and usage credits consumed (payment card details are processed by our payment provider and never stored by us)

We use your data to:

• Provide, operate, and improve the Service
• Personalize your experience and remember your preferences
• Send transactional emails (account creation, waitlist confirmation, billing receipts)
• Send product updates and announcements (you can opt out at any time)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Analyze aggregate, anonymized usage patterns to improve the product

We do not use your workspace content, product decisions, or AI conversations to train AI models. Your proprietary product data is yours.

We share your data with the following services to operate the platform:

• Supabase — database and authentication infrastructure (SOC 2 Type II, data stored in US-East)
• Google Cloud / Vertex AI — AI model inference for Gemini (prompts processed under our API agreement; not used to train Google’s models)
• Anthropic / OpenAI via OpenRouter — AI model inference for Claude and GPT models (subject to respective provider data policies)
• Resend — transactional email delivery
• Polar.sh — subscription billing and payment processing
• Vercel — application hosting and edge infrastructure
• Linear — task management integration (only if you connect your Linear workspace)

We do not sell your personal data to third parties. We do not share your data with advertisers. We may share data if required by law, court order, or to protect our legal rights.

When you use AI features, your prompts and relevant context are sent to third-party AI providers for processing:

• Google Gemini (via Vertex AI): Prompts are not used to train Google’s models under our API agreement. Data processed per Google Cloud’s DPA.
• Anthropic Claude (via OpenRouter): Subject to Anthropic’s API usage policy. Prompts may be retained for safety purposes per Anthropic’s terms.
• OpenAI (via OpenRouter): Subject to OpenAI’s API data usage policies.

We recommend not including sensitive personal information, financial data, or regulated data (HIPAA, GDPR special categories) in AI prompts.

We retain your data for as long as your account is active. Upon account deletion:

• Workspace content and decisions are permanently deleted within 30 days
• Account identifiers may be retained in backup systems for up to 90 days before full purge
• Anonymized usage analytics may be retained indefinitely
• Data required by law (billing records, etc.) is retained for the legally required period

Waitlist entries are retained until the waitlist is closed or you request deletion.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request export of your workspace data in a machine-readable format
• Opt-out: Unsubscribe from marketing emails at any time via the unsubscribe link
• Restriction: Request that we restrict processing in certain circumstances

To exercise any of these rights, email romaluev@notiky.com. We will respond within 30 days.

We use session cookies to maintain authentication state. We do not use third-party advertising cookies or cross-site tracking.

We may use minimal first-party analytics to understand product usage. We do not use Google Analytics. Any analytics we use are privacy-respecting and do not fingerprint individual users across sites.

We implement industry-standard security measures including:

• All data encrypted in transit (TLS 1.2+)
• All data encrypted at rest (AES-256)
• Authentication via secure OTP and OAuth 2.0 (Google, GitHub)
• Row-level security enforced at the database layer (Supabase RLS policies)
• Regular security reviews of dependencies and infrastructure

In the event of a data breach affecting your data, we will notify you within 72 hours of becoming aware, as required by applicable law.

The Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently done so, please contact us at romaluev@notiky.com immediately.

Notiky is operated from Uzbekistan with infrastructure primarily in the United States (Supabase US-East, Vercel). By using the Service, you consent to the transfer of your data to these locations.

If you are located in the European Economic Area (EEA), we process your data on the basis of legitimate interest (to provide the contracted service) and, where required, explicit consent.

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notice at least 14 days before the changes take effect.

For privacy questions, data requests, or concerns: romaluev@notiky.com