This Privacy Policy (hereinafter referred to as “This Policy”) aims to clarify the relevant rules for the Jotted Notebook Software (hereinafter referred to as “This Software”) for collecting, using, storing, transmitting, and disclosing users‘ personal data, protecting users‘ personal data rights and interests, and complying with international general data protection standards (including, but not limited to, the European Union‘s General Data Protection Regulation (GDPR), the Organization for Economic Co-operation (OECD) Privacy Principles), which apply to all users who use this Software. By using this Software, you are deemed to have read, understood, and agreed to all the terms of this Policy. If you have any questions, complaints, or data-related requests, please contact us at malteanu@novoparcdoi.com.
1. Definition and scope
1.1 Core Definitions
1.1.1 Personal Data: Means any information that can directly or indirectly identify a specific natural person, including but not limited to names, email addresses, device identifiers, IP addresses, note contents (such as involving personal information), usage records, etc., conforming to the requirements for the definition of personal data under the GDPR, covering various types of information that can identify a natural person.
1.1.2 Users: Means all individuals, corporations, or other organizations who download, install, register, and use the Software, whether for personal records or commercial purposes (commercial purposes require separate written authorization).
1.1.3 Data Processing: Means any operation performed on personal data, including collection, recording, storage, use, transmission, encryption, anonymization, deletion, etc., strictly in compliance with the relevant requirements of the GDPR and OECD Privacy Principles, ensuring the legality and regulatory nature of data processing.
1.2 Applicability Scope
1.2.1 This Policy applies to all functional modules of this Software, including but not limited to all service scenarios such as creating, editing, storing, backing up, synchronizing (if applicable), exporting, deleting, etc. notes, covering the entire process used by the Software.
1.2.2 This Policy does not apply to links, plug-ins, advertisements or services provided by third parties through this Software. The privacy policies for third-party services are determined solely by the third parties and are independent of this Software and the operators. Users use third-party services at their own risk.
2. Collection of Personal Data
2.1 Collecting Principles
2.1.1 Legitimacy Principles: We collect user personal data only where it is necessary to obtain the user‘s explicit consent, to fulfill legal obligations, or to realize the core functionality of the software. We do not illegally collect, steal, or coerce users to provide any data, and comply with the GDPR data processing legitimacy requirements.
2.1.2 Minimum Required Principle: Collect only the personal data necessary to implement the software functionality, do not collect redundant data that is not related to the core functionality of the software, strictly control the scope of data collection, and follow the collection limitation principles in the OECD Privacy Principles.
2.1.3 Transparency Principles: Before collecting user data, clearly inform the user of the purpose, scope, method, and purpose of the collection of user data, ensure that the user is aware and can voluntarily choose whether to provide it, ensure the user‘s right to knowledge and choice, and align with the transparency requirements of international privacy protection.
2.2 Scope and method of collection
2.2.1 Registration and Login Data: When users register and log in to this Software, the information voluntarily provided such as name, email address, password (encrypted storage), etc., is used for authentication, account management, and security verification. It is not mandatory to provide non-personal information and follows the principle of voluntary provision.
2.2.2 Usage Behavior and Content Data: Note content generated during the user‘s use of this Software (proactively created, edited by the user, with the option of local storage or cloud synchronization), note editing records, backup records, playback/view records, device information (device model, operating system, IP address, device identifier), etc., are used to optimize the software experience and ensure the security of the notes.
2.2.3 Third-party association data: If users log in to this Software through third-party platforms (such as Google, Apple, Microsoft, etc.), we will obtain user-authorized basic information (such as username, profile picture) through third-party interfaces, use it for account association, do not collect additional other data from third-party platforms, and strictly follow the privacy rules of third-party platforms.
2.2.4 Voluntary Data Provision: Users voluntarily submit feedback, complaint information, technical support requests, etc., for the purpose of responding to user needs and solving software usage problems. Users can choose not to provide such information without affecting the use of the core functionality of the software.
3. Use of Personal Data
3.1 Purpose of Use
3.1.1 Realize core functions: Used for user authentication, account login, note creation, editing, storage, backup, synchronization, export, etc., ensuring the proper operation of the software, providing users with secure and convenient memo services, meeting user recording and management needs.
3.1.2 Optimize the service experience: Analyze user usage behavior data and usage preferences, optimize the software interface, improve operational smoothness, fix software vulnerabilities, adapt to more device models, improve the user experience, and comply with the data quality principles in the OECD Privacy Principles.
3.1.3 Security Assurance: Used to prevent risks such as account theft, notebook leakage, malicious attacks, detect abnormal software use behavior, fulfill international data protection laws and regulations, and ensure the security of user accounts and notebook data.
3.2 Use Restrictions
3.2.1 Not exceeding the scope of user authorization for use of data. If the data is to be used for purposes not specified in this Policy, the user must again obtain written consent. Processing of personal data beyond the scope of authorization is strictly prohibited, in accordance with the limitation principles of GDPR purposes.
3.2.2 User personal data will not be used for any commercial advertising push, unless expressly authorized by the user, and the user can withdraw that permission at any time, immediately stop the relevant push behavior after withdrawal, and respect the user‘s discretionary choice.
3.2.3 After anonymizing the user‘s personal data, it can be used for non-identifying purposes such as software performance analysis, industry data analysis, functional optimization, etc. The anonymized data does not contain any information that can identify the user and cannot be restored as identifiable data.
4. Storage and security of personal data
4.1 Storage Specifications
4.1.1 Location of storage: User personal data (including the contents of notes) is stored on servers that comply with international data protection standards, located within the European Union, and is not stored in any region that does not comply with data protection requirements, ensuring that data storage complies with the GDPR cross-border data storage rules.
4.1.2 Storage Period: User Personal Data will be stored only for the period necessary to fulfill the purposes of use stipulated in this Policy agreement. After the period is exceeded, anonymization processing or complete deletion measures will be taken according to law to ensure that the data cannot be recovered. Those that need to be retained in special circumstances will strictly comply with the relevant legal and regulatory requirements and comply with the GDPR storage limitation principles.
4.1.3 Local Storage Description: The user‘s notes, editing records, and other data are primarily stored on the user‘s local device. They are only uploaded to the server storage after the user turns on the cloud sync feature and authorizes it. The user can turn off the cloud sync and delete server-side related data at any time, taking the initiative to store the data.
4.2 Security Measures
4.2.1 Technology Assurance: Industry-leading security technologies such as transmission encryption (SSL/TLS), storage encryption (AES-256), access control, firewalls, and intrusion detection are used to prevent user data from being leaked, tampered with, stolen, or lost. Security checks and vulnerability fixes are regularly performed on servers to ensure data integrity and confidentiality.
4.2.2 Employee Security: Implement strict permissions management and privacy training for employees who access user data, clarify job responsibilities, sign confidentiality agreements, prohibit unauthorized access, use, and disclosure of user data, conduct regular privacy awareness training and audits, and enforce data protection responsibilities.
4.2.3 Emergency Handling: Establish a well-established data security emergency response mechanism. If security events such as data leakage or loss occur, emergency plans will be immediately initiated, remedial measures will be taken to reduce user losses, and users and relevant regulatory bodies will be promptly notified according to the requirements of relevant international laws and regulations (unless prohibited by law). At the same time, investigations will be conducted in coordination with regulatory bodies.
5. Transfer and disclosure of personal data
5.1 Data Transfer
5.1.1 Data transfers are carried out only in the context of implementing software functionality, fulfilling legal obligations, or obtaining explicit consent from the user. Encryption techniques are used during the transfer to ensure the security of the data transfer and comply with the requirements related to cross-border data flows in the OECD Privacy Principles.
5.1.2 If the transfer of user data to a region outside the EU is required, it will ensure that the region has the same level of data protection as the EU GDPR, or obtain the explicit written consent of the user and sign a data transfer agreement, take the necessary security measures to ensure compliance with the data transfer.
5.2 Data Disclosure
5.2.1 Do not disclose the user‘s personal data to any third party at will, except with the explicit written consent of the user, strictly prohibit the sale, rental, or loan of the user‘s data to any third party, in accordance with the Data Use Limitation Principles.
5.2.2 Those who need to disclose user data due to the requirements of laws, regulations, judicial authorities or regulatory bodies will comply with disclosure obligations according to law and, to the extent permitted by law, promptly notify users and provide relevant disclosure grounds.
5.2.3 When disclosing data to a third-party partner providing technical support, server hosting, cloud storage, etc. services for this Software, a strict Privacy Protection Agreement and Data Processing Agreement (DPA) will be signed, requiring the third party to comply with this Policy and international data protection rules, not to use, disclose, or alter user data without authorization, and to regularly audit the compliance of the third party.
6. Users‘ rights
6.1 Data Access Rights: Users have the right to access their personal data at any time, inquire about the collection, use, storage, and disclosure of the data, and exercise the data subject‘s right to be informed by submitting access requests through in-software features or by contacting malteanu@novoparcdoi.com.
6.1.1 After a user submits an access request, we will respond within 15 business days by providing the user with the required copy of personal data (compliant with international data protection regulations), without charging any unreasonable fees.
6.2 Data Correction Right: If users discover that their personal data is incorrect or incomplete and have the right to request correction, we will complete the correction within 3 working days after verification and notify users through the contact details reserved by users to ensure the accuracy of the data.
6.3 Data Deletion Right: Users have the right to request the deletion of their personal data, and we will complete the deletion within 15 working days if the following conditions are met: the data is no longer needed for use, the user withdraws consent, the software stops providing related services, the user logs out of the account, etc., and implements the requirements related to the GDPR “right to be forgotten”.
6.3.1 Upon data deletion, the associated backup data will be completely deleted within 30 business days and cannot be recovered; anonymized data is not subject to deletion rights, and deletion behavior does not affect the legitimacy of data processing that was completed before withdrawal.
6.4 Right to withdraw consent: Users have the right to withdraw their consent to data collection, use, and disclosure at any time, and upon withdrawal of consent, we will stop the related data processing activities without affecting the use of the core functionality of the software, nor without affecting the legality of the data processing that was completed before withdrawal.
6.5 Complaints and Claims Rights: Users who believe their data rights have been infringed can lodge complaints and complaints through the contact email stipulated in this Policy. We will process and report the results within 10 working days. Users who are dissatisfied with the processing results can lodge a complaint with the relevant international data protection regulator.
7. Third-party service descriptions
7.1 Relation to Third-Party Services
7.1.1 The Software may contain links, plug-ins, or services provided by third parties (such as third-party logins, cloud storage services, advertising services, etc.), and the privacy policies and usage rules for third-party services are independently established by the third parties, independent of the Software and its operators.
7.1.2 When users use third-party services, they must comply with the third-party‘s privacy policies and usage rules. The third-party is solely responsible for the collection and use of user data by the third-party, and this Software does not assume any related responsibility, nor does it intervene in privacy disputes between the third-party and users.
7.2 Third-party data management
7.2.1 We only provide third parties with the minimum amount of data necessary to achieve the Services, do not provide user data beyond the needs of the Services, and sign strict privacy protection agreements with third parties, clarify both parties‘ data protection responsibilities, and follow the data minimization principles.
7.2.2 If third parties engage in unlawful collection and use of user data, users may complain to the third parties and notify us that we will urge the third parties to make corrections in accordance with the agreement agreement and terminate cooperation with such third parties when necessary to ensure the security of user data.
8. Policy Updates and Dispute Resolution
8.1 Policy Updates
8.1.1 This Policy will be updated on a timely basis based on changes in international data protection laws and regulations, upgrades to software functionality, and updates to industry standards. Updates will then be published in prominent locations of the software (such as the login page, settings page), and will take effect immediately after the expiration of the notice period, ensuring the compliance and applicability of the Policy.
8.1.2 If a Policy update involves changes to users‘ core interests, we will notify users through email, software push, etc., that users continue to use this Software, which is considered to agree to the updated Policy; if users do not agree to the updated Policy, they can stop using this Software and apply to sign out their account.
8.2 Dispute Resolution
8.2.1 Disputes arising from or related to this Policy should first be resolved through friendly negotiation; if negotiation fails, either party has the right to file a lawsuit in the courts with jurisdiction where the software operating body resides, and the international common law guidelines apply.
8.2.2 The interpretation and enforcement of this Policy are governed by the International Common Data Protection Code, and if a provision of this Policy is deemed invalid or unenforceable, it does not affect the legal validity of other provisions.
8.3 Contact information
8.3.1 If you have any questions, complaints, complaints about this Policy, or need to exercise data-related rights (access, correction, deletion of data), or log out of your account, please email malteanu@novoparcdoi.com and we will respond to you within 10 business days.