This notice explains what personal data Axonote collects, why, how long we keep it, and what rights you have over it. Axonote is operated by Michał Madejski (Poland) — the data controller under GDPR Art. 4(7).
Data we process
- Account data — email, display name, password hash (managed by Supabase Auth). Purpose: account creation, login, account recovery.
- Licence data — tier, status, expiry, Stripe customer ID. Purpose: entitlement enforcement and billing.
- Your Content — audio recordings, transcripts, notes, categories, threads. Purpose: providing the core product features you use. Stored on your device by default; synced to our cloud only if you enable sync.
- Usage telemetry — aggregated counts (number of transcriptions, total minutes processed) tied to your account ID. Purpose: quota enforcement, billing accuracy, and abuse detection. We do not log keystrokes or transcript contents.
- Error reports — technical stack traces and environment metadata when the app crashes. Purpose: bug fixes. Sensitive fields are scrubbed before upload.
What we never do
- We never sell your data.
- We never use Your Content to train machine-learning models.
- We never log your microphone audio on our servers without an explicit recording action from you.
- We never share Your Content with advertisers, data brokers, or analytics networks.
Third-party processors
We rely on a small set of well-known infrastructure providers, each bound by their own data-processing terms:
- Supabase (EU / us-east) — authentication and synced content storage.
- Railway (EU) — backend API hosting.
- Cloudflare R2 — encrypted audio object storage.
- Groq — speech-to-text and LLM inference when you transcribe or use the agent.
- Google — Gemini embeddings and fallback LLM when you opt in.
- Stripe (Ireland / US) — payment processing for paid plans.
- Sentry — anonymised error reporting (optional, app-controlled).
Retention
- Account data is kept while your account is active and for 30 days after deletion, then purged.
- Your Content is kept while you keep it in the app; deleting a recording removes it from cloud within 7 days.
- Billing records are kept for 5 years as required by Polish tax law.
- Aggregated usage telemetry older than 12 months is rotated to anonymised form.
Your rights (GDPR)
You have the right to access, correct, export, and delete your personal data. The in-app Account panel offers one-click export and account deletion. For any other request, email privacy@axonote.ai — we respond within 30 days. You also have the right to lodge a complaint with the Polish data-protection authority (UODO, uodo.gov.pl) or the authority in your EU member state.
Account deletion
Deleting your account from Account → Delete account triggers a hard delete of your sync data (transcripts, sections, audio in R2) and anonymises your audit log entries. Your Supabase auth record is removed. Billing records we are legally required to keep are retained but segregated from other account data.
Cookies
The landing site uses only strictly-necessary cookies (session, CSRF). We do not use analytics cookies or tracking pixels. The desktop application uses local application storage only.
International transfers
Some processors (Stripe, Groq) operate in the US. Transfers rely on Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
Changes
Material changes are announced by email and in-app at least 14 days before they take effect. The effective date at the top of this page is always current.