← Back to Home

Privacy Policy

Last updated: January 10, 2026

Introduction

DriveNotes ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our Chrome extension.

Data We Collect

DriveNotes collects minimal data necessary for functionality:

• Google Account Email: Used for authentication via Google OAuth
• Google Drive File Metadata: File names, folder structure, and modification dates for syncing your notes
• Session Tokens: Stored securely in Cloudflare KV for authentication
• License Information: License key and activation status for paid users

How We Use Your Data

• Authentication: Your email is used to authenticate you via Google OAuth
• Note Syncing: Drive metadata is used to organize and sync your notes to your Google Drive
• License Management: License information is used to validate your subscription status

Data Storage

• Your Notes: Stored exclusively in YOUR Google Drive. We never store your note content on our servers.
• Refresh Tokens: Encrypted and stored in Cloudflare KV (Key-Value store) for secure session management
• License Keys: Stored in Cloudflare KV for license validation
• Local Storage: User preferences and cached data stored locally in your browser

Data Sharing

We do NOT:

• Sell your data to third parties
• Share your data with advertisers
• Use your data for purposes unrelated to DriveNotes functionality
• Access your note content (it stays in your Google Drive)

We only share data with:

• Google: For OAuth authentication and Drive API access
• Cloudflare: For secure token storage and worker hosting
• Lemon Squeezy: For payment processing (email and order information only)

Data Security

• All data transmission is encrypted via HTTPS
• Refresh tokens are encrypted using AES-GCM before storage
• Session tokens use HMAC-SHA256 signatures
• We follow OAuth 2.0 best practices

Your Rights

You have the right to:

• Access: View what data we store about you
• Delete: Request deletion of your data by revoking OAuth access or contacting us
• Export: Your notes are always accessible in your Google Drive
• Revoke Access: Disconnect DriveNotes from your Google account at any time via Google Account settings

Third-Party Services

• Google Drive API: For storing and syncing your notes
• Google OAuth: For secure authentication
• Cloudflare Workers & KV: For backend infrastructure and token storage
• Lemon Squeezy: For payment processing

Cookies and Tracking

DriveNotes does not use cookies or tracking scripts. We do not collect analytics or usage data.

Children's Privacy

DriveNotes is not intended for users under 13 years of age. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via the extension or our website.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

hello@drivenotes.app

Data Deletion

To delete your data:

1. Revoke DriveNotes access in your Google Account permissions
2. Uninstall the extension
3. Email us at hello@drivenotes.app to request deletion of stored tokens

Your notes will remain in your Google Drive and can be deleted manually if desired.