Krokanti Notes
by Krokanti Software

Privacy Policy

Last updated: March 2026

Krokanti Games SL ("Krokanti", "we", "us") operates Krokanti Notes (notes.krokanti.com). This privacy policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

Data Controller

Krokanti Games SL is the data controller for your personal data. You can contact us at hello@krokanti.com for any privacy-related inquiries.

Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, profile image (provided via Krokanti Account SSO)
  • Note content: text, titles, tags, folders, and file attachments you create
  • Usage data: timestamps, IP addresses, browser type, pages visited, feature usage
  • Payment data: processed by Stripe — we never store your card details
  • Device data: device type, operating system, browser version

How We Use Your Data

We process your data for the following purposes:

  • To provide and maintain the Krokanti Notes service
  • To authenticate your identity via Krokanti Account SSO
  • To sync your notes across devices and sessions
  • To process subscription payments via Stripe
  • To send transactional emails (welcome, password reset, billing) via Brevo
  • To analyze usage and improve the service via Google Analytics 4
  • To provide customer support and respond to inquiries

Legal Basis

We process your data based on:

  • Contract performance: providing the note-taking service you signed up for
  • Consent: for optional features like analytics cookies
  • Legitimate interest: for security, fraud prevention, and service improvement
  • Legal obligation: for tax and regulatory compliance

Third-Party Services

We share data with the following trusted third parties:

  • Vercel — hosting and deployment (EU/US)
  • Neon — PostgreSQL database hosting (EU)
  • Stripe — payment processing (PCI DSS compliant)
  • Brevo — transactional email delivery
  • Google Analytics 4 — anonymous usage analytics
  • Cloudflare R2 — file and image storage
  • Tiptap — rich text editor (client-side only, no data sent)

Encryption & Security

Krokanti Notes offers client-side AES-256-GCM encryption for secure notes. Your encryption PIN never leaves your device — we cannot decrypt your secure notes. All data in transit is protected by TLS 1.3. Database connections use encrypted channels.

Data Retention

Your notes and account data are retained as long as your account is active. Trashed notes are permanently deleted after 30 days. If you delete your account, all personal data is removed within 30 days. Audit logs are retained for 90 days for security purposes.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Data portability (export your notes)
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at hello@krokanti.com or use the data export feature in your account settings.

Children's Privacy

Krokanti Notes is not intended for children under 16. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or a prominent notice in the app.

Contact Us

For privacy-related inquiries, contact us at hello@krokanti.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.