# Privacy Policy

- Canonical URL: https://luckynote.io/privacy
- Markdown URL: https://luckynote.io/privacy.md
- Page Type: legal/privacy
- Description: How Luckynote collects, uses, and protects information.

Your privacy is important to Luckynote. The service states that it stores as little data as possible, does not sell user data, and allows users to delete content or accounts.

## What This Policy Covers

- What information Luckynote collects.
- What Luckynote does with that information.
- How long information is kept.
- Payment-related handling.
- Third-party services used by the product.

## Information Gathering and Usage

When a user creates an account, Luckynote asks for basic account information such as email address and password so notes can sync across devices. Paid subscriptions require billing information, but Luckynote states that it uses that information internally and does not share it with others.

## Types of Data Collected

### Personal Data

- Email address.
- Name, if provided.
- Cookies and usage data.

Luckynote may use personal data for newsletters, marketing materials, or other product communications. Users can opt out through unsubscribe links or by contacting support.

### Usage Data

Luckynote may collect IP address, browser type and version, pages visited, visit time, time spent on pages, device identifiers, and diagnostic data.

### Tracking and Cookies

Luckynote says it uses minimal cookies and stores authentication tokens in browser localStorage rather than cookies.

- **Consent cookie (`luckynote_cookie`)**: stores the user’s cookie consent preference.
- **Third-party analytics cookies**: Google Analytics and Facebook Pixel may set cookies only after consent is granted.

Refusing analytics cookies does not affect core service functionality.

## Security

Luckynote says data is protected in transit with SSL/TLS and encrypted at rest with AES. It uses AWS, Cloudinary, and Bunny.net for storage and delivery.

- AWS privacy: https://aws.amazon.com/privacy/
- Cloudinary privacy: https://cloudinary.com/privacy
- Bunny privacy: https://bunny.net/privacy

## Retention and Deletion

User information remains in Luckynote while the service is in use. Users can delete content by moving notes to trash and emptying it, and can delete their account through account settings. Luckynote states that account data is removed from its systems within 30 days after deletion and is then unrecoverable.

## Data Portability

Users can download individual files and images. Luckynote frames this as user ownership of data.

## Third-Party Services

### AI Services

- OpenRouter for access to AI models: https://openrouter.ai/privacy
- OpenAI for model access and request encoding: https://openai.com/privacy
- Groq for speech-to-text transcription: https://groq.com/privacy

### Data Storage and CDN

- AWS for storage and authentication support: https://aws.amazon.com/privacy/
- Cloudinary for image processing and storage: https://cloudinary.com/privacy
- Bunny for CDN delivery of image variants: https://bunny.net/privacy

### Email Services

- SendGrid for welcome and update emails: https://www.twilio.com/legal/privacy

### Analytics

- Google Analytics for public marketing site analytics: https://policies.google.com/privacy
- Mixpanel for anonymized feature and product usage analytics: https://mixpanel.com/legal/privacy-policy/

## Payments

Luckynote says payment card details are handled directly by third-party processors rather than stored by Luckynote.

- Stripe for web payments: https://stripe.com/us/privacy
- RevenueCat for mobile subscription management: https://www.revenuecat.com/privacy

## Policy Changes

Luckynote may update the privacy policy from time to time, with changes effective when posted on the page.