Privacy Policy
Last updated: June 15, 2026
This policy explains what data Notewell ("we," "us") collects and why. The short version: Notewell is built to keep your data on your own device.
The short version. Your AI key, the posts Notewell reads, and the replies it writes stay in your browser — they are never sent to or stored on our servers. We only hold what's needed to run your subscription: your email, license key, and an anonymous device id.
1. What we collect
- Billing details — your email and subscription status. Payments are handled by our merchant of record, Lemon Squeezy; we never receive or store your full card number.
- License data — your license key and an anonymous, randomly generated device id, used to activate your subscription and enforce device limits.
- Support communications — if you email us, we keep that correspondence to help you.
- Basic website analytics — aggregate, non-identifying visit data on our website (if enabled). The extension itself contains no third-party trackers.
2. What we do NOT collect
- Your AI API key — stored only in your browser's local storage; never transmitted to us.
- The posts you read or the replies Notewell writes — processed locally in your browser and sent only to your own AI provider to generate a draft. We never see, store, or have access to this content.
- Your Substack login, password, cookies, or session — Notewell operates inside your existing logged-in browser session; we never receive your credentials.
- Your browsing history or activity on other sites.
3. How we use what we collect
- To activate and validate your license and enforce device limits.
- To process billing, trials, renewals, and cancellations (via Lemon Squeezy).
- To provide support and send essential service or billing notices.
4. Third parties
Notewell relies on a small number of providers, each with their own privacy practices:
- Lemon Squeezy — payments and merchant-of-record services (handles your billing data).
- Your chosen AI provider (e.g. OpenRouter) — receives the post text and returns a draft reply, under your own account and their privacy policy.
We do not sell your personal information.
5. Data retention
We keep license and billing records for as long as your subscription is active and as required for legal, tax, and accounting purposes. You can request deletion of your account data (see below); note that billing records our payment provider must retain are subject to their policies.
6. Your rights
Depending on where you live (e.g. the EU/UK under GDPR, or California under the CCPA), you may have rights to access, correct, delete, or port your personal data, and to object to certain processing. To exercise any of these, email support@growsembly.com and we'll respond within the time required by applicable law.
7. Security
We use reasonable technical and organizational measures to protect the limited data we hold. Because your sensitive data (AI key, content, platform session) stays on your own device, the most important security control is in your hands: keep your browser and device secure.
8. International users
We and our providers may process the limited data described above in the United States and other countries. By using Notewell you consent to that processing.
9. Children
Notewell is not directed to anyone under 18, and we do not knowingly collect data from children.
10. Changes
We may update this policy; we'll revise the date above and, for material changes, provide notice where appropriate.
11. Contact
Privacy questions or requests: support@growsembly.com.