Your privacy matters

Information We Collect

When you create an account, we collect:

• Your name and email address
• A hashed (never plain-text) version of your password — we cannot read it
• Your optional Anthropic API key, stored in our database to enable AI folder suggestions

When you use Maginote, we also store:

• Notes you create, including their title and content
• Folders you create and their settings (name, icon, color, keywords)
• Timestamps of when notes were created and last modified

How We Use Your Information

Your data is used solely to provide the Maginote service:

• To authenticate you and maintain your session securely
• To store and retrieve your notes and folders
• To send password reset emails when you request them
• To send a one-time welcome email when you sign up
• If you add an Anthropic API key: your note content (up to 600 characters) is sent to Anthropic's API to generate folder suggestions. This is opt-in and controlled entirely by you.

We do not use your data for advertising, profiling, analytics resale, or any purpose beyond operating the app.

Data Storage & Security

Your data is stored in a MySQL database on Hostinger shared hosting. We take reasonable steps to protect it:

• HTTPS encryption for all data in transit
• Passwords are bcrypt-hashed (cost 12) — we cannot recover them
• Session cookies are HttpOnly, Secure, and SameSite=Lax
• All forms are CSRF-protected
• Login attempts are rate-limited to prevent brute force
• Each user's data is isolated — you can only access your own notes

While we take security seriously, no internet service is 100% immune. We recommend not storing highly sensitive secrets (bank passwords, private keys, etc.) in any cloud note app.

Third-Party Services

• Hostinger — hosting provider. Your data physically resides on their servers.
• Anthropic Claude API — only used if you add your own API key in Settings. Your note title and up to 600 characters of content are sent per suggestion request. Governed by Anthropic's Privacy Policy.
• Google Fonts — we load the Inter typeface from Google's CDN. Google may log this request per their own policy.
• Chart.js CDN (Cloudflare) — used only in the admin panel.

We do not sell, rent, or share your personal data with any other third parties.

Your Rights & Data Deletion

You have the right to:

• View all your notes and folders directly in the app at any time
• Delete any note or folder from within the app
• Delete your entire account and all associated data via Settings → Danger Zone
• Remove your Anthropic API key at any time from Settings

Account deletion is immediate and permanent. To request deletion if you cannot access your account, email uiuxpert@ishtiaqshaheer.in — we will process it within 7 business days.

Cookies & Sessions

Maginote uses a single session cookie (maginote_sess) to keep you signed in. This cookie:

• Contains only a session ID — no personal data is stored in the cookie itself
• Is flagged HttpOnly (JavaScript cannot access it), Secure (HTTPS only), and SameSite=Lax
• Is deleted when you sign out or clear your browser cookies
• Is not used for tracking, advertising, or analytics

We use no third-party analytics cookies, marketing cookies, or tracking pixels.

Changes to This Policy

If we make material changes to this Privacy Policy, we will update the effective date shown above. Continued use of Maginote after changes are posted constitutes acceptance of the updated policy.