Privacy Policy

Last updated: January 16, 2026

Introduction

Noted. is a decentralized note-taking application built on Arweave blockchain. We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we handle your information, where your data is stored, and how long it is retained.

Key Principle: We believe in privacy by design. Your notes are encrypted with your wallet key before storage, and we never have access to your unencrypted content.

Data Storage

Published Notes

  • Location:Arweave blockchain (decentralized permanent storage)
  • Storage Duration:Permanent - once published, notes exist forever and cannot be deleted
  • Encryption:Notes are encrypted with your wallet address (AES encryption) before being stored
  • Access:Only you can decrypt and access your notes using your wallet
  • Immutability:Published notes cannot be edited or deleted - this is a feature of Arweave's permanent storage

Local Notes (Unpublished)

  • Location:Your browser's localStorage (client-side only)
  • Storage Duration:Temporary - stored until you publish to Arweave, save as draft, or clear browser data
  • Encryption:Not encrypted in localStorage (only exists locally on your device)
  • Access:Only accessible on the device where they were created
  • Deletion:Automatically removed when published to Arweave or when browser data is cleared

Share Links

  • Location:Temporary server storage for encrypted content and token validation
  • Storage Duration:Configurable (15 minutes to 24 hours) - share links expire after the set duration for security
  • Encryption:Note content is encrypted directly with your password using AES encryption. Password is never stored anywhere.
  • Access:Single-use links - each link can only be accessed once. Recipient needs both link and password to decrypt.
  • Deletion:Automatically deleted after expiration or use. No permanent record of passwords or share links is kept.

Drafts

  • Location:Encrypted Redis storage associated with your wallet address
  • Storage Duration:Automatically deleted after 28 days, or until you publish/delete them manually
  • Encryption:Drafts are encrypted with your wallet key before storage in Redis
  • Access:Only accessible with your wallet address and key
  • Deletion:Automatically deleted after 28 days, or can be deleted manually at any time

Favorites & Metadata

  • Location:DigitalOcean Spaces (S3-compatible) storage
  • Storage Duration:Permanent until manually deleted
  • Encryption:Metadata stored as plain JSON (transaction IDs, tags, favorites list)
  • Access:Only accessible with your wallet address
  • Content:Stores favorites list, published note metadata, and tags - not note content itself

What Data We Collect

Data We Store

  • Wallet Address: Your public Arweave wallet address (used as encryption key)
  • Transaction IDs: Public transaction IDs of your published notes
  • Encrypted Note Content: Your notes encrypted with your wallet key, stored on Arweave
  • Metadata: Tags, favorites, and published note references stored in DigitalOcean Spaces, associated with your wallet address

Data We Do NOT Collect

  • Wallet Private Key: Never stored, never transmitted, never accessible to us
  • Unencrypted Note Content: We never see your plaintext notes
  • Personal Information: No names, emails, or personal identifiers required
  • Usage Analytics: We do not track your usage, browsing patterns, or behavior

Encryption & Security

Client-Side Encryption

All notes are encrypted in your browser before being uploaded to Arweave. We use AES encryption with your wallet address as the key.

No Server Access

We cannot decrypt or read your notes. Even if we could access the encrypted data on Arweave, we cannot decrypt it without your wallet private key.

Wallet-Based Security

Your wallet serves as both your identity and your encryption key. Only you have access to your private key.

Password-Protected Sharing

Share links use password-based AES encryption where note content is encrypted directly with your password. The password is never stored anywhere (not on servers, databases, or logs). Links expire after a configurable duration (15 minutes to 24 hours). Single-use access tokens minimize exposure risk. Link creation time is displayed for reference.

Data Retention Periods

Published Notes

Permanent - stored forever on Arweave blockchain. Cannot be deleted. Encrypted with wallet key.

Local Notes

Temporary - stored in browser localStorage until published, saved as draft, or browser data is cleared.

Share Links

Configurable duration (15 minutes to 24 hours) - automatically expire and become invalid after the set duration. Password-protected with AES encryption. Password never stored.

Drafts

28 days - automatically deleted after 28 days, or until you publish/delete them manually. Stored in encrypted Redis storage.

Favorites & Metadata

Permanent - stored in DigitalOcean Spaces until manually deleted. Contains transaction IDs, tags, and favorites list.

Your Rights

Access

You can access all your published notes using your wallet address and transaction IDs

Export

You can export all your notes (local, drafts, published) to a ZIP file at any time

Deletion

You can delete local notes and drafts. Published notes on Arweave cannot be deleted (permanent storage)

Privacy

Your notes are encrypted and we cannot read them

Control

You control your wallet and encryption keys - we have no access

Contact Us

If you have questions about this Privacy Policy or our data practices, please visit our FAQ page or check out our GitHub repository.