Website logo

NoteLinker

Legal

Privacy Policy

Last updated: March 27, 2026

01

Introduction

At NoteLinker, your privacy is our priority. This Privacy Policy explains how we collect, use, store, and protect your information when you use our synchronization services between Notion and HubSpot. By using NoteLinker, you agree to the practices described in this policy.

02

Information We Collect

  • Account Information: Your name and email address provided during sign-up to manage your account and communicate with you about the service.
  • Integration Data: We securely store OAuth access tokens to connect your Notion and HubSpot accounts. We only access the specific data you explicitly authorize through the OAuth consent flow.
  • Sync Metadata: We collect basic logs about your syncs (such as timestamps, success/failure status, and record counts) to ensure the service is working correctly and to help with troubleshooting.
  • Payment Information: Payment details (credit card numbers, billing addresses) are collected and processed directly by Stripe. We do not store your full payment information on our servers.
  • Usage Data: We collect anonymous usage analytics (page views, feature usage) to improve the service. This data is not linked to your personal identity.
03

How We Use Your Information

  • To synchronize your notes from Notion to HubSpot as requested
  • To send you critical service updates, security alerts, and account notifications
  • To diagnose technical issues and improve the reliability and speed of the sync
  • To verify your subscription status and keep your account secure
  • To send you account-related communications, including trial updates, product tips, and subscription information
  • To comply with legal obligations and enforce our Terms of Service
04

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual Necessity: Processing your data is necessary to provide the synchronization service you signed up for.
  • Legitimate Interest: We process certain data (such as usage analytics and sync logs) to maintain, improve, and secure the service.
  • Consent: Where required by law, we obtain your consent before processing data for specific purposes, such as sending marketing communications. You may withdraw consent at any time.
  • Legal Obligation: We may process data to comply with applicable laws, regulations, or legal proceedings.
05

Data Processing and Sub-processors

NoteLinker acts as a bridge between your Notion and HubSpot accounts. We do not own, sell, or trade your notes or content. Your data is processed through our secure servers solely to deliver it to HubSpot.

We use the following sub-processors to provide the service:

  • Supabase: Secure, encrypted database hosting and authentication (US)
  • Stripe: Payment processing (US)
  • Vercel: Application hosting and deployment (US)
  • Notion API: Reading your authorized Notion pages and databases
  • HubSpot API: Writing synced notes to your HubSpot CRM timeline
  • PostHog: Anonymous product analytics (EU/US)
06

Security Measures

  • All stored access tokens are encrypted using industry-standard AES-256 encryption
  • We follow the Principle of Least Privilege, requesting only the minimum permissions required to sync your notes
  • All data in transit is protected with TLS 1.2+ encryption
  • Our database is powered by Supabase and hosted on secure, enterprise-grade infrastructure with row-level security policies
  • We conduct regular reviews of our security practices and access controls
07

Data Retention

  • Account data and OAuth tokens: Retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Sync logs and metadata: Retained for up to 90 days for troubleshooting purposes, then automatically purged.
  • Payment records: Retained as required by applicable tax and accounting laws (typically 7 years), managed by Stripe.
  • Note content: NoteLinker does not permanently store the content of your notes. Note data passes through our servers during the sync process and is not retained after delivery to HubSpot.
08

International Data Transfers

NoteLinker is based in the United States, and your data is processed and stored on servers located in the United States. If you are accessing the service from outside the US (including the European Economic Area or the United Kingdom), your data will be transferred to and processed in the US. We rely on standard contractual clauses and other appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws.

09

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data. You can also revoke our access at any time through your Notion or HubSpot account settings.
  • Data Portability: Request a machine-readable copy of your data.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

California Residents (CCPA): You have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. NoteLinker does not sell your personal information to third parties.

To exercise any of these rights, contact us at michael@notelinker.com. We will respond within 30 days.

10

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authorities as required by applicable law. Our notification will include the nature of the breach, the data affected, and the steps we are taking to address it.

11

Cookies

We use essential cookies to keep you logged in to the NoteLinker dashboard. These cookies are required for the app to function and are not used for tracking your activity on other websites. We also use anonymous analytics cookies to understand how the service is used. You can manage cookie preferences through your browser settings.

12

Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. NoteLinker does not currently respond to DNT signals, as there is no industry-standard interpretation of this signal. However, we limit tracking to anonymous product analytics and do not engage in cross-site tracking or sell your data to advertisers.

13

Children's Privacy

NoteLinker is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at michael@notelinker.com.

14

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the email address associated with your account at least 30 days before the changes take effect. We encourage you to review this policy periodically. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

15

Contact Us

If you have any questions about your data or our privacy practices, please contact Michael at michael@notelinker.com.

© 2026 NoteLinker. All rights reserved.