Privacy Policy

Last updated: April 2026

Pendnote is built with privacy in mind. This document explains what data we collect, why, and what you can do with it.

What we collect

At account creation

  • Email and name — for your account and to send you capsule notifications
  • Password — stored as a bcrypt hash, not in plaintext
  • Preferred language

When you use the service

  • Your capsules — encrypted with AES-256. By default, we hold the key to open them on the scheduled date. In Zero-Knowledge mode, we don't have the key — only you do.
  • IP address — for rate limiting and security, kept 90 days
  • Access logs — last 30 days of account activity
  • Capsule metadata — optional title, mode, unlock date, status

When you pay

Stripe or PayPal process payments. We do not see or store card details. We keep the transaction ID and amount for billing.

What we do NOT collect

  • We do not use tracking cookies (Google Analytics, Facebook Pixel, etc.)
  • We do not sell your data to anyone
  • We do not read your capsule content except at opening time, and not even then for Zero-Knowledge capsules

Who sees the data

  • You, anytime, from your account
  • Pendnote administrators: metadata only, when investigating technical issues or abuse reports
  • Payment processors: Stripe and PayPal, only the data needed for payment
  • Email providers: the SMTP server used for notifications
  • AI providers (OpenAI, Anthropic): only if you activate Insights, and only non-Zero-Knowledge capsule content. Data is not used for training.

Your rights (GDPR)

As an EU user, you have the right to access, export, correct, delete, or object to processing of your data.

Retention

  • Account data: while the account is active
  • Capsules: until you delete them or delete your account
  • Access logs: 30 days
  • Invoices: 10 years (legal requirement)
  • Deleted account: 30 days for complete removal

Security

  • HTTPS everywhere (TLS 1.3)
  • AES-256-GCM encryption for all capsule content
  • bcrypt hashes for passwords
  • Daily backups, kept 30 days
  • Admin audit log for all admin actions

Cookies

We use only essential cookies: senit_session, senit_csrf, and senit_locale. No tracking cookies, no third-party cookies, no consent dialog needed.

Children

Pendnote is not intended for people under 16.

Changes

Important changes to this policy will be announced by email before they take effect.

Contact

Questions about your data? Write to us through the contact page or directly at [email protected].