🎉 Promotion

Launch Offer: Welcome to XeoNote. Join during our launch window and share one feature idea or bug report in the app to unlock Lifetime Pro access and Founder's Club status.

Start free
Open appStart free

Legal

Privacy Policy

This policy explains how XeoNote collects, uses, and protects personal data under UK GDPR and the Data Protection Act 2018.

Last updated: 26 February 2026

Who we are

XeoNote is developed and operated in the United Kingdom. For data protection purposes, XeoNote acts as a data controller for account, billing, and support data, and as a data processor for customer note content where applicable.

Data Protection contact

Contact email: privacy@xeonote.com

Data we process

  • Account data: name, email address, authentication details, and account settings
  • Usage data: operational telemetry, audit logs, and security event records
  • Billing data: plan, subscription status, invoice references, and payment metadata via billing providers
  • Customer content: notes, folders, tags, meeting metadata, and related collaboration data

How we use data

  • To provide and secure the XeoNote service
  • To manage subscriptions, billing, and customer support
  • To improve reliability, performance, and product functionality
  • To meet legal, regulatory, and fraud-prevention obligations

Lawful bases

We rely on contract performance, legitimate interests, legal obligations, and consent where required (for example, optional cookies).

Security and privacy controls

XeoNote uses defence-in-depth controls including access management, audit logging, and encryption features for sensitive notes.

XeoNote encryption modal
Client-side encryption workflow for protecting sensitive note content.

Data retention

We retain data only for as long as needed for service delivery, legal obligations, and dispute handling. Customers can request deletion of account data, subject to statutory retention requirements.

Your rights

Subject to UK GDPR, you may request access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Response times for rights requests

We aim to respond to valid data rights requests within one calendar month, subject to lawful extension where permitted by UK GDPR.

International transfers

Where personal data is transferred outside the UK, we use appropriate safeguards such as contractual protections and transfer risk assessments.

Contact

For privacy and data rights requests, email privacy@xeonote.com.