Privacy Policy

Your privacy matters. This policy explains what information we collect, how we use it, and your choices.

Updated: January 2025

1. Overview

Thinking Notes Pte. Ltd. ("Company", "we", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy complies with Singapore's Personal Data Protection Act 2012 (PDPA) and explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered forms platform ("Service").

By using our Service, you consent to the collection and use of your personal data as described in this policy.

2. What Personal Data We Collect

Account Information

Email address (required for registration and login)
Display name and avatar (optional)
Password (securely hashed, we never store plain text passwords)
Account creation date and login timestamps
Subscription tier and billing information

Content and Usage Data

Notes you create, including titles, descriptions, AI prompts, and form fields
Form submissions and responses from users interacting with your Notes
Files uploaded to Notes (processed securely, with size and content safeguards)
URLs parsed through our URL parsing feature
AI-generated responses and feedback
Analytics data: views, submissions, favorites, and interaction patterns

Technical Information

IP address, browser type, and device information
Session data and authentication tokens
Error logs and performance metrics
Feature usage patterns and preferences

Financial Information

Credit card details (processed securely through third-party payment processors)
Billing address and payment history
Credit usage and transaction records

3. How We Use Your Personal Data

Service Provision (PDPA Purpose: Performance of Contract)

Create and manage your account
Process AI requests and generate personalized responses
Enable sharing and collaboration features
Track credit usage and enforce subscription limits
Provide analytics and insights on your Notes' performance

Service Improvement (PDPA Purpose: Legitimate Interests)

Analyze usage patterns to enhance features and user experience
Optimize AI response quality and performance
Develop new features based on user behavior
Conduct research and analytics (anonymized where possible)

Communication (PDPA Purpose: Legitimate Interests/Consent)

Send important service updates and security notifications
Respond to support inquiries and technical issues
Share product announcements and feature updates (with consent)
Provide billing and subscription-related communications

Legal Compliance (PDPA Purpose: Legal Obligation)

Comply with applicable laws and regulations
Respond to legal requests and government inquiries
Enforce our Terms of Service and prevent abuse
Protect against fraud and security threats

4. How We Share Your Personal Data

We do not sell, rent, or trade your personal data. We only share your data in the following circumstances:

Service Providers (Data Processors)

AI Providers: OpenAI, Anthropic (Claude), Google (Gemini) - to generate AI responses
Cloud Infrastructure: Supabase, Vercel - for hosting, database, and application services
Payment Processing: Stripe or similar - for subscription billing
Analytics: Privacy-focused analytics providers (anonymized data only)

All service providers are contractually bound to protect your data and use it only for the specified purposes.

Public Content

Content in public Notes is visible to other users by design. This includes Note titles, descriptions, and form fields, but never includes private submission data or AI prompts.

Legal Requirements

We may disclose personal data if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or others.

5. Data Security and Protection

We implement industry-standard security measures to protect your personal data:

Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
Access Controls: Row-level security (RLS) and role-based access permissions
Authentication: Secure login with password hashing and session management
Infrastructure: SOC 2 compliant cloud providers with regular security audits
Monitoring: Continuous monitoring for security threats and anomalies
Data Minimization: We collect only necessary data and retain it for appropriate periods

While we strive to protect your personal data, no security system is completely impenetrable. We encourage you to use strong, unique passwords and report any security concerns immediately.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Until account deletion or 3 years after last login
Content Data: Until content deletion or account termination
Usage Analytics: Aggregated data retained indefinitely (anonymized)
Financial Records: 7 years as required by Singapore tax laws
Support Communications: 2 years for quality assurance purposes

You can request deletion of your data at any time, subject to our legal retention obligations.

7. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act, you have the following rights:

Access and Portability

Request a copy of your personal data we hold
Export your Notes and submissions in standard formats
Receive information about how your data is being processed

Correction and Update

Update your account information and preferences
Correct inaccurate or incomplete personal data
Modify or delete your Notes and content

Withdrawal of Consent

Opt out of marketing communications
Disable optional features that process personal data
Delete your account and associated data

Objection and Restriction

Object to processing based on legitimate interests
Request restriction of processing in certain circumstances
File complaints with the Personal Data Protection Commission (PDPC)

To exercise these rights, contact our Data Protection Officer at privacy@thinkingnotes.com. We will respond within 30 days of receiving your request.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside Singapore, including:

United States (AI providers, cloud infrastructure)
European Union (service providers with adequacy decisions)
Other jurisdictions with appropriate safeguards

We ensure appropriate safeguards are in place, including contractual clauses and adequacy decisions, to protect your data during international transfers.

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Essential Cookies: Required for authentication and core functionality
Analytics Cookies: Help us understand usage patterns (anonymized)
Preference Cookies: Remember your settings and customizations

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Material changes will be notified through:

Email notification to registered users
Prominent notice on our website
In-app notifications for significant changes

Continued use of the Service after changes indicates acceptance of the updated policy.

12. Contact Information

Data Protection Officer
Thinking Notes Pte. Ltd.
Singapore
Email: privacy@thinkingnotes.com
Response time: Within 30 days

General Support
Email: support@thinkingnotes.com
For technical issues and general inquiries

Singapore Personal Data Protection Commission (PDPC)
If you are not satisfied with our response to your privacy concerns, you may file a complaint with the PDPC:
Website: https://www.pdpc.gov.sg
Email: info@pdpc.gov.sg