Data Protection Policy (GDPR)

Last updated: November 17, 2025

1. Introduction

Kalinotes is committed to protecting the privacy and personal data of its users in accordance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679).

This policy describes how we collect, use, store and protect your personal data when you use our service and Firefox extension.

2. Data Controller

The data controller is:

Kalinotes
Email: contact@kalinotes.com

3. Data Collected

In the context of using Kalinotes, we collect the following data:

3.1 Registration Data

  • First and last name
  • Email address
  • Password (encrypted)
  • Account creation date

3.2 Usage Data

  • Notes created (title, memo, screenshots)
  • URLs of annotated web pages
  • Organization into projects and categories
  • Information about sharing with other users
  • Dates and times of note creation/modification

3.3 Technical Data

  • IP address
  • Browser type and version
  • Connection data (logs)
  • Session cookies

4. Processing Purposes

Your personal data is collected and processed for the following purposes:

  • Service provision: creation, storage and management of your notes
  • Account management: authentication and management of your user account
  • Collaboration: sharing notes and projects with other users
  • Service improvement: analyzing usage to improve our features
  • Communication: sending important information about the service
  • Security: fraud prevention and protection of our systems
  • Legal compliance: compliance with our legal obligations

5. Legal Basis for Processing

The processing of your data is based on:

  • Contract performance: use of Kalinotes service
  • Your consent: for certain marketing communications
  • Legitimate interest: service improvement and security
  • Legal obligations: retention of certain data for legal reasons

6. Data Recipients

Your personal data may be shared with:

  • Authorized personnel: Kalinotes team in their respective functions
  • Service providers: hosting, technical services (under confidentiality agreement)
  • Authorized users: other users with whom you share your projects and notes
  • Authorities: in case of legal obligation or court request

7. Data Transfer Outside EU

Your data is stored on servers located in the European Union. In the event of a transfer outside the EU, we ensure that appropriate safeguards are in place (standard contractual clauses, Privacy Shield, etc.).

8. Data Retention

Your data is retained for:

  • Account data: during the duration of your active account + 1 year after deletion
  • Notes and projects: until manual deletion or account deletion
  • Technical logs: maximum 12 months
  • Billing data: 10 years in accordance with legal obligations

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Password encryption (bcrypt/argon2 hashing)
  • Secure authentication
  • Limited data access (principle of least privilege)
  • Regular and secure backups
  • Incident monitoring and detection
  • Staff training on data protection

10. Your Rights

In accordance with GDPR, you have the following rights:

10.1 Right of Access

You can request access to your personal data and obtain a copy.

10.2 Right of Rectification

You can request correction of inaccurate or incomplete data.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data under certain conditions.

10.4 Right to Restrict Processing

You can request a limit on the processing of your data in certain cases.

10.5 Right to Data Portability

You can receive your data in a structured and commonly used format.

10.6 Right to Object

You can object to the processing of your data for reasons relating to your particular situation.

10.7 Right to Withdraw Consent

When processing is based on your consent, you can withdraw it at any time.

10.8 Right to Set Post-Mortem Directives

You can set directives concerning the fate of your data after your death.

Exercising Your Rights

To exercise your rights, contact us at: contact@kalinotes.com

We will respond to your request within a maximum of one month.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

EDPB (European Data Protection Board)
Or your national data protection authority

12. Cookies

We use cookies strictly necessary for the service to function:

  • Session cookies: to maintain your connection
  • Security cookies: to protect against CSRF attacks

No tracking or advertising cookies are used.

13. Firefox Extension

The Kalinotes Firefox extension collects only the data necessary for its operation:

  • URL of the visited page (to associate the note)
  • Screenshot (when you create a note)
  • Content of your notes

The extension collects no navigation data outside of explicit use of the note-taking function.

14. Changes to This Policy

We reserve the right to modify this data protection policy. In case of substantial modification, we will inform you by email or through our service.

The date of last update is indicated at the top of this page.

15. Contact

For any questions about this policy or the processing of your personal data:

Email: contact@kalinotes.com
Contact form: Contact page

Important note: This data protection policy is provided for informational purposes. For full GDPR compliance, we recommend consulting a specialized data protection expert.