Cookie & Storage Policy
🍪 No tracking cookies. Ever. Notevo uses only localStorage for your notes and a session cookie for authentication. There are no advertising cookies, analytics cookies, or cross-site trackers of any kind.
What We Store Locally
Notevo uses browser localStorage (not cookies) to store two things:
notevo_notes— your notes (plain or AES-256-GCM encrypted) stored entirely on your devicenotevo_cookie_ok— a single flag remembering that you dismissed this banner
Authentication Cookie
If you sign in, Supabase sets a secure, HTTP-only session cookie to maintain your login. This cookie contains only a session token — no personal data, no tracking identifiers. It expires when you sign out or after your session timeout.
What We Don't Use
- ❌ No advertising / tracking cookies
- ❌ No analytics (Google Analytics, Mixpanel, Plausible, etc.)
- ❌ No cross-site fingerprinting or device fingerprinting
- ❌ No third-party marketing pixels
- ❌ No persistent identifiers beyond your auth session
Third-Party Resources
On page load, Notevo fetches fonts from Google Fonts and may load scripts from CDN services. These services may log your IP address in their own server logs per their respective privacy policies. They do not set cookies in Notevo's context.
Clearing Your Data
You can clear all locally stored notes at any time from the app settings. You can also clear all browser storage via your browser's developer tools under Application → Local Storage. Signing out clears your auth session cookie.
GDPR / CCPA / PECR Compliance
Because Notevo stores no personal data on our servers and uses no tracking or advertising cookies, it is inherently compliant with GDPR, CCPA, and PECR for its core functionality. The auth session cookie is strictly necessary and exempt from consent requirements under these regulations.
Contact
Questions about storage or cookies? Open an issue on GitHub.