Privacy policy

1. Summary

Palimp is local-first. Your notes live on your device by default. When you enable cloud sync or use our AI features, a minimum amount of data is sent to the services needed to make those features work — and nothing more. We do not sell, rent, or monetize your content.

2. Data we handle

• Account data: email address and hashed password when you create an account.
• Note content: stored locally on your device. Synced (end-to-end encrypted) to our servers only if you opt in to cloud sync.
• Transcripts and AI prompts: the selected text and audio you send to transcription or AI Transform features.
• Billing data: handled by our payment processor — we never see your card numbers.

3. Sub-processors

We use OpenAI as a sub-processor to power live transcription (Whisper) and AI Transform. Selected text and audio you send to these features is transmitted to OpenAI under their zero-retention terms — inputs are processed and discarded, not used to train models.

Hosting and cloud sync are provided by Vercel and a European storage provider. Payments are processed by a PCI-compliant processor. A current, detailed sub-processor list is available on request.

4. What we don't do

We do not sell your data. We do not share it with advertisers. We do not use your note content to train AI models. We do not run third-party analytics or ad trackers on our product surfaces.

5. Cookies

We use a small number of strictly necessary cookies for authentication and session management. We do not use advertising cookies. If we add optional analytics in the future, you'll be asked to opt in first.

6. Your rights

You can export every note as plain markdown at any time, and you can delete your account — along with all server-side data — from your account settings. For requests under GDPR or CCPA, email privacy@palimp.com.