Privacy Policy

1. Introduction

Welcome to Gnotor. Gnotor ("we," "us," or "our") operates gnotor.com and its associated product applications, including Zenmentum (collectively, the "Service"). We are committed to protecting and respecting your privacy.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have regarding your data. This policy applies to all users of our Service, whether accessed through a web browser, mobile application, or desktop application.

Zenmentum is an all-in-one GTD (Getting Things Done) productivity workspace that includes task management with Task Chains, habit tracking, smart notes with AI-powered Q&A, calendar integration, weekly reviews, and a statistics dashboard. By using our Service, you agree to the collection and use of information in accordance with this policy.

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

2. Information We Collect

The following describes data collection across our products. Currently, this applies to Zenmentum.

2.1 Account Information

When you create an account on one of our products (such as Zenmentum), we collect the following information:

Email address (required for account creation and authentication)
Display name (optional, used for personalizing your experience)
Authentication credentials (managed securely by our authentication provider, Supabase)

2.2 Content You Create

Zenmentum stores the content you create within the Service, including:

Tasks, subtasks, and Task Chains (including titles, descriptions, due dates, priorities, and status)
Notes and documents you write in Smart Notes
Habit tracking data (habit names, completion records, streaks)
Project and tag information used to organize your tasks
Weekly review entries and reflections

2.3 Usage Data

We automatically collect certain information when you use our Service to help us understand how the Service is used and to improve the user experience:

Feature usage patterns (which features you use, frequency of use)
Device information (device type, operating system, browser type and version)
IP address (used for security purposes and general geographic location)
Error logs and crash reports to improve service reliability
Date and time of access, pages viewed, and time spent on features

2.4 Payment Information

All payment processing is handled by Paddle.com Market Limited, our Merchant of Record. We do not directly collect, store, or process any credit card numbers, bank account details, or other financial payment information. When you make a purchase, Paddle collects the necessary payment information directly. We only receive confirmation of your subscription status, purchase date, and plan type from Paddle.

2.5 Optional Data

Certain features allow you to provide additional information on an optional basis:

Location data (city-level only): If you enable the weather feature, we store your city name locally on your device. This information is not transmitted to our servers.
Calendar subscription URLs: If you connect your calendar via iCal subscription URLs, those URLs are stored in your account settings to provide calendar integration features.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Maintaining the Service

Creating and managing your user account
Storing and synchronizing your tasks, notes, habits, and other content across devices
Delivering features such as Task Chains, weekly reviews, statistics, and calendar integration
Processing your requests and transactions

3.2 AI-Powered Features

When you use AI features (such as Smart Notes Q&A or task analysis), portions of your content are sent to Anthropic's Claude API for processing. This is described in detail in Section 4 below.

3.3 Improving the Product

Analyzing usage patterns to understand which features are most valuable
Identifying and fixing bugs, errors, and performance issues
Developing new features and improving existing ones

3.4 Communication

Responding to your support requests and inquiries
Sending service-related notifications (e.g., security alerts, changes to our terms)
Providing product updates and feature announcements (you can opt out at any time)

3.5 Payment Processing

Payment data is processed by Paddle.com Market Limited as our Merchant of Record. We use subscription status information to determine your access level and features within the Service.

3.6 Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for collecting and using your personal data include:

Contract performance: Processing necessary to provide you with the Service you have subscribed to.
Legitimate interests: Improving our Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
Consent: Where you have given us specific consent to process your data for a particular purpose, such as using AI features.
Legal obligations: Processing necessary to comply with applicable laws.

4. AI Data Processing

Zenmentum includes AI-powered features that enhance your productivity. We believe transparency about how AI processes your data is essential. Here is a detailed explanation:

4.1 What Data Is Sent to AI Services

When you use AI features, the following data may be sent to Anthropic's Claude API:

The text content of notes you are querying with the AI Q&A feature
Task descriptions and context when using AI task analysis
Your query or question text

4.2 How AI Data Is Handled

Anthropic, the provider of Claude API, does NOT use data submitted through their API to train their AI models. Your content is processed for the sole purpose of generating a response and is not retained by Anthropic for model improvement purposes. This is governed by Anthropic's API Terms of Service.

4.3 Disabling AI Features

AI features in Zenmentum are entirely optional. You can use Zenmentum's full task management, habit tracking, and note-taking capabilities without ever activating AI features. If you choose not to use AI features, no content will be sent to third-party AI providers. You can disable AI features at any time in your account settings.

We do not sell, rent, or trade your personal data to third parties. We share your data only with the following service providers, solely for the purpose of delivering and improving our Service:

5.1 Paddle.com Market Limited (Payment Processing)

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns. Paddle collects and processes payment information, billing addresses, and transaction data in accordance with their own privacy policy. For more information, please refer to href=

5.2 Supabase (Database and Authentication)

Supabase provides our cloud database and user authentication infrastructure. Your account information and content data are stored on Supabase's servers. Supabase processes this data on our behalf as a data processor, subject to appropriate data processing agreements.

5.3 Anthropic (AI Processing)

When you use AI features, relevant content is sent to Anthropic's Claude API for processing. As noted in Section 4, Anthropic does not use API inputs for model training. Data is transmitted securely via encrypted connections.

5.4 Cloudflare (CDN and Security)

Cloudflare provides content delivery network (CDN) services, DNS management, and bot protection (via Cloudflare Turnstile) for our Service. Cloudflare may process IP addresses and request metadata to provide these security and performance services.

5.5 PowerSync (Data Synchronization)

PowerSync provides real-time data synchronization between your local device and our cloud database. This enables offline access and ensures your data stays consistent across devices. PowerSync processes your content data as a data processor on our behalf.

5.6 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid legal process, such as a court order, government investigation, or as otherwise required by law. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6. Data Storage and Security

6.1 Where Your Data Is Stored

Your data is stored in the following locations:

Cloud storage: Your account data, tasks, notes, and other content are stored on Supabase's cloud infrastructure with encryption at rest.
Local storage: A copy of your data is stored locally on your device using browser storage (IndexedDB/SQLite) to enable offline access and faster performance. Local settings like weather location are stored only on your device.

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

HTTPS/TLS encryption for all data in transit between your device and our servers
Encryption at rest for data stored in our cloud database
Secure authentication through Supabase with industry-standard protocols
Regular security assessments and updates
Access controls and role-based permissions for internal data access
Cloudflare bot protection (Turnstile) to prevent automated attacks

6.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes (such as maintaining records of transactions for tax compliance).

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can also update most of your information directly through your account settings.
Right to Erasure ("Right to Be Forgotten"): You have the right to request that we delete your personal data. You can delete your account through the app, or contact us at [email protected]. Upon account deletion, we will erase your data within 30 days, subject to legal retention requirements.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Zenmentum provides a data export feature that allows you to download all your tasks, notes, and other content as a ZIP file.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing.
Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent: Where processing is based on your consent (e.g., AI features), you have the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

8. Cookies and Tracking

Zenmentum uses a minimal number of cookies, strictly for functional and security purposes. We do not use any advertising or marketing tracking cookies.

8.1 Essential Cookies

Session cookies: Used for user authentication. These cookies keep you logged in while you use the Service and expire when you close your browser or after a set period of inactivity.
Supabase authentication tokens: Stored in local storage to maintain your authenticated session across page loads.

8.2 Security Cookies

Cloudflare Turnstile: We use Cloudflare Turnstile, a privacy-preserving CAPTCHA alternative, to protect our Service from bots and automated abuse. Turnstile may set cookies to verify that interactions come from real users. Cloudflare does not use this data for advertising purposes.

8.3 What We Do NOT Use

No advertising cookies or tracking pixels
No third-party analytics cookies (such as Google Analytics)
No social media tracking cookies
No cross-site tracking

9. Children's Privacy

Our services are not intended for use by children under the age of 13 (or under the age of 16 in the European Economic Area). We do not knowingly collect personal data from children under these ages. If we become aware that we have collected personal data from a child under the applicable age, we will take immediate steps to delete that information.

If you are a parent or guardian and you believe your child has provided personal data to Gnotor, please contact us at [email protected] so that we can take appropriate action.

10. International Data Transfers

Gnotor operates globally and your data may be transferred to and processed in countries other than the country in which you reside. Our service providers, including Supabase, Anthropic, Cloudflare, and PowerSync, may store and process data in the United States or other jurisdictions.

When your data is transferred outside the European Economic Area or the United Kingdom, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms, to protect your data in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify you via email or through a prominent notice within the Service
Where required by law, obtain your consent to the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: gnotor.com

We aim to respond to all privacy-related inquiries within 30 days. For payment-related inquiries, please contact Paddle directly through your purchase receipt or at href=