Information Retention Policy

Noteble is an AI-powered documentation platform that processes audio recordings, text input, and photographs to generate structured enterprise documentation. During the course of providing this service, we process and store several categories of data on your behalf.

This policy applies to all data processed through the Noteble platform, whether stored in our cloud infrastructure (AWS) or temporarily cached on your device.

Our guiding principles for data retention are:

• Purpose limitation: Data is retained only as long as it serves a defined purpose
• Data minimisation: We store the minimum data necessary to provide the service
• User control: You can delete your data at any time through your account settings
• Transparency: Retention periods are clearly documented for each data category

The following table summarises the data categories we process and their retention periods:

Audio recordings are uploaded to AWS S3 with server-side encryption (AES-256) for the sole purpose of transcription and document generation. We treat audio data as highly sensitive and apply the following safeguards:

• Ephemeral storage: Audio files are automatically deleted within 24 hours of successful processing via S3 lifecycle policies
• No training use: Audio recordings and transcriptions are never used to train AI models. We use AWS Transcribe which does not retain your audio data
• Access controls: Audio files are stored in user-scoped S3 prefixes with IAM policies restricting access to the processing pipeline only
• Streaming transcription: When using real-time streaming mode, audio is processed in memory and not persisted to disk

Transcription text is retained only as an intermediate processing step. Once the final document is generated, the raw transcription is deleted. Only the generated document (which you can review, edit, and delete) is retained.

Documents generated through Noteble are your content. They are stored in AWS DynamoDB (metadata) and S3 (full content) with the following policies:

• Documents are retained for as long as your account is active
• You can delete individual documents at any time from the Projects page
• Deleted documents are permanently removed within 24 hours (no soft-delete or recycle bin)
• Documents are encrypted at rest using AWS-managed encryption keys
• Each document is scoped to your user ID and cannot be accessed by other users unless you explicitly share it

Shared documents follow the same retention policy. If the owner deletes a shared document, it is removed for all recipients. Revoking a share removes access immediately but does not delete the document.

We retain the following account information for the duration of your account:

• Authentication credentials: Managed by AWS Cognito with industry-standard password hashing (SRP protocol). Passwords are never stored in plaintext
• Profile information: Name, email address, organisation, and preferences
• User settings: Language preference, app mode, template categories, and other personalisation settings
• Avatar: Profile images stored in S3 with user-scoped access

Upon account closure, all account data is scheduled for deletion within 30 days, subject to any legal hold requirements (see Section 10).

We collect usage data to maintain, improve, and secure the Service:

• Application logs: API request logs, error traces, and performance metrics are retained in AWS CloudWatch for 90 days
• Error tracking: Crash reports and error data are retained in Sentry for 90 days. These may include anonymised stack traces and device information
• Processing job history: Records of document generation jobs (status, timestamps, template used) are retained for the life of your account to support the job history feature

Usage logs are not used for advertising or sold to third parties. They are used solely for service operation, debugging, and aggregate analytics.

Payment processing is handled by Stripe. Noteble does not store full payment card details on our systems.

• Payment card data: Stored and managed entirely by Stripe in PCI DSS Level 1 certified infrastructure
• Transaction records: Invoice and subscription data is retained for 7 years to comply with UK tax and accounting regulations (HMRC requirements)
• Subscription status: Current plan, billing cycle, and subscription metadata are retained for the life of your account

We retain only a reference to your Stripe customer ID and last four digits of your payment method for display purposes.

You can request deletion of your data at any time:

Self-Service Deletion

• Delete individual documents from the Projects page
• Delete projects and their associated configuration
• Delete custom templates from your template library

Account Closure

To close your account and request full deletion of all associated data, contact us at privacy@noteble.ai. Upon receiving a verified request:

• Your account will be deactivated immediately
• All user-generated content (documents, projects, templates) will be permanently deleted within 30 days
• Audio recordings and transcriptions (if any remain in processing) will be deleted within 24 hours
• Account profile and authentication data will be removed from Cognito within 30 days
• Payment records will be retained for the legally required period (7 years) but disassociated from your personal identity where possible

Right to Erasure (GDPR)

Under the UK GDPR and EU GDPR, you have the right to request erasure of your personal data. We will honour erasure requests within 30 days, except where retention is required by law (e.g., financial records) or necessary for the establishment, exercise, or defence of legal claims.

To ensure service reliability and data integrity, we maintain the following backup practices:

• DynamoDB: Point-in-time recovery (PITR) is enabled, retaining continuous backups for up to 35 days
• S3: Versioning is not enabled for user content buckets. Deleted objects are permanently removed
• Infrastructure configuration: Stored as Infrastructure as Code (CloudFormation/SAM) in version control, not containing user data

When you delete data, it is removed from the live database immediately. Backup copies in PITR may persist for up to 35 days but are not accessible through the application and are used solely for disaster recovery purposes.

Standard retention periods may be overridden in the following circumstances:

• Legal proceedings: Data may be preserved if required in connection with litigation, regulatory investigation, or legal process
• Regulatory requirements: Certain data may be retained longer to comply with applicable laws, including UK GDPR, the Data Protection Act 2018, and HMRC regulations
• Fraud prevention: Account data associated with suspected fraud or abuse may be retained for up to 3 years after account closure

In all cases, we retain data only for as long as strictly necessary and apply appropriate access controls to preserved data.

You have the right to receive your data in a portable format:

• Documents: All generated documents can be viewed and copied from the Projects page. Markdown content is directly portable
• Projects: Project configuration and template assignments can be exported through your account
• Full data export: To request a complete export of all your data, contact us at privacy@noteble.ai. We will provide your data in a machine-readable format (JSON) within 30 days

We may update this Information Retention Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Where changes materially affect the retention of your data, we will provide notice via email or through the Service.