Template — not legal advice. This document is a starting point generated for Hayai. Have it reviewed and adapted by a qualified lawyer for your jurisdiction before relying on it in production.
Privacy Policy
This Privacy Policy describes how Hayai handles your personal data. By using Hayai you agree to the practices described below.
1. Who we are
Hayai ("we", "us") is a single-user markdown notes application. This policy explains what personal data we process when you use the service and the rights you have over it. Questions: hello@hayai.so.
2. What we collect
Account data: your email address and authentication identifiers, handled by our authentication provider (Clerk). We never see or store your password.
Content you create: your notes (markdown text), folders, and any files you upload (e.g. PDFs and images). This is the data you choose to store in the app.
Billing data: if you subscribe to Pro, payment is processed by Stripe (via Clerk Billing). We receive your subscription status and plan — not your full card number.
Technical data: minimal operational logs needed to run and secure the service.
3. How we use it
To provide the service: store, sync, and display your notes and files across your devices.
To operate billing and enforce plan limits.
To secure the service and prevent abuse.
We do not sell your personal data, and we do not use your notes to train machine-learning models.
4. Where it is stored and who processes it
Content and account records are stored with Supabase (Postgres database and object storage), protected by row-level security so each account can only access its own data. Data is encrypted in transit (TLS) and at rest.
Sub-processors: Clerk (authentication), Stripe (payment processing, via Clerk Billing), and Supabase (database, file storage, and hosting). Each processes data only to provide its part of the service.
Note: Hayai uses strong, standard security — it is not zero-knowledge / end-to-end encrypted, so we (and our infrastructure providers) are technically able to access stored content to operate the service.
5. Your rights (GDPR and similar laws)
Access & portability: export all of your notes (as Markdown), your uploaded files, and a JSON manifest at any time from Settings → Export my data.
Erasure: delete your account and all associated content (notes, files, and storage objects) from Settings → Delete account. This is irreversible.
Rectification: edit or correct your notes and account details directly in the app.
Objection / restriction: contact us to exercise any other rights you have under applicable law.
To make a request or raise a concern, contact hello@hayai.so. You also have the right to lodge a complaint with your local data-protection authority.
6. Data retention
We retain your content for as long as your account is active. When you delete your account, your notes, files, and storage objects are removed. Billing records may be retained by Stripe/Clerk as required for tax and accounting obligations.
7. Cookies and local storage
We use cookies and similar technologies that are strictly necessary to keep you signed in (set by our authentication provider) and to run the app. We also use your browser's local storage / IndexedDB to cache your notes for fast, offline-tolerant access on your device. We do not use third-party advertising or tracking cookies.
8. International transfers
Our providers may process data in countries outside your own. Where required, transfers rely on appropriate safeguards (such as Standard Contractual Clauses) offered by those providers.
9. Children
The service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes
We may update this policy as the service evolves. Material changes will be reflected here with a new “last updated” date.