- E.g., your username is absolutely necessary to know in order for you to be able to log in.
Privacy Policy
While we make every reasonable effort to minimize what we know about you, some things are absolutely necessary to know.
And some pieces of information are necessary to know in order to be able to practically operate the service.
- E.g., the amount of data you use. (see more)
- While notes are relatively small and the amount of data a legitimate user uses is largely irrelevant, not knowing this would allow a malicious user to fill our servers with unlimited amounts of data, thus making it both economically and practically infeasible for us to operate the service.
What We Track
In the app
- Which versions of the app log in how often and when (see more)
- This allows us to know when we can delete old code, making maintenance easier for us - this information is not linked to your account
- Which operating systems the app runs on when it logs in (see more)
- This gives us some idea where to focus our efforts - this information is not linked to your account
- Which countries and regions the app is used in (see more)
- This gives us some idea where to focus our efforts - this information is not linked to your account
On the information website
- For every page view we track basic information anonymously (see more)- Which page- The time and date- Which browser- Which version of the browser- Which operating system- The country and state/region (e.g., Pennsylvania/United States, Zürich/Switzerland, Bavaria/Germany)
- First and foremost it gives us insight into how far and wide knowledge of our app has spread, which in turn will hopefully help us make more money
- It also helps us know when we can stop supporting older browsers, or if we need to start testing on new ones
What We Do Not Track
In the app
- The content of your notes (see more)
- All data in your notes is encrypted client-side and we have no means of accessing it (see security details)
- How you interact with the app (see more)
- While we might in theory be able to use such information to improve the experience, we are far from convinced that this kind of data analysis actually leads to improvements, and the cost to your privacy is not worth this dubious gain
- Which version you use (see more)
- While we do track general version usage, there is no substantial benefit to associating this with any particular user account and so we don't
- Which operating system you use (see more)
- While we do track general operating system usage and there could be some benefit to identifying if and how many users use the app across multiple platforms, we do not find that this information is sufficiently valuable to warrant tracking this
- Time series of your interactions with the server (see more)
- While we do keep track of when the last time you interacted with the server was, we do not keep a running log of your interactions
- Your IP (see more)
- While naturally we do have access to your IP whenever the client communicates with the server, we do not log or otherwise persist this information anywhere
- User session (see more)
- You do not have a cookie, session or session ID when you communicate with the server, every request is individually authenticated (see security details)
On the information website
- Your IP (see more)
- While naturally we do have access to your IP whenever your browser communicates with the server, we do not log or otherwise persist this information anywhere
- Your browser's fingerprint (see more)
- We do not engage in any attempt to create a unique identity for you, neither through what is generally referred to as fingerprinting nor any other current or future mechanism
- Any kind of tracking ID including but not limited to cookies (see more)
- We do not store any kind of tracking ID in your browser, nor do we use or store any tracking ID provided by anyone else
- Unique visitors (see more)
- While we admit it would be desirable to be able to count the number of unique users, the cost to your privacy and by extension our credibility and reputation is not worth the benefits this might provide.
What We Know at All Times
What we know about you implicitly or explicitly
- How much data you keep on our servers (see more)
- To prevent abuse1
- How much data you read and write on our servers (see more)
- To help us understand and optimize the application and make it cheaper to operate
- How many times you logged in (see more)
- We are curious
- When was the last time you were in contact with our servers (see more)
- To identify stale accounts, and potentially prune them at some point if it ever becomes an actual problem
- Creation and last modification time of individual notes (see more)
- This information is extremely helpful for disaster recovery, and for resolving bugs
- How many notes you have (see more)
- To prevent abuse1
- The size in bytes of each note as it is stored on our servers (see more)
- To prevent abuse1 and because it is more than a little complicated to hide this information from ourselves
- While the size of each note as stored on our servers is related to the amount of text in the given note there is no easy way to infer the actual amount of text from this size as notes are compressed prior to encryption
- Which notes are shared and with whom (see more)
- This information is implicitly available for practical implementation reasons. Ultimately it comes down to being able to track the amount of data each user uses.
- The name you chose for your account (see more)
- It would be impossible to log you in without some form of identifier shared between you and us
What we do not know about you
- The content of any of your notes (see more)
- The contents of all notes are encrypted on the client and are not available to us or any of our servers at any time (see security details)
- The titles of any of your notes (see more)
- The titles of your notes are encrypted the same way as the content. This is why you may see note titles "Loading..." for a brief time
What We Share
In the app
- We do not use any third-party tracking tools
- We do not share any data with any third party
On the information website
- We do not use any third-party tracking tools
- We do not share any data with any third party
If you buy a subscription
- We engage with Payrexx to facilitate payment via our website (see more)
- We provide the name, address and email you provide during the checkout process to Payrexx solely for the purpose of them being able to process your payment.
- We do not provide Payrexx any additional information such as your account name or any other identifier that would allow Payrexx to tie your subscription to a particular account in our system
- Payrexx operates in Switzerland and is subject to Swiss law including but not limited to data protection laws. For more information please refer to their privacy policy at https://www.payrexx.com/en/privacy-policy/
- We do keep a link between your account and the transaction for the purpose of being able to verify your subscription status.
- We do keep legally required records of payments even if you delete your account.
Data Protection Compliance & Your Rights
- We treat all users' data in accordance with the Swiss Federal Act on Data Protection (FADP) and the European Union General Data Protection Regulation (GDPR) (see more)
- This applies to all users regardless of nationality or residency, ensuring consistent high-level privacy protection under both Swiss and EU standards
- Our data is stored exclusively in Switzerland and/or the European Union, providing additional jurisdictional protections under these robust privacy frameworks
- The Swiss FADP provides similar protections to GDPR and is recognized as providing an adequate level of data protection by the EU
- Your rights under FADP and GDPR include: (see more)Right of Access: You can request information about what personal data we hold about youRight to Rectification: You can request correction of inaccurate personal dataRight to Erasure: You can request deletion of your account and associated dataRight to Data Portability: You can request your data in a machine-readable formatRight to Object: You can object to processing of your personal dataRight to Restrict Processing: You can request limitation of how we process your data
- Given our minimal data collection and client-side encryption architecture, most of these rights are either automatically fulfilled or not applicable
- For example, we cannot access your note content to rectify or port it, as it's encrypted on your device
- Data retention and deletion (see more)
- When you delete your account through Mimiri Notes, we physically delete your account and data from all live servers
- Backups are purged according to our normal retention window, which is set to meet reasonable disaster recovery requirements
- We are legally required to retain payment records even after account deletion, but these are kept separate from your account data
- Legal basis for processing (see more)
- Legitimate Interest: Basic operational data (server usage, version tracking) for service operation and security
- Contract Performance: Account data necessary to provide the note storage and synchronization service
- Consent: For subscription services where you provide personal information for payment processing
- Contact for privacy-related requests (see more)
- For any privacy-related requests or questions, you can contact us through the support channels available in Mimiri Notes
- We will respond to valid requests within the timeframes required by applicable law (typically 30 days under both FADP and GDPR)
1 While notes are relatively small and the amount of data a legitimate user uses is largely irrelevant, not knowing this would allow a malicious user to fill our servers with unlimited amounts of data, thus making it both economically and practically infeasible for us to operate the service.