Privacy Policy
Last updated: May 19, 2026
Who we are
MyWriters Notes is operated by David Kaufman, doing business as MyWriters. Contact: support@mywriters.life.
What we collect
- Account info. Your email address and a display name. We store your password as a bcrypt hash — never in plain text.
- Your pages and blocks. The notes you write are stored on our servers so they can sync across your devices. We do not read your content unless required by law or to investigate abuse.
- Sharing metadata. If you share a page or invite a collaborator, we store the recipient's email and the role you granted them.
- Sync activity. Timestamps of when devices last synced, used solely to deliver incremental changes.
- Published page views. When someone visits a publicly published page, we record an SHA-256 hash of their IP (salted, rotated daily) and the referer URL. The raw IP is not stored.
- Failed login attempts. Hashed IP + email, kept for 30 days, used only to rate-limit brute-force attempts.
- Sessions. A Bearer token in the app (Keychain on your device) and a PHP session cookie on the website. Cookies are
Secure; HttpOnly; SameSite=Lax.
What we do NOT collect
- We do not use third-party analytics, advertising, or tracking pixels.
- We do not sell, rent, or share your data with advertisers.
- We do not request access to your contacts, location, microphone, or camera unless you actively use a feature that needs it (e.g., adding a cover image from your photo library).
Third-party services we use
- Resend (resend.com) — to deliver transactional email (verification, password reset, invitations). Resend sees the recipient email address and the message body.
- Anthropic (anthropic.com) — when you use the AI panel ("Summarize", "Continue", "Improve", "Ask", etc.), the relevant page text is sent to Anthropic's Claude API to generate the response. Anthropic's data-handling terms apply to that exchange. AI features are opt-in per request; nothing is sent to Anthropic until you click an AI button.
- InMotion Hosting — our web host. Our database lives on their MySQL servers.
How long we keep your data
- Active accounts. Indefinitely, while your account is open.
- Trashed pages and blocks. 30 days. After that, they're hard-deleted by a daily cron.
- Published page view logs. 90 days.
- Sync activity logs. 60 days.
- Failed login attempts. 30 days.
- Deleted accounts. Soft-deleted immediately; all associated pages, blocks, and shares are hard-deleted within 30 days. Email logs from Resend may persist on Resend's systems per their retention policy.
Your rights
- Access. Use the Export feature in the app to download your pages, or email us for a complete data export.
- Correction. Edit your account info in Account Settings.
- Deletion. Use Delete account to remove everything. This is irreversible.
- Portability. The Export feature produces Markdown that any other tool can import.
Security
All traffic to notes.mywriters.life is forced HTTPS with HSTS. Bearer tokens are stored as SHA-256 hashes server-side. Failed-login rate limiting is enforced per-IP. App uploads are validated by magic-byte MIME sniffing and SVG is intentionally not allowed.
Children
MyWriters Notes is not directed to children under 13. If you become aware that a child has provided us with information, please contact us and we'll delete it.
Changes to this policy
We'll update the "Last updated" date when we change anything material. Continued use after a change constitutes acceptance.
Contact
Questions? Email support@mywriters.life.