Privacy Policy

App: Topilo Notes · Last updated: October 29, 2025
This policy explains how Topilo Notes (“we”, “us”, “our”) processes personal data. It is designed for apps operating under the EU GDPR, including Sweden.

Who we are

Data Controller: Simon Bengtsson
Contact: dev@simonbengtsson.com

Data we collect

Account Data

  • Email address
  • Name
  • Usage Analytics

Purpose: create and manage your account, send essential service messages, and secure your access. And for product development.

User‑Generated Content

  • Notes you create, edit, import, and sync within the app.

Purpose: provide core note‑taking functionality, syncing, and backups (if enabled).

We do not collect advertising identifiers, or payment details through Topilo Notes unless otherwise stated here.

Why we process your data (legal bases)

  • Contract (GDPR Art. 6(1)(b)): to provide and maintain Topilo Notes, including syncing and support.
  • Legitimate interests (Art. 6(1)(f)): to protect against abuse and improve reliability (e.g., preventing spam sign‑ups).
  • Consent (Art. 6(1)(a)): when you opt in to optional features that require it. You can withdraw consent at any time.

How we use your data

  • Create and authenticate your account.
  • Sync and store your notes so they are available across your devices (if you sign in).
  • Send essential service emails (e.g., sign‑in links, security alerts). No marketing emails without consent.
  • Operate, protect, and improve the product.

Data storage & retention

  • Account data is kept while you have an active account. We may retain minimal records after deletion when required by law (e.g., fraud prevention).
  • Notes are stored until you delete them or delete your account. Deleting notes is usually immediate, with residual backups purged on a rolling basis (e.g., within 30–90 days).

International transfers

If we transfer data outside the EEA/Switzerland/UK, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs), and assess the destination’s legal framework.

Sharing your data

We do not sell your personal data. We may share limited data with trusted service providers (“processors”) who help us run Topilo Notes (e.g., hosting, email delivery). They act under contract, follow our instructions, and must protect your data.

We may disclose information if required by law, to protect our rights, or in connection with a merger, acquisition, or asset sale (with notice where appropriate).

Your rights

  • Access, rectify, or erase your personal data.
  • Port your data to another service.
  • Object to or request restriction of certain processing.
  • Withdraw consent, where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (e.g., Integritetsskyddsmyndigheten in Sweden).

To exercise your rights, contact us. We may need to verify your identity.

Security

We apply reasonable technical and organizational measures to protect your data, such as encryption in transit, access controls, and backups. No system is 100% secure; please keep your account credentials confidential.

Children’s privacy

Topilo Notes is not directed to children under 13 (or older minimum age where required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us to request deletion.

Cookies & tracking

Topilo Notes uses only strictly necessary cookies or local storage required for authentication and core functionality. We do not use third‑party advertising cookies.

Data deletion

You can delete notes at any time in the app. To delete your account and associated personal data, contact us or use the in-app account deletion feature.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above. Material changes may be communicated by email or in‑app notice.