OmeskeLog in

Privacy Policy

Last updated: February 24, 2026

1. Information We Collect

We collect information you provide directly: your email address, name (optional), and encrypted content (notes and files). We also collect technical data such as IP addresses, browser user-agent strings, and login timestamps for security and audit purposes.

2. How We Use Your Information

  • Authentication: Your email and hashed password verify your identity.
  • Service delivery: Encrypted content is stored to provide the notes and file storage service.
  • Security: IP addresses and user-agent data are logged for rate limiting, abuse prevention, and audit trails.
  • Transactional emails: We send password reset and registration emails when you request them.

3. Encryption and Data Protection

All notes and file names are encrypted at rest using AES-256-GCM. When end-to-end (E2E) encryption is active, your encryption key is derived from your password on your device and never sent to our servers. We cannot read your E2E-encrypted content.

File bodies stored in S3-compatible storage are encrypted with envelope encryption or E2E encryption depending on your client. Passwords are hashed using bcrypt with a cost factor of 12.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties except:

  • When required by law or legal process.
  • To protect our rights or the safety of users.
  • With service providers (hosting, email delivery) under strict data processing agreements.

5. Data Retention

Your data is retained for as long as your account is active. Audit logs (login history, file activity) are retained for security purposes. You may request account deletion at any time (see Section 7).

6. Cookies

We use essential cookies for authentication (session tokens) and user preferences. We do not use tracking or advertising cookies. See our cookie consent banner for details.

7. Your Rights (GDPR)

If you are in the EEA, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate data via your account settings.
  • Erasure: Request deletion of your account and associated data.
  • Portability: Export your data in a machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, contact us at the email address listed below or use the data export and account deletion features in your account settings.

8. Security Measures

  • HTTPS enforcement with HSTS headers
  • Content Security Policy (CSP) headers
  • Rate limiting on authentication endpoints
  • Account lockout after repeated failed login attempts
  • Optional virus scanning for uploaded files
  • Encrypted storage at rest (AES-256-GCM)

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy inquiries, data requests, or concerns, contact us at privacy@omeske.com.