Last updated: February 21, 2026
DriftNote ("we", "us", or "our") operates the website at driftnote.net and the DriftNote podcast summarisation service. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Service, and your rights in relation to that data.
For questions about this policy or your data, contact us at contact@driftnote.net.
When you create an account, we collect your email address and a hashed password. If you sign up or log in via Google, we receive your name, email address, and profile picture from Google.
When you use the Service, we store the Spotify episode URLs you submit, the podcast and episode titles associated with them, the AI-generated summaries produced, the status of each summary (completed or failed), and the timestamps of your activity. If you connect Notion, we also store the URL of the Notion page where a summary was saved.
If you connect your Notion workspace, we store an encrypted OAuth access token, your Notion workspace ID and name, and a bot ID. This data is used solely to save summaries to your Notion workspace on your behalf.
If you subscribe to a paid plan, payments are processed by Stripe. We do not store your card details. We store your Stripe customer ID, subscription status, and billing period dates to manage your access to Pro features.
We collect standard technical information including your IP address, browser type, device information, and pages visited, via Vercel Analytics and Vercel Speed Insights. This data is aggregated and used to monitor performance and improve the Service.
We use the information we collect to:
We do not use your data to train AI models. We do not sell your personal data to third parties.
The Service relies on the following third-party processors. Each has its own privacy policy and data practices:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication & database | Email, hashed password, user data |
| Google (Gemini AI) | AI summarisation | Podcast transcript text |
| Google (OAuth) | Sign in with Google | Name, email, profile picture (if used) |
| Stripe | Payment processing | Email, billing information |
| Notion | Saving summaries to Notion | OAuth token, summary content (if connected) |
| PodcastIndex | RSS feed discovery | Podcast name (search query) |
| Spotify / iTunes | Episode metadata | Episode URL / podcast name |
| Cloudflare Turnstile | Bot prevention | Browser signals, IP address |
| Vercel | Hosting, analytics, performance | IP address, page views, load metrics |
We use HTTP-only session cookies managed by Supabase to keep you logged in. These cookies are strictly necessary for the Service to function and do not track you across other websites.
We also use temporary cookies during the Notion OAuth flow to protect against CSRF attacks. These are deleted once the flow is complete.
Vercel Analytics may set analytics cookies or use local storage for performance measurement. These do not contain personally identifiable information.
We retain your account data and summaries for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial record-keeping purposes (for example, Stripe transaction records may be retained for up to 7 years in accordance with financial regulations).
You can delete individual summaries at any time from your dashboard. You can disconnect your Notion integration at any time from your account settings.
Depending on where you are located, you may have the following rights regarding your personal data:
To exercise any of these rights, email us at contact@driftnote.net. We will respond within 30 days. If you are located in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We implement reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), HTTP-only session cookies, row-level security on our database, and encrypted storage of third-party OAuth tokens.
No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
Our Service is hosted on Vercel and uses Supabase for data storage. Your data may be processed in the United States or other countries where our third-party processors operate. Where required by law, appropriate safeguards (such as Standard Contractual Clauses) are in place to protect transferred data.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision.
Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
For any privacy-related questions, requests, or complaints, contact us at contact@driftnote.net.
You can also review our Terms of Service.