Privacy Policy

Last updated: May 3, 2026

handwritten.md (“we”, “us”) operates the web service at handwritten.md. We take privacy seriously because the data you upload is deeply personal: handwritten journals, study notes, ideas, and plans. This policy explains exactly what we collect, what we don't, and how long we keep it.

What we collect

  • Account information. Email address, optional name and profile photo, your password stored as a bcrypt hash in our database (we never see or store the plaintext), and authentication metadata such as session timestamps and the IP address of your last sign-in. If you sign in with Google, we also store the Google account ID we receive from Google's OAuth response so we can recognise you on return visits.
  • Sessions. Each signed-in device gets a session row in our database identified by a sha-256 hash of the session token (we never store the raw token). You can review and revoke individual sessions from Settings → Security.
  • Usage metadata. Number of pages transcribed, job timestamps, page counts per billing period, error rates. We do not store the content of your notes against your account.
  • Payment information. Handled entirely by Stripe. We never see or store your card details. Stripe returns a customer ID we use to look up subscription status.
  • Anonymous product analytics. Page views, feature usage, and error events identified by an opaque internal user ID, never by email, and only with your cookie consent. PostHog is hosted in the EU.

What we don't collect

  • Your note content, long-term. Photos and PDFs you upload are processed in memory and stored in a per-job temporary folder for the duration of transcription. They are deleted automatically by a scheduled purge within 60 minutes of upload.
  • The transcribed markdown, long-term. The markdown we generate lives on the server only until you download it and the same 60-minute purge fires.
  • Tracking or advertising cookies. We don't run ads and we don't share data with ad networks.

How long we keep things

  • Uploaded photos & generated markdown: deleted within 60 minutes.
  • Account & subscription records: retained while your account is active. Deleted within 30 days of account deletion (a brief grace period prevents accidental loss and allows reuse of the email).
  • Audit logs (security events): kept for 12 months for fraud and abuse review.
  • Anonymous analytics: retained per the PostHog default (12 months) and aggregated thereafter.

Third-party processors

We use the following sub-processors. Each handles a specific function and is bound by their own privacy commitments.

  • Stripe. Payments, subscription billing, invoicing, and tax.
  • Upstash. Rate limiting and short-lived account lockout state. No personal data. Keys are hashed identifiers and IP buckets with lifetimes measured in minutes.
  • Google (Gemini). Handwriting transcription via the Gemini API. Per Google's API policy, paid Gemini API content is not used to train their models.
  • Resend. Transactional email delivery.
  • PostHog (EU host). Anonymous product analytics, opt-in via the cookie banner.
  • Sentry. Error tracking. Configured with PII scrubbing on, no request bodies captured.
  • Replit and Neon. Managed PostgreSQL hosting in the United States.

Your rights

Under GDPR (EU), CCPA (California), and equivalent laws elsewhere you have the right to:

  • Access the data we hold about you. Download a data export from Settings → Data.
  • Delete your account and associated data, also from Settings → Data. Stripe subscription is cancelled in the same flow.
  • Correct account information from Settings → Profile.
  • Port your data using the same data export.
  • Object to analytics processing by switching your cookie consent to “essential only”.

Children

handwritten.md is not directed to children under 13. We do not knowingly collect personal information from children under 13.

International transfers

Our database and primary processing happen in the United States. PostHog analytics are hosted in the EU. By using the service you consent to your data being processed in the United States.

Contact

Privacy questions, deletion requests, or anything else: privacy@handwritten.md.