Privacy Policy

NoteTeller(“we,” “us,” or “our”) operates the NoteTeller MSP operations platform (“Service”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service, including our web application, client portal, and related features.

We are committed to protecting the privacy of all users and the confidentiality of client operational, support, billing, and asset data processed through the Service.

Account Information

When you create an account, we collect your name, email address, company name, and role. For billing purposes, we collect payment method details through our payment processor, Stripe.

Organization & Staff Data

Administrators and staff may enter information about their organization and clients, including staff records, client records, tickets, assets, billing configuration, compliance records, projects, and operational data.

Client Operational Data

The Service may process client operational information including contact details, ticket history, assets, support notes, billing records, files, and integration metadata. This data is entered and managed by authorized users.

Client Portal User Data

Client portal users provide their name, email address, and contact information. They may also interact with tickets, messaging, forms, and other support workflows.

Usage Data

We automatically collect information about how you interact with the Service, including IP address, browser type, pages visited, and timestamps. This data is used to improve performance and security.

• Provide, maintain, and improve the Service
• Process subscriptions and payments through Stripe
• Send transactional communications (account verification, password resets, billing notifications)
• Support ticketing, billing, reporting, assets, backups, projects, and client portal workflows
• Enable compliance tracking, audit trails, and operational reporting
• Respond to support requests and inquiries
• Protect against fraud, abuse, and unauthorized access
• Comply with applicable legal obligations

You are responsible for ensuring that the client and operational data entered into the Service is lawful, accurate, and appropriate for the support, billing, compliance, and business workflows you use NoteTeller to manage.

You are also responsible for obtaining any required permissions from your clients, contacts, employees, or vendors before entering their information into the Service or connecting third-party integrations.

Authorized users may request review, correction, export, or deletion of personal information by emailing us at supportnt@noteteller.com.

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, each bound by contractual data protection obligations:

• Stripe— Payment processing. Stripe handles all payment card data and is PCI DSS compliant. We do not store credit card numbers on our servers.
• Supabase— Database hosting, authentication, and file storage. Data is encrypted at rest and in transit.
• Vercel— Application hosting and content delivery.
• Microsoft— Email delivery for transactional notifications via Microsoft Graph API.

We may also disclose information when required by law, court order, or to protect the rights, safety, or property of our users or the public.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS) and at rest
• Row-level security (RLS) ensures tenant data isolation — each organization can only access its own data
• Multi-factor authentication (MFA) is available for all accounts, including TOTP and backup codes
• Session management with automatic idle timeout
• Audit logging of administrative actions
• Regular security reviews and vulnerability assessments

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

We retain your data for as long as your account is active or as needed to provide the Service. When an account is terminated, we retain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Some organizations may be required to retain certain business, financial, security, or client records under applicable laws or contracts.

You may request deletion of your account and associated data by contacting us. We will process deletion requests within 30 days, subject to legal retention requirements.

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and data
• Withdraw consent for optional data processing
• Export your data in a standard format

To exercise any of these rights, contact us at supportnt@noteteller.com.

The Service uses essential cookies for authentication and session management. We do not use third-party advertising trackers or sell data to advertisers. Analytics data is collected in aggregate to improve the Service and is not linked to individual user profiles for marketing purposes.

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

NoteTeller
Email: supportnt@noteteller.com