AlnairBack to home

Privacy Policy

Last updated: 4 June 2026

1. Who we are

Alnair (the “Service”) is operated from Bangladesh. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over it. By using the Service you agree to this Policy.

2. What we collect

We collect only the data needed to provide the Service:

  • Account data — your email address, display name, and optional institution. Sign-in is passwordless (email one-time code or Google), so we never store a password.
  • Content you create — notes, transcripts, summaries, flashcards, quizzes, mind maps, chat messages, tasks, folders, tags, and the text embeddings derived from them.
  • Uploaded files — PDFs, audio recordings, and other materials you upload. See §3 for our retention promise.
  • Usage metrics — monthly counters for notes created, AI chat messages sent, and AI task generations (used to enforce plan limits).
  • Payment data— handled entirely by our payment processor; we never receive your full card details. We do store the processor’s customer and subscription IDs so we can link your account to your subscription.
  • Technical logs — standard server logs (IP address, request path, user-agent, timestamps) kept for security and debugging.

3. Audio files are not stored

When you upload an audio file or record audio in the app, the file is held in temporary memory or in a temporary disk location only for the duration of the transcription job, then deleted in the same processing window. We do not back it up, copy it, or move it to any persistent storage.

The text output of the transcription (the transcript) is stored in your account, because the rest of the Service operates on that text.

4. How we use your data

We use your data only to:

  • Authenticate you and provide the Service’s features;
  • Transcribe your audio, generate notes/flashcards/quizzes, and run AI chat;
  • Enforce plan limits and process payments;
  • Send transactional emails (welcome, password reset, support replies);
  • Diagnose errors and prevent abuse.

We do not sell your data, use it for advertising, or use your content to train any AI model.

5. Third-party processors

We rely on a small number of vetted sub-processors for the categories of activity listed below — hosting, database, authentication, payment processing, audio transcription, AI inference and embeddings, and transactional email. Each is bound by their own privacy policy and processes only the data necessary for their specific role.

A categorised list of these sub-processors — grouped by function, with a description of the data shared with each — is published at /sub-processors. The specific providers behind each function are available on request, and the list is updated whenever a category of sub-processor is added or changed.

6. International data transfers

Our infrastructure and sub-processors operate primarily in the United States and the European Union. By using the Service from outside these regions you consent to your data being transferred to and processed in those regions. Where required by law, the processors above use standard contractual clauses or equivalent safeguards.

7. Data retention

We keep your account data and content for as long as your account exists. When you delete your account from the Settings page, all your data (notes, uploads, chat history, embeddings, tasks, folders, tags, subscription records) is deleted from our database within a reasonable period via cascading database deletion. Some technical logs (security and billing audit trails) may be retained by our processors for up to 90 days as required for fraud prevention and tax compliance.

8. Your rights

Depending on where you live (EU/EEA, UK, California, Bangladesh, and other jurisdictions), you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Delete your account and the data it contains;
  • Export your data in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent (where processing is based on consent);
  • Lodge a complaint with your local data protection authority.

You can delete your account at any time from Settings → Delete account. For any other request, email support@alnairnote.com and we will respond within 30 days.

9. Cookies and local storage

We use cookies and browser local storage only for essential functionality: keeping you signed in (Supabase auth session token), remembering your last subscription plan to avoid UI flicker, and storing your interface preferences. We do not use third-party advertising cookies or cross-site tracking.

10. Children

The Service is intended only for adults aged 18 and over. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with data, contact us and we will remove it.

11. Security

All traffic between your browser and our servers is encrypted with TLS. Sign-in is passwordless, so there is no password to store or leak. Database tables enforce row-level security so each user can only read their own rows. No system is perfectly secure; if we become aware of a breach that affects your data we will notify you and the relevant authorities as required by law.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. For material changes we will give reasonable notice via email or in-app.

13. Contact

For privacy questions or to exercise the rights above, email support@alnairnote.com.