Your Data. Your Notes. Our Commitment.

XNote is built with layered security, strict access controls, and privacy-first AI processing to keep your notes safe and private.

Encrypted In Transit

All data is encrypted during transmission and protected at rest using managed infrastructure.

Role-Based Access

Access is restricted based on identity, ownership, and legitimate business need.

AI Privacy First

Your data is never used to train AI models. Processing is limited to features you request.

Continuous Monitoring

Operational logging, monitoring, and recovery capabilities protect service reliability.

1

Infrastructure & Architecture

XNote is built on a cloud-based architecture using managed infrastructure and service providers selected to support reliability, scalability, and security. Our platform includes separate layers for client applications, backend services, AI processing, observability, and data storage.

We use service isolation, authenticated API access, and controlled integrations to support secure communication between system components.

2

Authentication & Access Control

XNote uses authenticated access controls for protected functionality. At both the application and database layers, access is restricted based on user identity and ownership controls.

Token-based authentication for all user sessions
Row-level access restrictions ensuring users only access their own data
Administrative and production access restricted to authorized personnel
Role-based permissions with legitimate business need verification

3

Data Protection

XNote uses encryption in transit and relies on managed infrastructure protections for encryption at rest, where applicable. We maintain access restrictions around production data and apply controls designed to limit unnecessary access to user content.

User data submitted through XNote is processed only for the purpose of providing requested functionality and supporting the operation of the service.

Encryption in transit for all data transmissions
Managed infrastructure protections for data at rest
Strict access restrictions around production data
Data processed only for requested functionality

4

AI Processing Safeguards

XNote includes AI-powered features such as transcription, summarization, and structured content extraction. These features are designed to support user productivity and convenience.

Customer data submitted through the service is not used by XNote to train general-purpose AI models. AI processing is limited to the functionality requested by the user.

Your data is never used to train AI models
AI processing limited to user-requested functionality
Transcription, summarization, and extraction scoped to your content only

5

Application Security

XNote applies a comprehensive range of application security measures to protect your data and ensure the integrity of the platform.

Authenticated APIs with input validation
Role-based and ownership-based authorization checks
Rate limiting and webhook signature verification
Secret scanning in development workflows
Dependency monitoring and security updates
Container hardening practices

6

Monitoring & Resilience

We maintain operational logging, monitoring, and recovery capabilities to support service reliability and incident response. Backup and recovery mechanisms are used to help protect service continuity and data resilience.

Operational logging and real-time monitoring
Incident response and recovery capabilities
Backup mechanisms for service continuity
Continuous improvement of security controls

7

Privacy & Compliance

XNote maintains a published Privacy Policy and Terms of Service that describe how customer data is handled. Where required, XNote has appointed EU and UK representatives in accordance with applicable data protection laws.

We continue to develop and strengthen our security and privacy controls as the platform grows and as customer, operational, and regulatory expectations evolve.