Privacy Policy

NoteBulk is a browser-extension-first tool for running bulk actions in Notion. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and which third parties help us operate the service.

We may collect and process the following categories of information:

• Account information such as your user ID and, when available, your email address.
• Notion connection data including workspace ID, workspace name, and an encrypted Notion access token.
• Action and audit data including action type, selected page IDs, destination page ID when applicable, action status, timestamps, per-page execution messages, and rollback-related action records.
• Extension local settings including workspace authorization status, workspace name, and debug mode preference.
• Billing-related identifiers, if paid plans are enabled, such as Stripe customer ID, Stripe subscription ID, plan information, and billing status.

We do not store Notion page body content or block content on our servers. We only store the identifiers and operational records needed to connect a workspace, run actions, and keep audit history.

• Authenticate your NoteBulk account and Notion workspace connection.
• Execute requested bulk actions such as move, trash, and lock.
• Show action progress, failure details, audit logs, and rollback history.
• Enforce plan limits, usage tracking, and feature access.
• Operate, secure, debug, and improve the service.
• Provide support and respond to issues sent to support@notebulk.com.

We use third-party providers to operate NoteBulk. These may process data on our behalf:

• Notion, for workspace authorization and action execution.
• Supabase, for authentication and database infrastructure.
• Vercel, for hosting and application delivery.
• Upstash, for asynchronous action processing infrastructure.
• Stripe, if paid plans are enabled, for checkout, subscription management, and refunds.

• Encrypted Notion access tokens are stored only while a workspace remains connected.
• When a workspace is disconnected, the related Notion access token is deleted immediately.
• Job records, audit logs, and rollback-related action records are retained for no longer than 14 days.
• Retention windows may vary by plan, but will not exceed 14 days under the current product policy.

NoteBulk does not currently provide a separate manual data deletion request workflow. Instead, deletion happens through product actions:

• Disconnecting a Notion workspace removes the related Notion access token.
• Deleting the relevant user/account data removes the related NoteBulk records tied to that user.

We encrypt stored Notion access tokens and use infrastructure controls intended to limit unauthorized access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Paid billing features are planned but not fully live yet. If paid plans are enabled, Stripe will process payments and related billing data. NoteBulk does not store full payment card details.

We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page.

If you have questions about this Privacy Policy, contact support@notebulk.com.