Privacy Policy

Last Updated: January 2026

common.ink (“we”, “us”, or “our”) operates the common.ink service. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Password (hashed and salted)

Notes Data

• All notes you create are stored encrypted at rest using AES-256-GCM
• Each user has their own isolated SQLCipher database
• We do not access or analyze the content of your notes

Usage Data

We may collect information about how you access and use the Service:

• Access timestamps
• Feature usage statistics
• Error logs (without note content)

How We Use Your Information

We use the collected data to:

• Provide and maintain the Service
• Authenticate your identity
• Send transactional emails (password resets, magic links)
• Improve the Service

Data Security

Your notes are:

• Encrypted at rest using SQLCipher with AES-256-GCM
• Isolated in per-user databases
• Protected by envelope encryption with rotating keys

Data Retention

• Account data is retained while your account is active
• Deleted notes are permanently removed within 30 days
• You may request complete account deletion at any time

Third-Party Services

We use the following third-party services:

• Tigris (S3-compatible storage) for public note hosting
• Resend for transactional email delivery
• Fly.io for infrastructure hosting

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your notes

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact Us

If you have questions about this Privacy Policy, please contact us at: privacy@common.ink