Last updated: November 20, 2025
This Data Processing Agreement (DPA) forms part of the Terms of Service between you (the 'Controller') and NinjaNote (the 'Processor') and governs the processing of personal data in accordance with the General Data Protection Regulation (GDPR).
This DPA applies to all personal data processed by NinjaNote on your behalf when you use our service.
Under GDPR:
You control your own personal data and are responsible for ensuring lawful processing of any data you store in NinjaNote.
We process your personal data solely to provide the NinjaNote service according to your instructions.
Storage, transcription, categorization, synchronization, and optional sharing of voice notes and associated data.
Data is processed for as long as you maintain an active account, plus up to 30 days for backups after account deletion.
Individual users of NinjaNote who create personal accounts.
NinjaNote uses the following sub-processors to deliver the service:
Service: AI transcription and categorization
Location: United States
Data Processed: Audio files, transcribed text
Service: Cloud storage and database
Location: Multi-region (US/EU available)
Data Processed: All user data and files
Service: Authentication
Location: United States
Data Processed: Email, name, profile photo
Service: Email notifications
Location: United States
Data Processed: Email address, notification content
Service: Payment processing
Location: United States
Data Processed: Payment information, user ID
We will notify you of any changes to sub-processors via email or service announcements.
NinjaNote implements the following technical and organizational measures:
NinjaNote provides the following tools to help you fulfill data subject rights:
For assistance with data subject rights, contact hola@ninjanote.app
In the event of a personal data breach, NinjaNote will notify you without undue delay (within 72 hours of becoming aware) and provide information about the nature of the breach and remedial actions.
Data may be transferred to countries outside the EEA. NinjaNote ensures appropriate safeguards through:
You may request information about our data processing practices and security measures by contacting us. We will provide reasonable cooperation to demonstrate compliance with this DPA.
Upon termination of your account, all personal data will be permanently deleted within 30 days, except where retention is required by law.
This DPA remains in effect for as long as you use NinjaNote and for 30 days after account deletion to allow for backup retention.
For questions about data processing or this DPA, please contact:
Email: hola@ninjanote.app
Website: www.ninjanote.app