Privacy Policy

We collect information you provide directly: name, email address, phone number, and loan details entered into the platform. We do not collect or store bank account numbers or payment card data — all payment information is handled exclusively by Stripe.

• To operate and provide the NoteCarry platform
• To send payment reminders, receipts, and notifications
• To generate and deliver IRS 1098 forms
• To maintain an audit log of actions taken in the platform
• To improve the service

We share your data only with:

• Stripe — for payment processing (PCI-DSS Level 1 certified)
• Supabase — for database and authentication infrastructure
• Resend — for transactional email delivery
• Twilio — for SMS notifications (if enabled)
• Anthropic — for AI-powered document extraction (document content is processed but not stored by Anthropic)

We do not sell your personal information.

All data is encrypted in transit (TLS) and at rest. Access to loan data is restricted by Row Level Security — each user can only access their own records. Two-factor authentication is available for all accounts.

We retain your data for as long as your account is active. If you close your account, we retain records for 7 years to comply with IRS requirements for tax document records, then delete them.

You may request a copy of your data, correction of inaccurate data, or deletion of your account by emailing support@notecarry.io. Deletion requests are processed within 30 days, subject to legal retention requirements.

Questions about this policy? Email support@notecarry.io.