Deepink Privacy Policy

Effective date: 2026-02-27

Deepink is a privacy-first note-taking app. This Privacy Policy explains what information we collect, why we collect it, and the choices you have.

Plain-language summary

  • Your notes are encrypted end-to-end by default. We do not have access to your note content when you store or sync encrypted notes.
  • No account is required to use Deepink.
  • If you create an account (optional), we collect your email address.
  • We collect limited usage and device data (such as app opens, feature usage, IP address, and device/app details) to understand how Deepink is used and to keep it reliable.
  • If you choose “decrypted sharing”, the shared note is stored and served in plaintext so anyone with the link can read it. This is optional and controlled by you.
  • Our website (deepink.io) uses Google Analytics and cookies. There is currently no cookie consent banner.

If you have questions, contact: [email protected].

1) Who is responsible for your data

Deepink is operated by Deepink Project (maintained by Robert Vitonsky).

2) What this policy covers

This policy covers:

  • The Deepink desktop app (all supported platforms).
  • The Deepink website at deepink.io.

This policy does not cover third-party websites, apps, or services you may access via links from Deepink.

3) How Deepink works (encryption and content access)

End-to-end encryption by default

Deepink is designed so that your notes are encrypted before they leave your device.

  • Encryption keys are derived from your password.
  • We do not receive your password.
  • We do not have the key needed to decrypt your encrypted notes stored or synced through our servers.

No password reset (important)

Deepink does not offer password reset for encrypted notes. If you lose the password used to encrypt your data, you may lose access to encrypted content.

We do not read encrypted note content

When you use Deepink in its default encrypted mode, we do not process or store your note content in plaintext on our servers.

4) When we can access note content (decrypted sharing)

Deepink supports sharing notes by link. You control the sharing mode.

Encrypted sharing

If you share an encrypted note, we store and serve encrypted data, and the server does not receive the decryption key.

Decrypted sharing (plaintext)

If you choose decrypted sharing, the note content is stored and served in plaintext so that anyone with the link can read it.

This means:

  • The shared note is not end-to-end encrypted in this mode.
  • Deepink’s systems may technically be able to access that plaintext content (because it must be delivered to recipients in readable form).
  • Anyone who obtains the link may be able to access the note.

Indexing decision (noindex)

Deepink intends to reduce accidental discovery of decrypted shared notes by using technical measures such as noindex directives for share pages, but links are still shareable and access is not guaranteed to be private if the link is forwarded or leaked.

Deepink may provide controls such as revocation, expiration, and password protection for share links. Availability can vary by version.

5) Information we collect

A) Information you provide

Optional account information

  • Email address (if you create an account)

Support communications

  • If you email us, we collect the information you include in your message (which may include screenshots or files if you send them).

B) Information we collect automatically (app)

Usage analytics We collect usage data such as:

  • app opens
  • session duration
  • feature events (for example, which features are used)

Device and technical data We may collect:

  • IP address
  • a random app-generated user identifier
  • device/app details (such as OS version, app version, language/locale, time zone)
  • approximate location inferred from IP address (as part of normal network operation), but we do not collect precise GPS location

Important: We do not intentionally collect note content (such as the text of notes, note titles, or search queries) as part of analytics events.

C) Information we collect automatically (website)

On deepink.io, we collect website data such as:

  • pages viewed and interactions
  • approximate location derived from IP address
  • device/browser information

We use Google Analytics on the website. At this time:

  • We do not use IP anonymization.
  • We do not display a cookie consent banner.

We may also use our own internal website analytics.

6) Cookies and similar technologies (website)

deepink.io uses cookies and similar technologies for:

  • essential website operation
  • analytics (including Google Analytics)
  • potential future product experiments such as A/B testing (planned to be run using our own tools)

If your browser allows, you can typically control cookies through your browser settings. Note that disabling cookies may affect website functionality.

7) How we use your information

We use information for purposes such as:

  • Providing the service
    • creating and managing optional accounts
    • sending login-related emails
  • Operating sync and sharing
    • storing encrypted sync data
    • hosting share links (including plaintext hosting for decrypted shares, if you choose it)
  • Improving Deepink
    • understanding usage to improve features and usability
  • Security and abuse prevention
    • detecting suspicious activity and preventing misuse
  • Support

8) Emails we send

If you create an account, we may send account-related emails such as:

  • login emails
  • service notices related to your account

Deepink does not currently send marketing newsletters.

9) When we share information

We do not sell your personal information and we do not share it for cross-context behavioral advertising.

We may share information only in limited situations, such as:

  • Service providers
    • For example, vendors that help us run the website (such as analytics providers) or deliver email.
  • Legal and safety
    • If we believe disclosure is reasonably necessary to comply with law or valid legal process, or to protect Deepink, our users, or the public.
  • Business changes
    • If the project is reorganized, merged, or transferred, information may be transferred as part of that change.

10) Data retention

We retain information for as long as needed to operate Deepink and for legitimate purposes such as security and support.

Account data

  • If you request account deletion, we aim to delete account data from primary systems within 30 days.
  • Account data may remain in backups for up to 1 year.

Encrypted synced data

  • You can delete synced encrypted data from within the app (where available).
  • If you delete your synced data, we aim to remove it from primary systems, but residual copies may persist temporarily in operational logs or caches.

Decrypted shared notes (plaintext)

  • Plaintext shared notes remain available until you revoke/delete the share link (auto-expiration is not enabled by default).

Security logs

  • We may retain security-related logs (such as IP address and user agent) for up to 30 days.

11) Your choices and controls

Using Deepink without an account

You can use Deepink without creating an account.

Analytics controls (in-app)

In-app analytics collection is currently enabled. We intend to add a setting so you can turn analytics off.

Sharing controls

You control whether to share notes and whether shared notes are encrypted or decrypted. If privacy is important for a shared note, avoid decrypted sharing and protect share links.

Access and deletion

You can request deletion of your account by contacting [email protected].

12) Security

We use technical and organizational measures designed to protect information, including encryption for notes in the default encrypted mode and secure transport (such as HTTPS) for data in transit.

No system can be guaranteed $100%$ secure. If you believe you found a security issue, contact [email protected].

13) Children

Deepink is not intended for children under 13. If you believe a child under 13 has provided personal information to Deepink, contact [email protected].

14) Open source

Deepink is open source: https://github.com/vitonsky/deepink

This Privacy Policy applies to official Deepink services (such as sync and the website). If you build and run your own version, your setup may differ.

15) International use

Deepink is available globally. Information may be processed in locations where Deepink or its service providers operate.

16) Changes to this policy

We may update this Privacy Policy from time to time. If we make changes, we will update the effective date above and post the updated policy.

17) Contact

Questions or requests:

Security issues: