1. Introduction and scope

Dodl Notes is a Chrome extension for secure, encrypted note-taking and organization. Dodl Notes uses a Dodl Notes account, browser storage, encrypted cloud sync, and secure backend services to provide sync, recovery, optional AI features, and account-linked settings.

You are responsible for the content you choose to store in notes, group names, member names, or other fields. If you store personal or sensitive information, you are responsible for compliance with any laws or policies that apply to your use case, including school, district, or local privacy requirements.

2. What Dodl Notes collects and processes

Dodl Notes processes only the information needed to run the product and the optional features you choose to use.

  • Authentication information such as your Dodl Notes account email address, Firebase Authentication session metadata, and locally entered password or recovery-key inputs.
  • Preferences and settings such as auto-lock duration, notifications, draft settings, telemetry controls, and feature toggles.
  • User activity timestamps used to support inactivity-based auto-lock behavior.
  • User-inputted note content, group names, member names, and descriptions, which are encrypted locally before persistence.
  • Encrypted key material used to unlock your workspace through your password or recovery method.
  • Optional AI prompts and responses when you choose AI-supported features.
  • Optional report template data, guideline support content, report timelines, and Google Docs export data.
  • Limited billing, subscription, and entitlement metadata for Pro access.
  • Optional feedback and support messages you submit.
  • Lifecycle metadata such as install, uninstall, version, sync, and migration state.
  • Sanitized diagnostic error reports when Reduced Telemetry is off. These reports are allowlisted and redacted to avoid classroom content, note/report text, names, classroom/member/note/report IDs, passwords, recovery keys, auth tokens, prompt text, and raw storage values.

3. Why Dodl Notes processes data

  • To provide the core note-taking, organization, sync, and recovery workflow.
  • To authenticate your Dodl Notes account and restore access to encrypted cloud data across devices.
  • To save and sync settings where supported.
  • To run optional features like AI insights, AI drafting, report templates, guideline assistance, and Google Docs export.
  • To manage Pro subscriptions and service continuity.
  • To improve reliability, security, and support, including product analytics and sanitized diagnostic error reports when telemetry is enabled.

4. Storage locations

  • Encrypted cloud data in Firebase Firestore, including encrypted snapshots, backups, templates, lifecycle data, sanitized diagnostic error report aggregates, and limited billing or entitlement metadata.
  • Browser local storage for drafts, caches, sync state, onboarding state, account-scoped setting mirrors, compatibility migration data, performance-related local data, and temporary sanitized diagnostic error queues/throttle state.
  • Browser sync storage may still contain legacy compatibility copies of lightweight settings, but the active runtime source of truth is the encrypted workspace snapshot plus the local account mirror.
  • Browser session storage for the unlocked encryption key while Dodl Notes is open and unlocked.
  • Optional IndexedDB file-handle records and user-chosen `.dodlpack` recovery file locations for offline recovery.

5. Encryption and security

Dodl Notes uses AES-GCM 256-bit encryption through the Web Crypto API. Notes are encrypted in the browser before local persistence and before cloud sync.

For a shorter teacher-facing summary, read the plain-language security and privacy overview.

  • Your encryption keys do not leave your device in unencrypted form.
  • The raw decrypted data key is session-scoped while Dodl Notes is unlocked.
  • Password-based and recovery-based wrapped key material may be stored as encrypted payloads, but the developer cannot decrypt your notes.
  • Losing both your password-based and recovery-based access methods may lead to permanent data loss.

6. Third-party services and international transfers

Dodl Notes uses Firebase Authentication and Firestore, Google Cloud functions, optional Google Docs export, Google's Generative AI API for selected features, and Stripe for subscriptions.

By using Dodl Notes, you acknowledge that certain account and backend data may be processed in countries outside your home jurisdiction, including the United States, where some of these providers operate.

7. Logging and analytics

Dodl Notes uses local console logging for debugging. Dodl Notes may also send limited product analytics using anonymous extension identifiers and product metadata. Public website pages may also use Google Analytics when configured. These analytics do not include note content, passwords, or recovery keys. When Reduced Telemetry is off, Dodl Notes may also send sanitized diagnostic error reports to help identify and fix deployed bugs.

If you enable Reduced Telemetry, Dodl Notes turns off analytics, diagnostic error reports, review prompts, proactive share prompts, and in-app feedback, though limited operational lifecycle records may still be stored to support the service.

8. Data retention and deletion

  • Deleting notes, groups, members, or templates in Dodl Notes removes them from your encrypted workspace or template store on the next save and sync.
  • Clearing browser data may remove local drafts, cached snapshots, session data, and saved recovery handle records.
  • Account reset attempts to remove encrypted cloud snapshot data, encrypted backend key material, and local extension data.
  • Uninstalling the extension removes local browser data but does not automatically delete your encrypted cloud records or any recovery package file saved elsewhere on your device.

9. Your rights

Depending on your jurisdiction, you may have rights over personal data controlled by Dodl Notes, such as your account email address, limited billing or entitlement metadata, lifecycle metadata, and backend support records. Because the developer cannot read your encrypted notes, requests about readable note content must be managed by you directly inside Dodl Notes.

10. Updates, jurisdiction, and liability

This policy may be updated to reflect changes in Dodl Notes' functionality, data handling, or legal requirements. Material updates may appear through release notes, the Chrome Web Store listing, or related Dodl Notes policy pages.

This policy is governed by the laws of Ontario, Canada, with disputes subject to the courts in Toronto, Ontario, Canada.

Dodl Notes is provided as-is. You assume responsibility for the content you store, the recovery materials you maintain, and your compliance obligations.