California Privacy Policy

Last Updated: September 2024

This California Privacy Notice (this “California Notice”) supplements the information contained in our Privacy Policy and applies to residents of California. This California Notice is meant to cover the requirements of and our activities subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

When we use the term “personal information” in this California Notice, we are referring to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household such as your real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Personal information does not include publicly-available information and information that is regulated by certain other applicable laws and exempt from the requirements of the CCPA, such as personal health information subject to The Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

Your Rights and Choices under the CCPA

Right to Know & Data Portability

You have the right to request that we disclose certain information to you about personal information we collected about you. Such information shall cover the 12-month period preceding our receipt of your request. Upon our receipt of your verified request, we will provide you with the following in a portable and usable format (to the extent technical feasible) at no charge to you:

  • The categories of personal information we have collected about you, and the specific pieces of personal information we have collected about you.
  • The categories of sources from which we collect your personal information.
  • The business or commercial purpose for collecting, selling, or sharing your personal information.
  • The categories of third parties with whom we have shared your personal information for a business or commercial purpose.

You may only make a verifiable “Right to Know” request twice within a 12-month period.

Right to Opt-Out

We do not sell your personal information or engage in cross-context behavioral advertising or targeted advertising; however, we are required to let you know that you have the right to opt-out of the sale or sharing of your personal information at any time if we ever engage in such activities as defined by the CCPA.

Right to Delete

You have the right at any time to request that we delete your personal information. However, in some cases we cannot delete all or some of your personal information as required or permitted by applicable laws.

Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you. However, in some cases, we may deny requests to correct inaccurate personal information, or may alternatively delete such personal information.

Right to Non-Discrimination

We will not discriminate against you for exercising your rights under the CCPA, such as by denying you products and services, charging you different rates or prices, including use of discounts or penalties, or suggesting or providing a different level of service or quality of products to you. However, we may charge a different price or provide a different level or quality of products and services if the price or difference is directly related to the value provided to you by your personal information.

We do not offer financial incentives of any type related to your personal information.

Information We May Collect

In the preceding 12 months, we have collected categories of personal information listed below.

For more details about the specific data points we may collect, please see the “What kind of data is being collected” section in our Privacy Policy.

  • Category of Information
    A. Identifiers
    Examples
    Email address, alias, IP addresses, device identifiers, identifiers such as a real name and account information.
    Category of Information
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
    Examples
    Name and contact information provided when you create your account with social logins, education and profession if you choose to provide this information when we conduct marketing surveys. Some personal data included in this category may overlap with other categories.
    Category of Information
    C. Commercial information
    Examples
    Products or services you considered, transaction information, purchase history, either directly or through a third party payment processor as described in our Privacy Policy.
    Category of Information
    D. Internet or other similar network activity
    Examples
    Browser type, frequency and time and date of visits to our Services, operating system, website activity, and information about and from your device, including but not limited to device ID, device language, and operating system.
    Category of Information
    E. Geolocation data
    Examples
    Approximate location based on IP address.
    Category of Information
    F. Audio, electronic, visual, or similar information
    Examples
    Images, visuals and similar information, such as those associated with the social logins you use to connect to our Services or when you create an account with us or when you provide those to us in connection with the Services we provide to you.
    Category of Information
    G. Inferences drawn from other personal information.
    Examples
    We may draw inferences drawn from any of the information identified above to reflect preferences, create profiles of users and those that interact with us reflecting a person’s preferences, behavior, attitudes, intelligence, abilities, and aptitudes, so that we may contact you with messaging that may interest you.

We do not collect, and please do not provide to us certain sensitive data (as defined in the VCDPA), including but not limited to racial and ethnic information, and information about one’s sexual orientation, and genetic data, biometric or health information.

Goodnotes Services are not intended for use by covered entities (as such term is defined in the HIPAA) for the transmission of Protected Health Information (as defined by HIPAA, 45 C.F.R. § 160.103), nor intended for the transmission of sensitive personal information (as defined by the CCPA, Cal. Civ. Code § 1798.140(ae), as amended) such as payment card or financial information (except when making a purchase), so please do not share this information with us.

Information Retention

In general, we will retain your personal information for as long as is necessary for the purposes set out in our Privacy Policy and the business purposes set forth below, or for longer (a) as required under any applicable legal, regulatory, accounting, or reporting requirements; (b) based on the agreement you have with us; or (c) in order to resolve disputes or enforce our agreements.

Please note that we are not required to: (i) retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; or (ii) re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.

Our Sources for Personal Information

We collect personal information from you from the sources described in the “What Kind of Data is Being Collected” section of our Privacy Policy.

Our Business Purposes for Collecting Personal Information

The personal information we collect from you is being used for the business purposes described in the “What is this data being used for” and “Who is my data disclosed to” sections of our Privacy Policy.

‍Sharing Personal Information for a Business Purpose

We may disclose your personal information for the business or commercial purposes set forth in the “Who is my data disclosed to” section of our Privacy Policy and/or as otherwise required or permitted by law in connection with our business.

California Shine the Light

If you are a California resident, you can request a notice disclosing the categories of personal information we have shared with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. To request a notice, please submit your request to support@goodnotes.com. Please allow 30 days for a response.

How to Contact us to Exercise Your CCPA Rights

To submit a request to exercise your “Right to Know” “Right to Correct” or “Right to Delete” provided in this notice, please use either of these two methods:

  1. email legal@goodnotes.com or Support Services via support@goodnotes.com
  2. submit request through the web form provided at https://support.goodnotes.com/hc/en-us/requests/new

We will evaluate the request and take action where required to do so.

We will confirm receipt of your request within 10 business days and will provide information about how we will process your request. We endeavour to respond to your request as soon as we can, within the timeframes permitted under the CCPA. If we are not able to respond to your request within 45 days, we will let you know within that timeframe that we may require additional time (up to 90 total days).

Verification of Requests and Authorised Agents

Depending on the nature of your request, we may have to verify your identity when you contact us to exercise your rights. Our verification process may vary depending on the nature of your request. However, generally, we will verify your request by asking you to:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized agent.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you.

You may also use an authorised agent to exercise your rights on your behalf. If you wish to use an authorised agent to make a request on your behalf, unless you have provided the authorised agent with power of attorney, we may require that: (1) you provide your authorised agent signed permission to do so; (2) you verify your identity; and (3) you confirm that you have provided the authorised agent permission to submit the request. We may deny any request from an authorised agent that does not submit proof that they have been authorised by you to act on your behalf.

Your authorised agent may make a request on your behalf by contacting us at support@goodnotes.com.

Goodnotes uses cookies to enhance user experience and analyze traffic. Details of which cookies we use are available at our Cookie Policy. By continuing to browse the site, you accept cookies. You can withdraw your consent by adapting your preferences in the ‘preferences’ section.