Back to sign in

Privacy Policy

Mad Lit · Effective 22 June 2026

This policy explains what data Mad Lit (“we”, “us”) collects when you use the Mad Lit notes application, how we use it, who we share it with, and the choices you have. Mad Lit is a personal note-taking app; we collect the minimum needed to run it and we do not sell your data or use it to train AI models.

1. Information we collect

  • Account information. When you sign in with Google we receive your name, email address, profile picture URL, and your Google account identifier. We do not receive or store your Google password.
  • Your content. The pages, sections, tasks, comments, and related metadata you create or import. This content is stored so we can show it back to you.
  • Credentials you generate. Personal API keys and OAuth tokens used to connect external tools. These are stored only as one-way SHA-256 hashes — the raw values are shown once and never retained, so a database read cannot recover a usable credential.
  • Operational data. Basic server logs (e.g. request timestamps and error traces) generated by our hosting provider for security and reliability. We do not use third-party advertising or analytics trackers.

2. How we use your information

  • To provide the app: authenticate you, and store, display, search, and sync your content.
  • To operate connections you set up to AI assistants (see §4).
  • To secure the service, prevent abuse, and diagnose problems.

We do not sell your personal data, and we do not use your content to train or fine-tune machine-learning models.

3. How your data is stored and protected

  • Content is stored in a managed PostgreSQL database (Neon) and is isolated per user — there is no cross-account access.
  • Data is encrypted in transit (TLS/HTTPS) and at rest by our infrastructure providers.
  • API keys and OAuth tokens are stored only as hashes; OAuth access tokens are scoped to a single user and audience and expire.

4. Sharing and third parties

We share data only as needed to run the service:

  • Google — authentication (sign-in).
  • Replit — application hosting.
  • Neon — database hosting (United States region).
  • AI assistants you connect. If you connect Mad Lit to Claude, ChatGPT, or a similar tool (via custom connector or API key), then at your direction the content those tools request is sent to that provider so it can act on your notes. That data is then subject to their privacy terms. You control which tools are connected and can disconnect them at any time.

We may also disclose information if required by law. We do not otherwise share your content with third parties.

5. Data retention

We retain your content for as long as your account is active. Pages you trash are kept until you empty the trash, after which they are permanently deleted. If you delete your account or ask us to delete your data, we remove your content and account information from our active systems; residual copies may persist in encrypted backups for a limited period before being overwritten.

6. Your choices and rights

  • Access and edit your content directly in the app at any time.
  • Export your content (e.g. via the connected MCP tools or by request).
  • Revoke a connection by deleting its API key or removing the connector.
  • Request deletion of your account and associated data by contacting us.

7. Children

Mad Lit is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their personal data.

8. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above and, where appropriate, notifying you in the app.

9. Contact

Questions about this policy or your data? Email privacy@madlit.io.

Security & Enterprise Access