Secto

Privacy Policy

Last updated: June 2026

1. What We Collect

We collect only what is needed to run the service:

  • Account info: name, email, and password (hashed)
  • Your content: notes, titles, and any images you upload
  • Usage data: basic analytics (page views, feature usage) to improve the product

2. How We Use It

Your data is used to provide and improve the service. We do not sell your data, use it for advertising, or share it with data brokers. Your content is yours.

Our legal basis for processing is the contract we have with you (providing the service you signed up for) and our legitimate interest in keeping the service secure and improving it.

3. Where It's Stored

Your data is stored securely using industry-standard infrastructure:

  • Database: PostgreSQL, self-hosted on a dedicated server
  • File storage: local file system on the same server
  • Hosting: Hetzner (Germany)

All data is encrypted in transit (HTTPS) and at rest.

4. Third-Party Services

We use a small number of third-party services:

  • Hetzner: server hosting (Germany)
  • Resend: transactional emails (verification, password reset)
  • Sentry: error tracking (no personal content is sent)
  • Umami: self-hosted, cookieless page analytics (no personal data, no cross-site tracking)

These services process data only as needed to operate Secto. We do not use any advertising networks or third-party tracking services.

5. Cookies

We use only essential cookies for authentication (session token) and theme preference. No third-party tracking cookies.

6. Your Rights

You can at any time:

  • Access your data through the app
  • Edit your profile and content
  • Delete your account and all associated data from Settings

Account deletion is permanent and removes all your notes, uploaded images, and account information.

7. Data Retention

Your data is kept as long as your account is active. Trashed notes are retained for 30 days before permanent deletion. When you delete your account, all data is removed immediately.

8. Security

Passwords are hashed with bcrypt. All connections use HTTPS. API endpoints are rate-limited. We follow security best practices, but no system is perfectly secure. Please use a strong, unique password. If a data breach ever affects your personal data, we will notify you by email without undue delay.

9. Changes

We may update this policy as the service evolves. Significant changes will be communicated via email. The “last updated” date at the top reflects the most recent revision.

10. Contact

Privacy questions? Email us at hello@secto.me.

Terms of ServiceSupport