NOTTO
LEGAL_DOCUMENTATION

DATA

POLICY

DATA_HANDLING / INFORMATION_GOVERNANCE

EFFECTIVE_DATE: AUGUST_2025

DATA_POLICY_OVERVIEW

This Data Policy describes how Notto handles, processes, and protects information in accordance with privacy best practices and applicable data protection regulations.

As a proof-of-concept project, Notto implements privacy-by-designprinciples, collecting minimal data and maintaining transparent data practices.

DATA_CATEGORIES

ANALYTICS_DATA

  • Website Traffic: Page views, session duration, bounce rates collected through web analytics tools
  • User Behavior: Navigation patterns, feature usage, interaction with documentation sections
  • Performance Metrics: Page load times, error rates, browser compatibility data
  • Referral Data: Sources of traffic, search terms, external link tracking

TECHNICAL_DATA

  • Device Information: Browser type and version, operating system, screen resolution
  • Network Data: IP address (anonymized), geographic location (country/region level only)
  • Session Data: Temporary identifiers for analytics, automatically expire after 24 hours
  • Error Logs: Technical errors, broken links, console warnings for debugging purposes

DATA_PROCESSING

PROCESSING_PURPOSES

  • Site Optimization: Improving user experience, identifying popular content, optimizing page performance
  • Technical Improvement: Bug detection, compatibility testing, feature usage analysis
  • Security Monitoring: Detecting malicious activity, preventing abuse, maintaining system integrity
  • Development Planning: Understanding user needs, prioritizing features, informing roadmap decisions

PROCESSING_METHODS

  • Automated Processing: Data collected automatically through web analytics and monitoring tools
  • Aggregation: Individual data points combined into statistical summaries and trends
  • Anonymization: Personal identifiers removed or encrypted to protect user privacy
  • Retention Limits: Data automatically deleted after specified retention periods

DATA_STORAGE_AND_RETENTION

STORAGE_LOCATIONS

  • Cloud Analytics: Data stored in reputable analytics platforms with appropriate security measures
  • CDN Logs: Basic access logs stored by content delivery network providers for 30 days maximum
  • Error Monitoring: Error logs stored in secure monitoring services for debugging purposes
  • Local Development: No production user data stored in local development environments

RETENTION_PERIODS

  • Analytics Data: Retained for 26 months maximum, then automatically deleted
  • Error Logs: Retained for 90 days for debugging, then permanently deleted
  • Performance Data: Aggregated data retained for 12 months, individual events deleted after 30 days
  • Security Logs: Retained for 6 months for security monitoring purposes

DATA_SHARING_AND_THIRD_PARTIES

THIRD_PARTY_SERVICES

  • Web Analytics: Anonymized data shared with analytics providers for traffic analysis and reporting
  • CDN Providers: Basic request data processed by content delivery networks for performance optimization
  • Error Monitoring: Technical error data shared with monitoring services for bug detection and fixing
  • GitHub Integration: Public repository data governed by GitHub's privacy policy

DATA_SHARING_RESTRICTIONS

  • No Personal Data Sales: We never sell personal data to third parties
  • No Marketing Lists: User data not shared with marketing companies or advertisers
  • Legal Compliance Only: Data only shared when required by applicable laws or court orders
  • Service Providers Only: Third-party access limited to essential service providers with appropriate agreements

USER_CONTROLS_AND_CHOICES

OPT_OUT_OPTIONS

  • Browser Settings: Disable cookies and tracking through browser privacy settings
  • Do Not Track: Respect browser Do Not Track signals where technically feasible
  • Ad Blockers: Analytics blocked by ad-blocking software will be respected
  • VPN/Proxy: Use of VPN or proxy services will naturally anonymize traffic

DATA_REQUESTS

  • Access Requests: Request information about what data we have collected
  • Deletion Requests: Request deletion of any personal data we may have
  • Correction Requests: Request correction of inaccurate data
  • Portability Requests: Receive your data in a machine-readable format

DATA_PROTECTION_CONTACT

For data protection questions, requests, or concerns:

  • Data Requests: tmerrien@outlook.com
  • Technical Questions: https://github.com/tmerrien/notto/issues
  • Privacy Concerns: tmerrien@outlook.com

We will respond to data protection requests within 30 days in accordance with applicable privacy regulations.