Privacy Policy

1. Introduction

This Privacy Policy explains how Rawai Capital Pty Ltd (“we”, “us”, or “Note8”) collects, uses, discloses, and protects your personal information when you use the Note8 platform and services (the “Service”) at note8.dev and app.note8.dev.

We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we have users in the European Economic Area, we also comply with the General Data Protection Regulation (GDPR). For users in California, we comply with the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Information You Provide

• Account information: your name and email address when you register for an account
• Feedback content: screenshots, annotations, drawings, pointer data, voice recordings, and text feedback you submit through the Note8 widget
• Communications: information you provide when you contact us for support or other enquiries

2.2 Information Collected Automatically

• Usage data: pages visited, features used, timestamps, and interactions with the Service
• Device and browser information: browser type, operating system, screen resolution, and device identifiers
• Cookies and similar technologies: we use cookies and analytics tools to understand how the Service is used (see Section 7)
• Log data: IP addresses, access times, referring URLs, and error logs

2.3 Information We Do Not Collect

• Payment card details: all payment processing is handled by Stripe. We do not store, process, or have access to your full credit card number or payment credentials. We may receive limited billing information such as the last four digits of your card, card type, and billing address from Stripe for record-keeping purposes.
• Source code: the Note8 local agent runs entirely on your machine. Your source code is never transmitted to or stored on our servers. All AI-powered code generation and analysis is performed locally by your own coding agents using your own tools and API tokens.

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and operating the Service, including processing feedback items, displaying annotations, and enabling the review dashboard
• Managing your account and authenticating your identity
• Processing payments and subscriptions through Stripe
• Communicating with you about your account, support requests, and service updates
• Analysing usage patterns and improving the Service
• Detecting and preventing fraud, abuse, and security incidents
• Complying with legal obligations

4. Legal Basis for Processing

For users in the European Economic Area, we process personal information under the following legal bases:

• Contract: processing necessary to provide the Service to you
• Legitimate interests: analytics, security, and service improvement
• Consent: where you have given specific consent, such as for marketing communications
• Legal obligation: where processing is required by law

5. Third-Party Services and Data Sharing

We share personal information with third-party service providers solely for the purposes described in this policy. We do not sell your personal information to third parties. We may disclose your information if required by law, regulation, or legal process, or to protect the rights, safety, or property of Note8, our users, or the public.

6. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement appropriate technical and organisational measures to protect your personal information, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

Your data may be transferred to and processed in countries outside of Australia. Where this occurs, we take reasonable steps to ensure that your information receives an equivalent level of protection as required under the Privacy Act 1988.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: required for the Service to function, including authentication and session management
• Analytics cookies: help us understand how users interact with the Service so we can improve it

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal information within a reasonable period, unless retention is required for legal, regulatory, or legitimate business purposes.

Feedback content (screenshots, annotations, and related data) is retained for the duration of the associated project. You may delete feedback items through the dashboard at any time.

9. Your Rights

9.1 Australian Privacy Principles

Under the Privacy Act 1988 (Cth), you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Complain about a breach of the Australian Privacy Principles

9.2 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you additionally have the right to:

• Request erasure of your personal data
• Request restriction of processing
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with a supervisory authority

9.3 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information (note: we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us using the details in Section 12.

10. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the Effective Date above. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us at:

If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.