← Back to Home

Privacy Policy

Last updated: 4/19/2026

1. Introduction

Derive Notes Pty Ltd ("Derive", "we", "us", or "our") is committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This policy outlines how we collect, use, store, and disclose your personal information when you use our website at derivenotes.com and related services.

Derive is a study and note-taking application designed for university students. We operate from Australia and serve users in Australia and the United States.

2. Information We Collect

We collect the following types of personal information:

  • Contact Information: Your email address when you sign up for our waitlist or create an account.
  • Payment Information: When you subscribe or make a payment, Stripe (our payment processor) collects your payment method details (such as credit card information) on our behalf. We do not directly store your full payment card details. We store your Stripe customer ID and subscription ID in our database to manage your subscription.
  • Subscription Information: Details about your subscription plan, billing status, and payment history.
  • Usage and Analytics Data: Information about how you interact with our website and services, including pages visited, features used, buttons clicked, and other product analytics events (for example, checkout interactions and feature usage). This data is collected via PostHog.
  • Technical Data: Browser type, device information, IP address, and similar technical details collected automatically when you access our website.

3. How We Collect Information

We collect information directly from you and automatically through your use of our services:

  • When you submit your email address to join our waitlist or create an account.
  • When you make a payment or subscribe through Stripe.
  • Automatically through analytics tools when you interact with our website.
  • Through cookies and similar technologies used for site functionality and analytics.

4. Purpose of Collection

We collect and use your personal information for the following purposes:

  • To manage your account and waitlist position.
  • To process payments and manage your subscription.
  • To contact you about your account, product updates, and service announcements.
  • To send you marketing communications and product news (you can unsubscribe at any time).
  • To analyse usage patterns and improve our website and services.
  • To detect and prevent fraud or abuse.
  • To comply with legal obligations.

5. Third-Party Service Providers

We use the following third-party services to operate Derive. These providers may process your personal information on our behalf:

  • Supabase: Cloud database and authentication. Stores your account information, email address, Stripe customer ID, and subscription ID. Data is hosted on secure cloud infrastructure.
  • Stripe: Payment processing. Handles all payment transactions and stores your payment method details securely. Stripe is PCI DSS compliant. See Stripe's Privacy Policy.
  • PostHog: Product analytics. Collects anonymised usage data and analytics events (such as page views, feature usage, and checkout interactions) to help us understand how users interact with our service.
  • Brevo: Email marketing and transactional emails. We sync contact information (email addresses) with Brevo to send you product updates, marketing communications, and service notifications. You can unsubscribe from marketing emails at any time.
  • Vercel: Website hosting and deployment. Serves our website and may process technical data such as IP addresses and request logs.

We do not sell your personal information to any third party.

6. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. We utilise secure cloud infrastructure and industry-standard encryption to store and transmit your data. Payment information is handled exclusively by Stripe, which maintains PCI DSS compliance. However, no data transmission over the internet is guaranteed to be 100% secure.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. If you cancel your subscription or request account deletion, we will delete or anonymise your personal information within a reasonable timeframe, unless we are required to retain it for legal or regulatory purposes.

Payment records may be retained for up to seven years to comply with tax and accounting obligations under Australian law.

8. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or outdated personal information.
  • Deletion: Request deletion of your personal information, subject to any legal retention requirements.
  • Withdraw Consent: Withdraw your consent for marketing communications at any time by unsubscribing or contacting us.

To exercise any of these rights, please contact us at matt@derivenotes.com. We will respond to your request within 30 days.

9. Information for United States Users

If you are a resident of the United States, the following additional disclosures apply:

California Residents (CCPA / CalOPPA)

  • We do not sell your personal information as defined under the California Consumer Privacy Act (CCPA).
  • You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information (though we do not sell it).
  • We will not discriminate against you for exercising your CCPA rights.
  • In accordance with the California Online Privacy Protection Act (CalOPPA), we disclose the categories of personal information we collect and the purposes for which it is used in this policy.
  • We honour Do Not Track (DNT) browser signals where technically feasible within our analytics configuration.

To exercise your rights under US privacy laws, please contact us at matt@derivenotes.com.

10. Cross-Border Data Transfers

As we use cloud-based service providers, your personal information may be stored and processed in countries outside of Australia, including the United States. We take reasonable steps to ensure that any overseas recipients of your personal information comply with the Australian Privacy Principles and provide adequate data protection.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Complaints

If you have a complaint about how we handle your personal information, please contact us at matt@derivenotes.com. We will respond to your complaint within a reasonable timeframe. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Contact Us

For any privacy-related questions or to exercise your rights, please contact us at: