Ramifica is a note-taking and outliner application that helps you organize your thoughts and manage list-based notes. This Privacy Policy explains how we collect, use, and protect information about you when you use our service.
By using Ramifica, you agree to the collection and use of information in accordance with this policy. If you have any questions, please contact us at the address listed at the end of this document.
For privacy-law purposes, Ramifica acts as the controller for personal data processed to provide the service. You can contact us at legal@ramifica.app.
Information We Collect
We collect information necessary to provide and improve our service:
Account information: Your email address when you register for an account.
Content data: The list items, notes, workspaces, collaborators, comments, mentions, check states, ordering data, and images you create or upload while using the service.
MCP and integration data: OAuth consent records, MCP token metadata, tool-use audit records, and related access-control information used to connect Ramifica to tools you authorize.
Usage information: Information about how you interact with the service, such as features used and actions taken, collected in general terms.
Technical information: Standard server log data including browser type, device type, and IP address, collected automatically as part of normal service operation.
Billing information: When you subscribe to Pro, payment is processed by Stripe. Stripe stores your payment method details and invoices on our behalf. We do not store raw card numbers or full payment credentials on our servers. Stripe's privacy policy governs the handling of your payment data (stripe.com/privacy).
Support information: Information you send when you contact us for help, account deletion, privacy requests, or billing support.
How We Use Your Information
We use the information we collect for the following purposes:
To provide and maintain the service, including storing and syncing your notes.
To authenticate you and keep your account secure.
To process OAuth and MCP connections you choose to authorize.
To process subscriptions, billing, refunds, and tax records.
To understand how the service is used and improve it over time.
To respond to your requests, questions, and support inquiries.
To detect abuse, debug errors, protect the service, and comply with legal obligations.
Legal Bases for Processing
Where European or United Kingdom privacy law applies, we rely on the following legal bases:
Contract: to create your account, store and sync your lists, provide workspaces, process authorized MCP/OAuth connections, and deliver paid features.
Legitimate interests: to keep the service secure, prevent abuse, debug errors, understand aggregate product usage, and improve Ramifica.
Legal obligation: to keep records required for billing, tax, accounting, compliance, dispute resolution, or valid legal requests.
Consent: when we ask for your permission for optional processing, such as optional integrations or tracking that requires consent.
Data Storage and Security
Your data is stored on secure servers. We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse.
No system is completely secure. We encourage you to use a strong, unique password for your Ramifica account and to keep it confidential.
Data Retention
We retain your data for as long as your account is active. If you would like your data deleted, you may request account deletion on our account deletion page.
Account and content data is retained while your account is active or as needed to provide the service.
Deleted account data is removed from active systems after we verify and process the request, except for limited records we must retain for legal, security, billing, fraud-prevention, backup, or dispute-resolution purposes.
Billing and tax records may be retained for the period required by applicable law and payment-provider rules.
Security logs, audit records, backups, and diagnostic records are retained for limited operational periods and then deleted or overwritten according to internal retention practices.
Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
You may request access to the personal data we hold about you.
You may request correction of any inaccurate data associated with your account.
You may request deletion of your account and associated personal data.
You may request a portable copy of personal data you provided to us.
You may object to or request restriction of certain processing where applicable.
You may withdraw consent where processing is based on consent.
We may ask for information needed to verify your identity before completing a privacy request. If you are in the European Economic Area, United Kingdom, or another region with privacy-regulator complaint rights, you may also contact your local data protection authority.
Third-Party Services
The service relies on third-party providers for hosting, database storage, file storage, authentication, email delivery, payment processing, analytics, and related operations. These providers are selected for reliability and security standards, and we use vendor data-processing terms where appropriate.
Infrastructure and hosting: providers such as Vercel and Convex.
File storage: providers such as Cloudflare R2 for uploaded images.
Payments: Stripe for subscription checkout, billing, invoices, refunds, and payment-method handling.
Email: Resend for account, verification, invite, notification, and support-related email.
Analytics: analytics providers such as PostHog or Plausible when configured, used to understand aggregate product usage and improve the service.
Optional integrations: OAuth providers or tools you choose to connect, including MCP clients that you authorize.
We do not sell your personal data to third parties.
International Transfers
Ramifica and its service providers may process information in countries other than your country of residence, including the United States. Where European or United Kingdom privacy law requires safeguards for these transfers, we rely on appropriate legal mechanisms such as data-processing agreements, standard contractual clauses, or other approved transfer safeguards offered by our providers.
Cookies and Analytics
Ramifica may use cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure the service, and understand product usage. Some analytics features may be disabled when the relevant provider is not configured. If we use analytics that requires consent in your region, we will request consent or provide an appropriate opt-out where required.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. Continued use of the service after any changes constitutes your acceptance of the updated policy.
Please check the “Last updated” date at the top of this page for the most recent version.
Contact
If you have questions about this Privacy Policy or would like to make a privacy-related request, please contact us at legal@ramifica.app.