Privacy Policy

1. Who we are

Resonote is a private AI debrief tool for professional coaches and other client-facing professionals. It helps users turn their own post-session reflections into structured notes, themes, action items, and next-session focus.

Resonote is developed and operated by Fabrizio Miccichè, based in Breda, the Netherlands. For the purposes of the General Data Protection Regulation (GDPR), Fabrizio Miccichè is the data controller for the personal data processed through Resonote, unless a separate agreement states otherwise.

For any privacy-related questions, contact us at hello@resonote.io.

2. What data we collect

We collect only the data needed to provide and improve Resonote. Depending on how you use the service, this may include:

Data type	Why we collect it	How long we keep it
Your name and email address	To create, secure, and manage your account	Until you delete your account, unless a longer retention period is required by law
Client names, initials, goals, or labels you choose to enter	To organise your client folders and session history	Until you delete the client record or your account
Voice debrief recordings	To create a transcript of your private post-session reflection	Deleted from Resonote after transcription processing is completed
Transcripts, structured notes, themes, actions, and session summaries	To provide your searchable session history and client journey overview	Until you delete the session, client record, or your account
Technical and usage data	To keep the service secure, fix bugs, understand product usage, and improve the beta experience	Normally up to 90 days, or longer if needed for security, legal, or operational reasons

3. Client-related information

Resonote does not record live client sessions. It is designed for your private post-session debrief, spoken by you after the session.

However, your debriefs and notes may contain client-related personal data if you choose to include it. This may include sensitive information depending on what you say in your debrief. You are responsible for deciding what information is appropriate to enter into Resonote and for complying with your own professional, ethical, contractual, and legal obligations toward your clients.

We recommend using only the level of client detail needed for your professional reflection and avoiding unnecessary sensitive information where possible.

4. What we do NOT do

• We do not record your live client sessions
• We do not sell your personal data or client-related data
• We do not use your data for advertising or marketing profiling
• We do not share your notes with other Resonote users
• We do not use your notes to train Resonote-owned AI models
• We do not access your session notes except where necessary for security, support, legal compliance, or service operation

5. Legal basis for processing

Under GDPR, we process personal data on the following legal bases:

• Contract — to provide the Resonote service you request, including account access, transcription, note generation, and data storage
• Legitimate interests — to secure, maintain, debug, and improve Resonote, provided those interests are not overridden by your rights
• Consent — where required, for example for optional cookies or optional communications
• Legal obligation — where we must retain or disclose information to comply with applicable law

6. Third-party services we use

To provide Resonote, we use selected third-party service providers. These providers process data only as needed to deliver their services to us. Where required, we rely on appropriate data processing terms or agreements.

OpenAI — Transcription and/or AI processing

Your voice debrief or transcript may be sent to OpenAI's API to create a transcript or support AI processing. OpenAI states that API and business data is not used to train its models by default. OpenAI may securely retain API inputs and outputs for a limited period to provide services and identify abuse, unless different retention settings apply.

OpenAI Enterprise Privacy →

Anthropic — AI structuring

Your transcript may be sent to Anthropic's Claude API to extract themes, breakthroughs, action items, and next-session focus. Anthropic's commercial terms state that Customer Content from its services may not be used to train Anthropic models and that submitted data is processed according to Anthropic's Data Processing Addendum.

Anthropic Commercial Terms →

Supabase — Database and authentication

Your account data and session notes are stored in a Postgres database provided by Supabase. Resonote uses access controls, including Row Level Security, to help ensure users can access only their own data. Supabase provides security and compliance features designed to support GDPR-oriented data processing.

Supabase Security →

7. International data transfers

Resonote is operated from the Netherlands and is designed with European privacy requirements in mind. Some third-party providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as Data Processing Agreements, Standard Contractual Clauses, or other mechanisms allowed under GDPR.

8. Your rights under GDPR

If GDPR applies to you, you have the following rights:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate or incomplete data
• Right to erasure — you can ask us to delete your personal data
• Right to restriction — you can ask us to restrict certain processing
• Right to portability — you can request your data in a machine-readable format
• Right to object — you can object to certain processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, email us at hello@resonote.io. We aim to respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

9. Cookies

We currently use only cookies and local storage that are necessary for the website or app to function, such as authentication and session management. We do not currently use advertising cookies or third-party marketing trackers.

If we add analytics, advertising, or other non-essential cookies in the future, we will request consent where required and update this policy accordingly.

10. Data security

We use technical and organisational measures designed to protect your data, including HTTPS encryption in transit, database access controls, account authentication, and Row Level Security. Voice debrief recordings are not intended to be stored permanently in Resonote after transcription processing is completed.

No digital service can guarantee absolute security, but we take reasonable steps to protect your data and review our practices as the product develops.

11. Data retention and deletion

You can delete individual sessions, client records, or your account. When you delete your account, we will delete or anonymise associated personal data within 30 days, unless we are legally required to retain certain information for longer.

Backups and logs may persist for a limited period before being automatically overwritten or deleted according to our operational retention practices.

12. Children's privacy

Resonote is designed for professional use by adults. We do not knowingly collect personal data from anyone under the age of 18.

13. Changes to this policy

We may update this Privacy Policy as Resonote develops, especially during the beta period. If we make significant changes, we will update the "last updated" date and, where appropriate, notify users by email or in-app notice.

14. Contact

For privacy questions, data requests, or concerns:

Fabrizio Miccichè
Resonote
Breda, Netherlands
hello@resonote.io