~/privacy
We collect as little as we can, and we never sell it. This policy explains what we hold, why, and the control you have over it.
Last updated 7 July 2026
Account information: your name, email address, and authentication details when you create an account (including via Google sign-in, if you choose it).
Workspace data: for workspaces you choose to sync, we store your files and their version history so we can sync them across your devices and collaborators. This content is end-to-end encrypted on your device before it reaches us, including file contents and file names, so we store and relay it without being able to read it. Local-only workspaces never leave your device, so we never receive them.
Billing data: handled by Stripe, our Merchant of Record. We receive subscription status and the information needed to manage your plan; we never see or store your full card details.
Operational data: basic logs needed to run the service securely and diagnose problems. We do not run third-party advertising trackers.
To provide and secure the service: authenticate you, sync and serve your workspaces, process your subscription, respond to support, and prevent abuse. We use your email to send essential service messages (verification, billing, security) and, only with your consent where required, occasional product updates.
We share data only with the service providers that make General Text work, under agreements that limit them to that purpose: Cloudflare (hosting and storage), Stripe (payments), Resend (transactional email), and Google (only if you use Google sign-in). We disclose data if required by law. We do not sell personal data.
Synced content is end-to-end encrypted on your device before it reaches us and is stored as ciphertext on Cloudflare infrastructure; we hold no key that can open it. Account and billing records, which we do need to read in order to run and bill the service, are protected in transit and at rest. We keep your data while your account is active and delete or anonymize it within a reasonable period after you close your account, except where we must retain records (for example, billing records) by law.
Because synced content is end-to-end encrypted, we cannot see what any file says or what any file is called. What we do necessarily know: your account email, the names of workspaces and organizations, who belongs to what, and coarse facts such as how much ciphertext you store and when syncs happen. We need these to route, sync, and bill. The Encryption documentation describes exactly where the line sits.
You can access and export your data at any time (your files are plain text you already hold), correct your account details, and request deletion of your account and associated data. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA. Email us to exercise any of them.
We use a single essential cookie to keep you signed in. We do not use advertising or cross-site tracking cookies.
General Text is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their data.
Questions about any of this? Email hello@generaltext.org.