Legal
Privacy Policy
Bunorden is built with privacy-first defaults on Vercel and Supabase. We keep data collection minimal and protect account actions with Cloudflare Turnstile challenge checks.
Last updated: May 2, 2026
What We Collect
Bunorden Accounts uses Supabase Auth to store account metadata such as email address and authentication state.
Clavi and Noted content is encrypted on your device before upload. Our infrastructure stores ciphertext, never readable plaintext.
How We Process Data
Vercel hosts our Next.js applications and API routes. Supabase stores account records, encrypted app data, and security metadata.
Robot defense uses Cloudflare Turnstile challenges through Supabase bot protection flows during sensitive authentication actions.
No Ads, No Trackers
We do not run ad-tech SDKs or third-party behavior trackers.
We do not sell user data. We do not profile users for advertising.
Security Model
Encryption keys are derived and kept client-side. Bunorden servers do not hold key material for private note and finance content.
Supabase Row Level Security policies are enabled for user data isolation.
Your Controls
You can access, export, or remove your account from accounts.bunorden.com settings.
If you believe data was processed in error, contact us through official Bunorden channels.