Privacy Policy
This policy explains how ONEMILLIONNOTES™ (onemillionnotes.org) handles personal information.
Last updated: May 2026
1. Introduction
This Privacy Policy describes how ONEMILLIONNOTES™ (https://onemillionnotes.org) collects, uses, stores, and shares information when you visit the website or submit a note.
This document is a starter policy for the project and is not legal advice.
2. Information we collect
Depending on how you use the site, we may collect:
- display name, if you choose to provide one
- email address, if you provide one for updates or receipts
- note content you submit
- city, country, region, or coordinate fields you submit
- payment and support information processed by our payment provider (we do not store full card details)
- technical data such as IP address, browser and device information, and server logs
- cookies and similar technologies needed to operate the site (for example authentication and session cookies)
3. How we use information
We use information to:
- receive and review note submissions
- publish approved notes in the public archive
- moderate unsafe, abusive, or spam content
- operate, maintain, and improve the website
- process payments and optional creator support
- send transactional emails where you have provided an email
- maintain security and prevent abuse
- calculate project counters and stated impact totals
4. Public information
Approved notes and the public fields you choose to submit (such as display name and location) may appear publicly on ONEMILLIONNOTES™, including in Latest entries, the archive, the globe, and public note pages.
Email addresses submitted for private updates are not published in the archive. Do not submit private information you do not want to be public.
5. Payment information
Payments are processed by a third-party payment provider. ONEMILLIONNOTES™ does not store full payment card details on its own servers.
The payment provider processes transactions according to its own privacy policy and security standards. When payment integration is live, the provider name will be stated here.
6. Legal basis
Where UK data protection law applies, we rely on one or more of the following bases:
- Consent — for example when you choose to submit a note or provide an email address
- Contract — to operate the submission and publication service you request
- Legitimate interests — for moderation, safety, security, abuse prevention, and operating the archive
- Legal obligation — where we must retain or disclose information to comply with law
8. How long we keep information
Approved notes may remain in the public archive unless removed for moderation, legal, or operational reasons.
Rejected, pending, and administrative records may be kept for moderation, audit, refund handling, abuse prevention, or legal purposes.
Payment and accounting records may be kept for as long as required for tax, accounting, and legal compliance.
9. Your rights
If you are in the UK, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and to data portability where applicable.
You may also complain to the Information Commissioner's Office (ICO) in the UK. We cannot always delete public archive records instantly where retention is required for legal, accounting, moderation, or abuse-prevention purposes.
To exercise your rights, contact us at support@onemillionnotes.org.
11. Children
ONEMILLIONNOTES™ is not directed at children. We do not knowingly collect personal information from children below the applicable age without appropriate permission. If you believe a child has submitted information without consent, contact us at support@onemillionnotes.org.
12. Contact
For privacy questions, contact us at support@onemillionnotes.org.