Privacy Policy

Last updated: May 7, 2026

SilverBullet+ is built by Zef Hemel (“we”, “us”). This policy explains what data we collect, why, and how we handle it.

The short version

Your notes never leave your machine unless you explicitly set up sync. We collect minimal analytics on the website and app update checks, and the data needed to run accounts and billing if you sign up for SilverBullet+. We don’t sell data, we don’t track you across the web, and we don’t want to know what’s in your notes.

Your notes and data

SilverBullet+ stores your notes as plain files on your local filesystem. We have no access to your notes, files, or any content you create. Your data stays on your machine.

If you choose to enable sync with a SilverBullet server, your notes are transmitted between your device and the server you configure. We do not operate that server. Sync credentials are stored in your operating system’s native keyring.

Accounts

If you sign up for a SilverBullet+ account, we store:

  • Your email address — used to identify your account and send magic-link login emails
  • Magic-link tokens — short-lived, hashed login tokens (expire after 15 minutes)
  • The IP address that requested the magic link — retained briefly for rate-limiting and abuse prevention
  • A Paddle customer ID — once you make a purchase, so we can associate your account with your subscription

We use passwordless magic-link login; we do not store passwords.

Billing

Payments and subscriptions are handled by Paddle, which acts as the merchant of record. When you check out, your payment details (card, billing address, tax info) are submitted directly to Paddle — we never see or store them. Paddle sends us webhook events containing your customer ID, subscription status, and email address so we can provision and manage your subscription. See Paddle’s privacy policy for details.

Website analytics

When you visit our website, we collect:

  • Page visits — which pages are viewed and referring URLs
  • Download clicks — which platform downloads are clicked
  • Session identifiers — randomly generated per browser session, not tied to any personal information

We do not use third-party analytics services. We do not use cookies for tracking. The website analytics pipeline does not record IP addresses, names, or email addresses.

App update checks

When SilverBullet+ checks for updates, it contacts our update server.

These requests contain:

  • Your current app version
  • Your operating system and architecture
  • Your update channel preference (stable or edge)

No personally identifiable information is transmitted during update checks.

Third-party services

  • Cloudflare — Our website, application backend, and email sending is hosted on Cloudflare. Cloudflare may process connection metadata as described in their privacy policy.
  • Paddle — payment processor and merchant of record for SilverBullet+ subscriptions. See Paddle’s privacy policy.

Data retention

Website analytics data is retained for up to 90 days and then automatically deleted. Magic-link tokens expire after 15 minutes and are pruned shortly thereafter. Account and subscription records are retained for as long as your account is active, plus whatever period is required for tax and accounting obligations on the billing side. We do not build long-term profiles of visitors.

Your rights

You can request access to, correction of, or deletion of your account data at any time by contacting us at the address below. Note that some billing records must be retained by Paddle and by us to comply with tax and accounting law even after account deletion.

Changes to this policy

We may update this policy from time to time. Changes will be reflected by updating the date at the top of this page.

Contact

For questions about this policy, reach out to support@silverbullet.plus.