Privacy

Your data isn't sold and isn't used to train anyone's models.

No advertising trackers, no fingerprinting, no cross-site tracking.

Servers sit in the European Union.

Locked notes are encrypted before they leave your browser. Even 11MHz can't read them. Only you, or your team, can.

11MHz is the controller for the personal data described on this page.

Privacy questions or requests can be sent to hello@11mhz.com or by phone to +31 (0)38 206 7060.

In an 11MHz account: an email address and a hashed password to identify the account, plus the tasks, notes, tags, and attachments you create. The account email is used for transactional messages such as verification, reminders, and billing.

Server logs: timestamp, IP address, and user agent are kept briefly for security, abuse prevention, and debugging. Logs are not used to build a behavioural profile.

When a note is locked, its content is encrypted in the browser before it reaches the server. The key stays with you. Even 11MHz can't read locked notes.

Note titles, tags, timestamps, and task descriptions are stored in readable form so they can be listed and searched.

Losing the key means a locked note can't be recovered. That is by design.

Important actions in an 11MHz account and workspace are recorded in an append-only audit log. Sign-ins, password changes, member role changes, and edits to tasks and notes are kept so you and your workspace admins can see what happened and when.

Each entry stores the action, the person who performed it, an IP address, a user agent, and a timestamp. The log exists for security and accountability, not to build a behavioural profile, and is stored in the EU alongside the rest of the account data.

Servers and backups are located in the European Union. Data is not transferred outside the EU or EEA without an appropriate safeguard such as Standard Contractual Clauses.

The marketing site uses a self-hosted instance of Umami for aggregate page analytics. Page views, referrer, country, browser, and device type are recorded. No cookies, no fingerprinting, no personal identifiers stored.

The product uses a small number of essential cookies and local storage entries needed to keep you signed in and to remember your preferences. Nothing more.

Data is never sold.

A short list of sub-processors is used to operate the service (hosting, transactional email, error monitoring). Each is bound by a data processing agreement and selected for EU residency where possible.

The current list is available on request via hello@11mhz.com.

Account data is kept while the account is active. After deletion, it's removed within 30 days. Some records, such as invoices, are retained longer where law requires.

Server logs are retained for up to 30 days.

Under the GDPR you can ask to see what data 11MHz holds about you, correct it, export it in a portable format, delete it, or restrict and object to processing. Requests are handled at hello@11mhz.com.

A complaint can also be filed with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

This page may be updated as the product evolves. The "last updated" date at the top tracks meaningful changes. Significant changes that affect personal data will be communicated by email where possible.

Privacy questions land at hello@11mhz.com.