Privacy Policy

Effective date: October 29, 2020

Our terms of use

Welcome to Deepnote! We value your privacy. This Privacy Policy (the “Privacy Policy”) is intended to inform you about our practices regarding the collection and use of your data that you may submit to us through our data science notebook environment (the “Platform”) accessible via our website (the “Website”). We collect certain data, including personal data and technical information in order to provide our users an unique data science notebook that is Jupyter-compatible with real-time collaboration and easy deployment (the “Services”). Please read the Privacy Policy carefully!

  1. This Privacy Policy is not subject to any time limits. We reserve the right to amend the Privacy Policy from time to time as may be necessary (mainly to reflect changes in applicable laws and regulations). We will notify you of any substantial changes to the Privacy Policy. In order to continue using our Website, you will be required to accept the revised Privacy Policy. Failure to comply with the Privacy Policy can result in suspension of your ability to use our Website. This version of Privacy Policy is applicable as of 29th October 2020.
  2. We process your data with due care, in accordance with all applicable laws and regulations, including the regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (the “GDPR”).
  3. The Privacy Policy only covers data processing carried out by us. The Privacy Policy does not address, and we are not responsible for, the privacy practices of any other parties.
  4. Our Services are not directed to children, and you may not use our Services if you are under the age of 13.You must also be old enough to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf).If you are not old enough, please do not use our Website or send us your information. We delete information that we learn is collected from a person under the age of 13 (under Children’s Online Privacy Protection Act), respectively 16 (under GDPR) without verified parental consent. If you believe we might have any information from or about a child under such age, please contact us

Who processes your personal data?

  1. Your personal data are being processed by our company Deepnote Inc., incorporated under the laws of Delaware, having its office at 995 Market St San Francisco, 94103, California, United States (the “Controller“). Since the Controller is not established in the European Union, the Controller designated a representative in the European Union – a company Deepnote Czechia, s.r.o., with its registered seat at Rybná 716/24, Staré Město, 110 00 Prague 1, Czech Republic (the “Representative“, the Controller and the Representative together also as “we”, “us” or “our”).
  2. To learn more about personal data management or if you have any other questions, you're welcome to contact us at

What personal data are processed?

We may collect the following types of information about you:

Personal Data

We may collect and process your personal data provided by you voluntarily when you create a Deepnote account through the Website such as your name and email (as supplied from the authentication provider - GitHub, Google). Your provision of above mentioned personal data is required for you to enter into the Terms of Use. If you do not provide the minimum amount of personal data required to register an account, you cannot use the Services, as this information is necessary for contractual reasons.

Technical Information

We and/or our authorised external service providers may automatically collect technical data when you visit or interact with our Website or Platform. Technical data may include, in particular, the URL of the website you visited before visiting the Website, the time and date of user visits, surfing habits, IP address, the browser name, the type of computer or device accessing our Website, time spent on the Website and other similar technical information (the “Technical Data”). In a limited number of cases it is possible to use technical data and identify you by them as an individual, thus making them personal data according to applicable legal regulations, however, we never use technical data to identify you as an individual.

Other information provided by you

We also collect the data you upload when using our Services, and content you create, upload, or receive from others when using our Services. This includes for example datasets, notebooks, code, messages you write and receive, forum posts.


What are cookies?

  1. To make the Website work properly, we sometimes place small data files called cookies and similar technologies on your device.
  2. A cookie is a small text file that the Website saves on your device when you visit it. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser (we use these cookies to operate our Services). Permanent cookies last until you or your browser delete them or until they expire (we use preference cookies to remember your preference and various settings and security cookies for security purposes.

How do we use cookies?

We use third-party’s analytical cookies, which allow us to, for instance, recognise and count the number of users and to see how users move around when they’re using our Website. These anonymous data help us to improve the way our Website works.

How to control cookies?

We inform you about the use of cookies when you visit our Website for the first time. The cookies will not be used for any purposes other than the ones stated in this Policy. Later, you may choose to accept or refuse cookies by selecting the appropriate cookies settings. Disabling cookies will usually result in also disabling certain functionality and features of the Website. Therefore, it is recommended that you do not disable cookies.

What are the purposes and legal basis for processing of your personal data?

We process your personal data in order to:

To provide and maintain our Services

This purpose includes mainly the following processing activities:

  1. informing you about updates and new features of our Services (including, changes in pricing model);
  2. notifying you about updates of our Terms of Use and this Privacy Policy;
  3. responding to you in relation to any queries you may have with respect to our Services;
  4. resolving potential agreement-related troubleshoot problems and disputes; and
  5. enabling you to participate in interactive features of our Services.

We process the following personal data provided by you voluntarily for this purpose: your name, email, and phone number.

Legal basis for such processing under GDPR: contractual relationship in accordance with Article 6 (1)(b) of GDPR.

Improve our Website and Services

This purpose includes mainly the following processing activities:

  1. Recognizing and counting the number of visitors to our Website and record anonymous visits for the purpose of improvement of our Website and Services;
  2. Conducting analysis of usage of our Website and Services;
  3. Replying to your request regarding the need of new integrations (third-party services).

We process the following personal data provided by you for this purpose: We process the Technical Data (as defined above) and your email address.

Legal basis for such processing under GDPR: your consent in accordance with Article 6 (1)(a) of GDPR.

You can withdraw your consent anytime by sending an email to

Who are recipients of your personal data?

We do not share your personal data with any recipients unless one of the following circumstances applies:

It is necessary in order to provide, maintain and improve our Services

To the extent that our external service providers (sub-processors) need access to your personal data to help us to provide, maintain and improve our Services, we have taken the appropriate contractual and organisational measures to ensure that your personal data are processed in accordance with all applicable laws and regulations.

Below is a non-exclusive list of our sub-processors:

  • GitHub, Inc. (Cloud service provider);
  • Google LLC (Cloud service provider);
  • Amazon Web Services, Inc. (Cloud service provider);
  •, Inc. (Cloud-based Metrics Service);
  • Amplitude, Inc. (Cloud-based Metrics Service);
  • Fullstory, Inc. (Cloud-based Metrics Service);
  • Mailgun Technologies, Inc. (Cloud-based Email Notification Service)
  • Mailchimp by The Rocket Science Group LLC (Cloud-based Email Notification Service);
  • Crisp IM SARL (Cloud-based support service);
  • CircleCo, Inc (Cloud-based support service);
  • Paragon by Forge Technology, Inc. (Cloud-based automation service);
  • Sentry by Functional Software, Inc. (Cloud-based error tracking service);

The list of external service providers may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Services.

It is necessary for legal reasons

We may share your personal data with recipients if we have a good-faith belief that access to and use of your personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of the Controller, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.

Cross-border transfer your data (outside the EU/EEA)

  1. We are a global company that processes personal data of users from all over the world (including US and EU residents).
  2. We may transfer your personal data to the United States (to a company within the group of companies into which the Controller belongs) and other countries outside the European Union and the European Economic Area where we engage with external service providers. In such a case, we transfer your personal data only to a country that is considered to have an adequate level of protection in accordance with the EU Commission's decision or there are appropriate safeguards in place to protect your personal data, such as standard contract clauses, or binding internal company rules. Regardless of the country in which your personal data is processed, the Controller takes reasonable technical, legal and organisational measures to ensure that the level of protection is sufficient and in accordance with the respected laws. If you wish to know more about international transfers of your personal data and the appropriate safeguards that we have in place to govern the transfer of your personal data, you may contact us at
  3. If we are involved in a merger, acquisition or other reorganisation, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

California requirements

  1. If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal data to third parties for their direct marketing purposes.
  2. We do not sell your personal information. We only share your information as described in this Privacy Policy.
  3. At the moment, the California Consumer Privacy Act or “CCPA” is not applicable to the Website, Platform or Deepnote, but we are committed to monitoring the situation and should the CCPA become applicable to us, to provide you all the rights and protection it offers.
  4. Subject to certain limitations, the CCPA provides California consumers (i) the right to request to know more details about the categories or specific pieces of personal data the covered business collects, (ii) the right to delete their personal data, (iii) the right to opt out of any sale of such personal data that may be occurring, and (iv) the right to not be discriminated against for exercising these rights.
  5. To contact us with questions about the CCPA, please send an email to

What is the storage period?

We store your personal data only if it is legally permitted and necessary for the purposes for which the data were collected, however, no longer than 10 years from their collection.

What are your rights?

  1. Right of access - We offer you access to your personal data we process. This means you can contact us and request from us a confirmation whether or not your personal data are being processed and if so, you have the right to request access to your data, which we will provide to you in the form of a so-called "registry" (stating, in particular, purposes, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods).
  2. Right to rectification - You have the right to have inaccurate personal data we have stored about you rectified.
  3. Right to erasure - You may also ask us to erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete your personal data.
  4. Right to restriction of processing - You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Website.
  5. Right to data portability - You have the right to receive your personal data from us in a structured, commonly used and machine-readable format in order to transmit the personal data to another controller.
  6. How to use your rights - You may exercise your rights above, free of charge, in writing by sending an email at We may require confirmation of your identity depending on your request.

May you complain?

In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection (i.e. Data Protection Office in Czech Republic).

Are data secured?

We take all reasonable, appropriate security measures to protect us and you from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible. If you have any questions, feel free to contact us at

Third party websites

The Services contain links to websites and services provided by third parties. Any personal data you provide on third party sites or services is provided directly to that third party and is subject to that third party’s policies governing privacy and security. We are not responsible for the content or privacy and security practices and policies of third party sites or services to which links are displayed on the Services. We encourage you to learn about third parties’ privacy and security policies before providing them with personal information.

Contact us

If you have any questions about this Privacy Policy, please contact us by email at or by mail at: 995 Market St 2nd floor, San Francisco, 94103, California, United States.