Service limits

1. Account

• Minimum age: 16 years.
• Password: 8–128 characters, must include at least one uppercase letter, one lowercase letter, one digit, and one special character (!@#$%^&*()<>?"{}[]).
• Profile name: up to 80 characters. Bio: up to 500 characters.
• Disposable / throwaway email domains are not accepted at signup.

2. Notes per account, by tier

Free and Paid use a single shared cap for both note formats. Dev and Dev-pro split the cap by format (rich-text vs plain-text) so a writer who fills their plain quota doesn't lose access to rich-text notes.

Deleting a note frees its slot — the cap counts active notes, not lifetime creations. A user whose subscription has lapsed enters read-only mode: existing notes remain readable and exportable forever, but new writes are blocked until they resubscribe.

3. Per-note size limits

• Title: up to 200 characters; control characters (CR/LF, NUL, etc.) are stripped on save.
• Rich-text body, plain-text projection: 1 MB on every tier.
• Rich-text body, raw HTML: 2 MB (defence against markup-inflation as a storage bypass).
• Plain-text note body:
  • Free / Paid: 1 MB per note.
  • Dev: 1.5 MB per note.
  • Dev-pro: 3 MB per note.
• Note format is immutable after creation — a rich note cannot become a plain note (or vice versa) without delete-and-recreate.

4. Per-note version history

• Up to 5 snapshots are kept per note. When a newer save lands beyond the cap, the oldest snapshot is permanently deleted.
• Capture is debounced. Saves within ~10 minutes of each other share a single snapshot, so a burst of autosaves doesn't burn through the 5-snapshot window inside one editing session.
• Append-only notes do not generate snapshots — appends are additive, not destructive, so there is nothing to roll back to.
• Snapshots are accessed via the History link on any editable note and can be restored with one click. The restore captures your current content as a fresh snapshot first, so it is itself reversible within the same 5-snapshot window.

5. Folders

• Up to 100 folders per account (one is seeded as "My First Folder" at signup).
• Folder name: up to 80 characters; folder names must be unique within an account (case-insensitive).

6. API (Dev and Dev-pro tiers)

Per-token, per-minute. Each request consumes one slot in the matching bucket; X-RateLimit-* headers on every successful response let clients pace themselves before they trip a 429.

• API creates and updates are plain-text only; rich-text notes belong to the browser/Trix flow.
• Bulk endpoint (Dev-pro only): up to 50 notes per call. Counts as one event against the writes bucket regardless of the batch size.
• Pagination: 50 per page by default, up to 200 via ?limit=N.
• Stream-addressed filename: up to 200 bytes; no slashes, no control or invisible characters.
• API tokens: default expiry of 90 days when no expiry is set; user-set expiry can be at most 1 year from now. Tokens revoked manually, or automatically when the account loses API access.
• Anonymous / bad-token requests on /api/v1/*: 60/min/IP.
• Request body: oversized writes (over 3 MB for API, 2 MB for browser) are rejected at the HTTP boundary before parsing.

7. Browser-surface rate limits

Designed for legitimate human pacing. Authenticated limits key off the user; anonymous limits key off the IP. 429 rate_limited responses include a Retry-After header so clients can back off cleanly.

• Sign-in: 10/min/IP, 5/20 min per email.
• Sign-up: 5/hour/IP.
• Password reset: 5/hour/IP, 5/hour per email.
• Confirmation resend: 5/hour/IP, 5/hour per email.
• Account email change: 3/day per account, 3/day per target email — protects unrelated mailboxes from being used as a confirmation-spam target.
• Other account updates (name / bio): 10/hour per account.
• Note saves / autosave: 30/min per account.
• Per-note PDF / DOCX / TXT downloads: 10/min per account.
• Full-account export: 2/hour per account; the archive is built in the background and the download link is emailed to you (see §7).
• Billing portal / plan-change: 5/min per account.
• Health probe (/up/deep): 60/min/IP.
• Webhook deliveries (/webhooks/lemon_squeezy): 100/min/IP.

8. Full-account export

• Triggered from Options → Download all; archive is built off-request by a background worker.
• A one-time download link is emailed to the address on your account when the archive is ready (usually a few minutes).
• The link is valid for 24 hours from the moment the build completes; after that the file is removed from our servers and you'll need to request a fresh export.
• The link only works while signed in to your own account, so a forwarded email cannot be used by anyone else to download your notes.
• The archive contains .txt, .docx, and .pdf renderings of every rich-text note (or .txt only in software-development mode).

9. Inbound webhooks

• Lemon Squeezy webhooks only; no public webhook surface for end users.
• HMAC-SHA256 signature verification on X-Signature; unsigned or tampered payloads are rejected with 401 before parsing.
• Payload cap: 1 MB. Real LS payloads are well under 10 KB; oversized requests are dropped at the HTTP boundary.
• Replays of an already-applied delivery are acknowledged with 200 but produce no side effects (signature uniqueness is enforced by a database index).