Search
Privnotepad’s fundamental commitment to privacy protection, data security, and user confidentiality. This policy explains how we implement zero-knowledge encryption, automatic message deletion, and strict no-logs practices to protect your secure self-destructing notes.
Built on fundamental principles that guide every aspect of our secure messaging service and data protection practices.
We never have access to your unencrypted messages. All encryption happens client-side before data reaches our servers.
Messages are permanently deleted after reading or expiration. No backups, no recovery possible.
No registration required. No personal data collected. Your privacy is our priority, not your identity.
Clear documentation of our practices. No hidden tracking, no vague policies, no data selling.
At Privnotepad, we believe privacy is a fundamental human right. We’ve built our entire service around protecting your confidential communications with military-grade encryption and automatic data deletion. We never sell your data, we never track your activity, and we never compromise on security.
This Privacy Policy describes how Privnotepad (“we”, “our”, or “us”) collects, uses, processes, and protects information in relation to our secure self-destructing notes service. Our service is designed with privacy-by-design principles and implements zero-knowledge encryption architecture to ensure maximum protection for your confidential communications.
We operate on three core privacy principles:
💡 Key Privacy Feature: Unlike traditional messaging services, Privnotepad does not require account creation, email registration, or any personal information. You can use our secure messaging service completely anonymously.
We adhere to strict data collection limitations:
| Data Category | What We Collect | Purpose | Retention Period |
|---|---|---|---|
| Message Content | Encrypted text only | Service delivery | Until deletion (auto or manual) |
| Operational Data | Anonymous usage statistics | Service improvement | 30 days maximum |
| Security Logs | Minimal security event data | Abuse prevention | 7 days maximum |
| Performance Metrics | Anonymous performance data | Service optimization | 14 days maximum |
⚠️ Important: We DO NOT COLLECT personal identification information, IP addresses (beyond basic security logging), geolocation data, device identifiers, or any information that could identify individual users.
To ensure maximum privacy protection, we explicitly do not collect:
We implement multiple layers of security protection:
Messages encrypted before leaving your device, decrypted only by recipient
All data transmissions protected with latest TLS protocols
Unique encryption keys for each message session
Automatic deletion from all servers after expiration
Our technical infrastructure includes:
Beyond technical measures, we implement organizational protections:
We use industry-standard encryption protocols:
| Encryption Type | Standard Used | Key Strength | Purpose |
|---|---|---|---|
| Message Encryption | AES-256-GCM | 256-bit | Content protection |
| Transmission Encryption | TLS 1.3 | 256-bit | Data in transit |
| Key Exchange | ECDH with Curve25519 | 128-bit equivalent | Secure key sharing |
| Password Protection | Argon2id | Variable | Additional security layer |
Our zero-knowledge design ensures:
🔐 Encryption Process: When you create a secure note: (1) Your browser generates a random encryption key, (2) Your message is encrypted with AES-256, (3) Only the encrypted data is sent to our servers, (4) The key is embedded in the shareable link, (5) Recipient’s browser uses the key to decrypt the message.
We believe data should exist only as long as necessary. Our automatic deletion policies ensure:
After reading (burn-on-read)
Timer-based expiration
Maximum security logs
Maximum operational data
Our secure deletion process includes:
⚠️ Permanent Deletion: Once messages are deleted through our system, recovery is impossible. We use cryptographic shredding techniques that make data recovery technically infeasible, even with forensic tools.
Privnotepad is designed with GDPR compliance in mind, particularly through:
Right to Erasure
Automatic deletion fulfills this right
Data Minimization
Collect only necessary data
Security by Design
Built-in protection measures
Transparency
Clear privacy documentation
Our data processing infrastructure is designed with international privacy standards in mind:
For business users and enterprise customers, we offer:
Regardless of jurisdiction, we recognize and support these fundamental privacy rights:
Request confirmation of whether we process your data and access to that data. Due to our zero-knowledge architecture, we cannot access your message content, but we can confirm operational data.
Request correction of inaccurate personal data. Since we don’t collect personal data, this primarily applies to any contact information you voluntarily provide for support purposes.
Request deletion of your personal data. Our automatic deletion system already fulfills this right for messages. For other data, we process deletion requests within 30 days.
Request restriction of processing under certain circumstances. You can choose not to use specific features or contact us to limit data processing.
Receive your personal data in a structured, commonly used format. Given our minimal data collection, portability primarily applies to operational data.
Object to processing of personal data. You can opt out of optional data collection and processing activities through your browser settings or by not using specific features.
We maintain a strict no-data-sharing policy:
We use these essential service providers who may process limited data:
| Service Provider | Purpose | Data Processed | Privacy Measures |
|---|---|---|---|
| Hosting Provider | Infrastructure hosting | Encrypted message data | GDPR compliance, data encryption |
| CDN Services | Content delivery | Static assets, no user data | Privacy-focused providers |
| Security Services | DDoS protection, security | IP addresses (temporary) | Automatic deletion, no logging |
| Analytics Services | Service improvement | Anonymous usage data | No personal data, opt-out available |
We may disclose information if required by legal processes:
⚠️ Important Limitation: Due to our zero-knowledge encryption, we cannot provide message content in response to legal requests because we don’t have access to encryption keys or unencrypted content. We can only provide encrypted data that is useless without the keys.
Privnotepad is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
Parents and guardians should:
👨👩👧👦 Family Safety: While our service provides strong privacy protections, it’s designed for responsible adult use. We recommend parents supervise children’s use of all online services, including privacy tools.
We may update this Privacy Policy periodically to reflect:
When we make significant changes to this policy:
Recent policy updates:
For privacy-related inquiries, contact our Data Protection Officer:
Privnotepad Data Protection Officer
Email: dpo@privnotepad.com
Response Time: Within 48 hours
Preferred Method: Encrypted Email
For general questions about our secure messaging service:
If you have concerns about our data processing, you may contact your local data protection authority. We commit to cooperating with regulatory bodies to resolve any privacy concerns.
| Term | Definition |
|---|---|
| Zero-Knowledge Encryption | Encryption system where service provider cannot access unencrypted data |
| End-to-End Encryption | Encryption where only communicating users can read messages |
| Automatic Deletion | Systematic removal of data after specific conditions are met |
| No-Logs Policy | Commitment to not retain records of user activities |
| Data Minimization | Collecting only data necessary for specific purposes |
| GDPR | General Data Protection Regulation (EU data protection law) |
Contact our Data Protection Team for clarification about our privacy practices, data protection measures, or to exercise your privacy rights.
Note: For maximum security when discussing sensitive privacy matters, consider using Privnotepad itself to send encrypted messages to our team. This ensures complete confidentiality of your inquiry.