Last modified: May 15th, 2022
At PrivateNote, privacy is taken very seriously, since the main purpose of the site is to preserve it. This policy outlines the measures taken by PrivateNote to protect the privacy of its users.
1. Service description
PrivateNote is a free web based service that allows users to create encrypted notes that they can share over the internet as unique one-time-use HTTPS URLs (hereafter referred to as links) which by default expire after its first access via any web browser.
As PrivateNote does not provide any means for transmitting the link, the act of sending the link is the full responsibility of PrivateNote users.
Depending on the communication channel of your choice (e.g., e-mail, fax, SMS, phone, instant messaging, social media), there may be a certain risk that third parties intercept your communication, get knowledge of the communicated link and thus may be able to read your note.
2. How the notes and its contents are processed
The link is generated in the user's browser and at no time is sent as such to PrivateNote. The link is thus in the sender's (and later possibly in the recipient's) hands only. Therefore, there is no way to recover a note if a PrivateNote user losses the link.
Since only the link binds the decryption key to the note's content and since PrivateNote does not have the link, at no time is any note held in any readable format state at PrivateNote. This assures that nobody (including Pirvnote's administrators) can read a note.
When using PrivateNote's default funtionality, when a note is retrieved, its data is completely removed from PrivateNote; there is absolutely no way to recover it again.
When "Show options" is selected and the user opts for a time interval for the note's removal, then independently of how many times the note is retrieved, the note will be deleted only after that specified time is completed.
After a note is deleted from PrivateNote, there is absolutely no way to recover it again.
When a note is not retrieved after 30 days, PrivateNote removes it permanently, just as if it were read.The PrivateNote sysadmin team will do as much as possible to protect the site against unauthorized access, modification or destruction of the data. But, even if someone or something could manage to gain access to the database, they would be unable to read the notes since their contents are encrypted and can't be decrypted without the links which PrivateNote never has a hold of.
3. Processing of IP addresses
PrivateNote is not logging the IP addresses; they are processed to enable communication with PrivateNote's servers but they are not part of the log-files. IP addresses are deleted as soon as they are no longer needed for the purpose of communication.
4. Pseudonymous data
The creator of the note can introduce personal data into the note. Even though this data is encrypted, the data can be decrypted again and thus constitutes pseudonymous (personal) data. In any case, one cannot deduce the note's creator from PrivateNote's database, as PrivateNote does not store IP addresses.
The decryption of the note's data is in the users' hands (sender and recipient). PrivateNote is not able to decrypt the note and access the data (personal or otherwise) introduced by the creator since PrivateNote is never in possession of the decryption key which is contained only in the link.
When a person clicks the PrivateNote's link, PrivateNote declines any responsibility related to the note's content.
6. Disclosure of Data to Third Party