Cookie Policy

We use minimal cookies to provide a secure and functional service.

Last Updated: June 3, 2025

TL;DR - The Short Version

We use very few cookies - only what's essential for security and functionality.

No tracking cookies - We don't track you across websites or build advertising profiles.

Essential only - Session management, CSRF protection, and rate limiting.

1. What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They help websites remember information about your visit, which can make your next visit easier and the site more useful to you.

2. Our Cookie Philosophy

Secure Notes follows a privacy-first approach to cookies. We only use cookies that are absolutely necessary for the service to function securely. We do not use:

  • Advertising cookies
  • Social media tracking cookies
  • Analytics cookies (Google Analytics, etc.)
  • Cross-site tracking cookies
  • Marketing or retargeting cookies

3. Cookies We Use

Cookie Name Purpose Category Duration Necessary
PHPSESSID Maintains your session and enables CSRF protection Essential Session (deleted when browser closes)
csrf_token Prevents cross-site request forgery attacks Essential Session (deleted when browser closes)
rate_limit Prevents abuse and ensures fair usage Essential 1 hour

4. Cookie Categories

Essential Cookies

These cookies are strictly necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as:

  • Creating secure notes
  • Protecting against security threats
  • Maintaining your session
  • Preventing abuse of our service

Functional Cookies

We currently do not use any functional cookies. If we introduce features that require them in the future, they will be optional and require your consent.

Analytics Cookies

We do not use analytics cookies. We don't track your behavior, create user profiles, or analyze your usage patterns.

5. Third-Party Cookies

Secure Notes does not use third-party cookies. We don't integrate with:

  • Google Analytics or other analytics services
  • Social media plugins (Facebook, Twitter, etc.)
  • Advertising networks
  • Marketing platforms
  • Customer support chat widgets

External Content

We do load Bootstrap CSS and JavaScript from CDNs (jsdelivr.net), but these services do not set cookies through our website. Our Content Security Policy prevents unauthorized third-party scripts from running.

6. Cookie Security

All cookies set by Secure Notes are configured with the highest security standards:

  • HttpOnly: Prevents JavaScript access to cookies
  • Secure: Cookies only sent over HTTPS connections
  • SameSite=Strict: Prevents cross-site request attacks
  • Short Expiration: Most cookies expire when you close your browser

7. Managing Cookies

Browser Settings

You can control and/or delete cookies as you wish through your browser settings. However, please note that disabling essential cookies may prevent Secure Notes from functioning properly.

Popular Browser Instructions:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Options → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Cookies and site data

What Happens If You Disable Cookies?

If you disable cookies, the following features will not work:

  • Creating secure notes (CSRF protection required)
  • Session management
  • Rate limiting protection
  • Security features that prevent abuse

8. Do Not Track

Secure Notes respects Do Not Track (DNT) signals. However, since we don't track users anyway, enabling DNT won't change our behavior - we already don't track you!

9. International Compliance

GDPR (European Union)

Under GDPR, we only use cookies that are strictly necessary for the service to function. No consent is required for essential cookies that are technically necessary.

CCPA (California)

We do not sell personal information to third parties, and our minimal cookie usage does not constitute data selling under CCPA.

ePrivacy Directive

We comply with the EU ePrivacy Directive by only using technically necessary cookies without requiring consent.

10. Future Changes

If we ever decide to use additional cookies, we will:

  • Update this cookie policy
  • Implement a cookie consent banner if required
  • Provide clear opt-in/opt-out controls
  • Maintain our privacy-first approach

11. Technical Details

For Developers

Session Configuration:

  • session.cookie_httponly = 1
  • session.cookie_secure = 1
  • session.cookie_samesite = 'Strict'
  • session.use_strict_mode = 1

Cookie Inspection

You can inspect the cookies we set using your browser's developer tools:

  1. Press F12 to open developer tools
  2. Go to the "Application" or "Storage" tab
  3. Look under "Cookies" for our domain
  4. Verify the security settings and content

12. Contact Us

Questions About Cookies?

If you have any questions about our cookie policy:

Email: privacy@securenotes.net

Website: https://securenotes.net

13. Transparency Report

We believe in complete transparency. Here's what we commit to:

  • No hidden cookies or tracking
  • Open-source code available for inspection
  • Regular security audits
  • Clear documentation of all data practices

This cookie policy reflects our commitment to minimal data collection and maximum privacy protection. We only use what's absolutely necessary to keep your data secure.