Privacy Policy

Your privacy is our priority. Learn how we protect your data.

Last Updated: June 3, 2025

TL;DR - The Short Version

We don't store your notes in readable form. Everything is encrypted before it reaches our servers.

We can't read your notes even if we wanted to - they're encrypted with keys we don't have.

Notes self-destruct after being read or expiring, leaving no trace behind.

1. Information We Collect

Data You Provide

  • Note Content: Your notes are encrypted client-side before transmission and stored in encrypted form
  • Configuration Settings: Expiry times, view limits, and passcode settings (passcodes are hashed)
  • Email Addresses: Only if you choose to receive access notifications (optional)

Automatically Collected Data

  • IP Addresses: Used for rate limiting and security (not linked to note content)
  • Browser Information: User agent strings for security and compatibility
  • Access Timestamps: When notes are created and accessed
  • Technical Data: Error logs and performance metrics (anonymized)

2. How We Use Your Information

Primary Uses

  • Service Delivery: To create, store, and deliver your encrypted notes
  • Security: Rate limiting, abuse prevention, and fraud detection
  • Notifications: Sending access alerts if you've opted in
  • Service Improvement: Analyzing usage patterns to improve performance

What We DON'T Do

  • We don't read, analyze, or process your note content
  • We don't sell, rent, or share your data with third parties
  • We don't use your data for advertising or marketing
  • We don't create user profiles or track you across sessions

3. Data Security & Encryption

Zero-Knowledge Architecture

We employ a zero-knowledge architecture meaning we cannot access your note content even if legally compelled to do so. Your notes are encrypted with keys that never leave your browser.

Technical Safeguards

  • AES-256 Encryption: Military-grade encryption for all note content
  • Unique Keys: Each note uses a unique encryption key
  • Secure Transmission: All data transmitted over HTTPS/TLS
  • Secure Storage: Encrypted database storage with restricted access
  • Regular Security Audits: Ongoing security assessments and updates

4. Data Retention & Deletion

Automatic Deletion

  • Note Content: Automatically deleted when viewed or expired
  • Access Logs: Retained for 30 days for security purposes
  • Email Notifications: Deleted after 30 days
  • Rate Limiting Data: Cleared every hour

Manual Deletion

You can request immediate deletion of any data associated with your IP address by contacting us. Note that this may affect security features like rate limiting.

5. Third-Party Services

Email Delivery

We use email service providers to send access notifications. These providers may process your email address but do not have access to note content.

Infrastructure Providers

Our hosting and database providers may have access to encrypted data but cannot decrypt note content due to our zero-knowledge architecture.

6. International Data Transfers

Your data may be processed and stored in countries different from your residence. We ensure appropriate safeguards are in place for all international transfers, including:

  • Standard Contractual Clauses (SCCs) with service providers
  • Adequacy decisions where applicable
  • Additional security measures for sensitive data

7. Your Rights

Data Subject Rights (GDPR/CCPA)

  • Right to Access: Request information about data we hold
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Receive your data in a structured format
  • Right to Object: Object to processing for legitimate interests
  • Right to Restrict: Limit how we process your data

Exercising Your Rights

To exercise any of these rights, contact us at privacy@securenotes.net. We'll respond within 30 days.

8. Children's Privacy

Secure Notes is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this privacy policy from time to time. When we do, we'll:

  • Post the updated policy on this page
  • Update the "Last Updated" date
  • Notify users of material changes via email (if we have your email)
  • Provide 30 days notice for significant changes

10. Contact Information

Get in Touch

Privacy Questions: privacy@securenotes.net

Security Issues: security@securenotes.net

General Support: support@securenotes.net

Website: https://securenotes.net

11. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Legitimate Interests: Security, fraud prevention, and service improvement
  • Contract Performance: Providing the note-sharing service you requested
  • Consent: Email notifications and optional features
  • Legal Obligations: Compliance with applicable laws and regulations

This privacy policy is designed to be transparent and comprehensive. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us.