At Privnote, privacy is taken very seriously, since the main purpose of the site is to preserve it. This policy outlines the measures taken by Privnote to protect the privacy of its users.
1. Service description
Privnote is a free web based service that allows users to create encrypted notes that they can share over the internet as unique one-time-use HTTPS URLs (hereafter referred to as links) that expire after its first access via any web browser.
As Privnote does not provide any means for transmitting the link, the act of sending the link is the full responsibility of Privnote users.
Depending on the communication channel of your choice (e.g., email, fax, SMS, phone, instant messaging), there may be a certain risk that third parties intercept your communication, get knowledge of the communicated URL and thus may be able to read your message.
2. How the notes and its contents are processed
The link is generated in the user’s browser and at no time is sent as such to Privnote. The link is thus in the sender’s (and later possibly in the recipient’s) hands only. Therefore, there is no way to recover a note if a Privnote user losses the link.
Since only the link binds the decryption key to the note’s content and since Privnote does not have the link, at no time is any note held in any readable format state at Privnote. This assures that nobody (including Privnote’s administrators) can read a note.
When a note is retrieved, its data is completely removed from Privnote, which implies there is absolutely no way to recover it again.
When a note is not retrieved after 30 days, Privnote removes it permanently, just as if it were read.
Privnote sysadmin team will do as much as possible to protect the site against unauthorized access, modification or destruction of the data. But, even if someone or something could manage to gain access to the database, they would be unable to read the notes since their contents are encrypted and can’t be decrypted without the links which Privnote never has a hold of.
3. Processing of IP addresses
Privnote is not logging the IP addresses; they are processed to enable communication with Privnote’s servers but they are not part of the log-files. IP addresses are deleted as soon as they are no longer needed for the purpose of communication.
4. Pseudonymous data
The creator of the note can introduce personal data into the note. Even though this data is encrypted, the data can be decrypted again and thus constitutes pseudonymous (personal) data. In any case, note that from Privnote’s database one cannot deduce the note’s creator, as Privnote does not store IP addresses.
The decryption of the note’s data is in the users’ hands (sender and recipient). Privnote is not able to decrypt the note and access the data (personal or otherwise) introduced by the creator since Privnote is never in possession of the decryption key which is contained only in the link.
When a person clicks the note’s link, Privnote declines any responsibility related to the note’s content.
6. Disclosure of Data to Third Party