When you create a new privnote, the text is encoded before being uploaded to Privnote’s servers. It prevents anyone, including Privnote employees, from viewing the notes. Instead of storing the unencrypted note, Privnote generates a unique URL that serves as an access key. Only someone with this URL unlock and view the note. Once the document is unlocked, Privnote decrypts its client side using JavaScript code executed in the user’s web browser. It ensures the company never handles the unencrypted data.
Expiration triggers
By default, privnotes expire after being read once. But users can also set an optional expiration time, anywhere from 1 minute to 7 days. Either way, Privnote tracks whether a note has expired through encrypted browser cookies. When you open a privnote URL, it checks the cookie to see if you have viewed it before. If so, the note has already expired, and you see a plain “Note not found” message instead of the decrypted content. If it’s your first time opening the link, Privnote decrypts the note and sets a cookie indicating you have viewed it. Once you close the tab, that cookie signals to Privnote that it has been read and can now expire.
Auto-deleting expired notes
Simply encrypting notes and tracking expiration status wouldn’t fully prevent traces of the privnote from lingering indefinitely on Privnote’s servers. So, the service also automatically deletes expired notes on its backend. Privnote runs periodic sweeps of its database looking for privnotes past their expiration time. Any expired notes get permanently erased. It helps remove the risk of encrypted privnotes accumulating over time and ensures nothing lingers after a note’s designated reading window.
No log policy
In addition to securely handling the notes themselves, Privnote also aims to minimize metadata logged around privnotes. When you access a note, all Privnote records are the basic timestamp, IP address, and user agent string. It does not record any identifying information about the user. And importantly, it does not log which specific URL you accessed. This no-log policy means no record is kept of which privnote URLs were created or accessed. The only information retained is what’s necessary for Privnote’s internal operations.
Open source code
As one final precaution, Privnote publishes its client-side code as open-source software. It allows security researchers to audit the code to ensure there are no vulnerabilities or privacy risks in Privnote’s implementation. If any issues occurred, the open-source community could identify them and hold Privnote accountable. No copies of the decrypted content are retained by anyone, providing users with a uniquely secure way to share private thoughts.
Temporary sensitive data
how to protect text in word? Privnote is handy when you want to briefly share confidential information like passwords, credit card numbers, or account numbers. You pass the sensitive data through Privnote instead of through insecure channels like email or chat. Once read, the data vanishes forever rather than lingering in insecure message histories. Privnote also provides a way to share delicate feedback or criticism for which you don’t need a permanent record. Negative feedback given through normal channels could be copied or photographed. With Privnote, you ensure the feedback gets conveyed but doesn’t get saved or reused later without your consent.
