Privacy Policy — How Privnotse.com Protects Your Data

Last Updated 2026-05-20

1

Data Collection

Privnotse.com is designed to collect the absolute minimum amount of data necessary to operate our service. When you create a self-destructing note, the content of your note is encrypted in your browser before it is transmitted to our servers. We never receive, store, or have access to the unencrypted content of your notes. The encryption key is embedded in the unique URL fragment and is never sent to our servers. We do not require account registration, and we do not collect personal information such as your name, email address, phone number, or physical address. When you visit our website, our servers may automatically log limited technical information including your IP address, browser type, operating system, and the date and time of your visit. This information is used solely for maintaining the security and performance of our service and is not linked to any personal identity. We do not use this information for tracking, profiling, or marketing purposes. If you contact us via email for support or inquiries, we will collect the information you voluntarily provide, such as your email address and the content of your message. This information is used solely to respond to your inquiry and is not shared with third parties.
2

Use of Data

The limited data we collect is used exclusively for the following purposes: (1) To operate and maintain the Privnotse.com service, including storing encrypted notes temporarily until they are read and destroyed; (2) To ensure the security, integrity, and availability of our platform, including monitoring for abuse, attacks, or unauthorized access; (3) To respond to support inquiries and communications you initiate with us; (4) To comply with applicable legal obligations under Swiss and European law. We do not use your data for advertising, marketing, profiling, or any purpose beyond what is strictly necessary to provide our service. We do not sell, rent, lease, or trade your data to any third party for any reason. We do not build user profiles. We do not track your behavior across our site or across the internet. Our business model does not depend on monetizing user data in any way.
3

Data Storage

Encrypted notes are stored on our secure servers located in Switzerland for the minimum time necessary — specifically, until the note is read by the recipient or until the note's expiration time is reached, whichever comes first. Once a note is read, it is permanently and irrevocably deleted from our servers within seconds. There are no backups or archives of destroyed notes. Our deletion process is designed to be irreversible. Server logs containing limited technical information (IP addresses, timestamps, browser type) are retained for a maximum of 30 days for security and abuse prevention purposes, after which they are automatically purged. If you contact us via email, your correspondence may be retained for up to 12 months to provide ongoing support, after which it is deleted. All data stored on our servers is protected by encryption at rest and in transit. Our servers are hosted in Tier IV data centers in Switzerland with strict physical security controls, including biometric access, 24/7 surveillance, and redundant power and cooling systems.
4

User Rights

Under the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: • Right of Access: You have the right to request information about what personal data we hold about you. Given our minimal data collection practices, this will typically be limited to server logs (if still within the 30-day retention period) and any support correspondence. • Right to Rectification: You have the right to request correction of any inaccurate personal data we hold about you. • Right to Erasure: You have the right to request deletion of your personal data. Given that note content is automatically destroyed after reading and server logs are automatically purged after 30 days, this right is largely fulfilled by our system design. • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format. • Right to Object: You have the right to object to the processing of your personal data. To exercise any of these rights, please contact us at info@privnotsecom.com. We will respond to your request within 30 days.
5

Third-Party Services

Privnotse.com uses a minimal number of third-party services to operate our platform. We carefully vet each third-party provider to ensure they meet our strict privacy and security standards. Our website may use a content delivery network (CDN) to ensure fast and reliable access to our service worldwide. CDN providers may process limited technical data (such as IP addresses) to route traffic efficiently. We select CDN providers that do not log or retain this data beyond what is technically necessary. We do not use third-party analytics services that track individual users. We do not integrate with social media platforms. We do not embed third-party advertising or tracking scripts on our website. We do not share any data with data brokers, marketing platforms, or advertising networks. If we ever need to engage a new third-party service provider, we will update this Privacy Policy accordingly and ensure that the provider is contractually bound to protect your data in accordance with our privacy standards and applicable law.
6

Data Security

We implement comprehensive technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include: • AES-256 encryption for all note content, with encryption performed client-side before data reaches our servers. • TLS 1.3 encryption for all data in transit between your browser and our servers. • Encryption at rest for all data stored on our servers. • Zero-knowledge architecture ensuring that we cannot access the content of your notes under any circumstances. • Regular security audits and penetration testing conducted by independent third-party security firms. • Strict access controls limiting server access to authorized personnel only, with multi-factor authentication required. • Automated monitoring systems that detect and respond to potential security threats in real time. • Physical security measures at our data center facilities, including biometric access controls, 24/7 video surveillance, and environmental controls. While no system can guarantee absolute security, our multi-layered approach ensures that your data is protected by industry-leading security practices at every level.
7

Children's Privacy

Privnotse.com is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. Because our service does not require account registration and we do not collect personal information during normal use, it is unlikely that we would inadvertently collect data from minors. However, if we become aware that a child under 16 has provided us with personal information (for example, through a support email), we will take immediate steps to delete that information from our systems. Parents or guardians who believe their child may have provided personal information to us should contact us at info@privnotsecom.com, and we will promptly investigate and delete any such data. We encourage parents and guardians to monitor their children's internet usage and to educate them about online privacy and security. While our service is designed to protect privacy, responsible use of any online tool requires awareness and good judgment.
8

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will post the updated version on this page with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of Privnotse.com after any changes to this policy constitutes your acceptance of the updated terms. For significant changes that materially affect your rights or how we process your data, we will make reasonable efforts to provide prominent notice, such as a banner on our website. However, because we do not collect email addresses or other contact information from our users, we cannot provide individual notification of policy changes. If you have any questions about this Privacy Policy or our data practices, please contact us at info@privnotsecom.com or write to us at 42 Privacy Lane, Zurich, 8001, Switzerland. We are committed to addressing your concerns and ensuring that your privacy is protected.

Data Controller

privnotse.com

Contact Information

If you have any questions about our privacy practices, please contact us using the details below.

Contact Us