Privacy Policy

We collect minimal information necessary to provide our secure messaging service. This includes technical data such as IP addresses for security purposes, browser information for compatibility, and usage statistics to improve our service. We do not collect personal information such as names, email addresses, or phone numbers unless voluntarily provided for support purposes. Our zero-knowledge architecture ensures that message content is never accessible to us, as all encryption occurs on your device before transmission. We may collect anonymous analytics data to understand service usage patterns and improve security measures, but this data cannot be linked to individual users or specific messages.

The limited data we collect is used exclusively to provide, maintain, and improve our secure messaging service. Technical information helps us ensure service reliability, prevent abuse, and enhance security measures. We use aggregated, anonymous usage statistics to identify potential improvements and security vulnerabilities. We never use your data for advertising purposes, marketing campaigns, or any commercial activities beyond providing our core service. All data processing is conducted in accordance with privacy-by-design principles, ensuring minimal data collection and maximum protection of user privacy. We do not create user profiles, track behavior across sessions, or engage in any form of surveillance of user communications.

We employ a zero-knowledge storage approach where encrypted message data is stored temporarily on secure servers until accessed by the intended recipient. Once a message is read, it is permanently and irreversibly deleted from all our systems. Our servers are located in secure data centers with physical and digital security measures including 24/7 monitoring, access controls, and encrypted storage systems. We use industry-standard security protocols and regularly update our infrastructure to protect against emerging threats. Backup systems are also encrypted and follow the same automatic deletion protocols. We retain minimal technical logs for security purposes only, and these are automatically purged according to our data retention schedule.

As a user of PrivNote, you have comprehensive rights regarding your data and privacy. You can request information about any data we may have collected, although our zero-knowledge architecture means we have very limited information about individual users. You have the right to request deletion of any account information or support communications. Since messages are automatically destroyed after reading, there is typically no message content to delete. You can opt out of anonymous analytics collection by adjusting your browser settings or contacting our support team. You have the right to data portability, though the ephemeral nature of our service means there is typically no data to export. You can also request clarification about our privacy practices or file complaints about privacy concerns through our support channels.

We minimize the use of third-party services to protect your privacy, but some integrations are necessary for service operation. We use trusted cloud infrastructure providers who meet strict security and privacy standards and have signed data processing agreements with us. These providers do not have access to decrypted message content due to our zero-knowledge architecture. We may use analytics services that collect only anonymous, aggregated data that cannot be linked to individual users. We do not integrate with social media platforms, advertising networks, or other services that could compromise user privacy. Any third-party services we use are carefully vetted for their privacy practices and commitment to data protection. We regularly review and audit our third-party relationships to ensure they continue to meet our high privacy standards.

We implement multiple layers of security to protect your data and communications. All messages are encrypted using AES-256 encryption, the same standard used by military and government organizations. Our zero-knowledge architecture ensures that encryption keys are never transmitted to or stored on our servers. We employ secure transmission protocols, including TLS encryption for all communications between your device and our servers. Our infrastructure includes intrusion detection systems, regular security audits, and continuous monitoring for potential threats. We maintain incident response procedures and regularly test our security measures through penetration testing and vulnerability assessments. Our security team stays current with the latest threats and continuously updates our defenses to protect against emerging risks.

PrivNote is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information from our systems. Parents and guardians are encouraged to monitor their children's internet usage and educate them about online privacy and security. If you believe that a child under 13 has provided personal information to us, please contact us immediately so we can take appropriate action. For users between 13 and 18 years of age, we encourage parental guidance and supervision when using our service. We are committed to protecting the privacy of all users, especially minors, and maintaining compliance with applicable children's privacy laws and regulations.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify users through our website and provide clear information about what has changed. We encourage users to review this policy regularly to stay informed about how we protect their privacy. Any changes will be effective immediately upon posting the updated policy on our website. We will maintain previous versions of our Privacy Policy for reference and transparency. If you disagree with any changes to our Privacy Policy, you should discontinue use of our service. Continued use of PrivNote after policy updates constitutes acceptance of the revised terms. For questions about policy changes or privacy practices, please contact our support team.