Privacy Policy — Privnotc.com

Privnotc.com is built on a principle of data minimalism — we collect only the absolute minimum information necessary to provide our self-destructing note service. When you create a note, the content is encrypted in your browser using AES-256 encryption before it is transmitted to our servers. We never receive, store, or have access to the plaintext content of your notes. The only data we store temporarily is the encrypted ciphertext, which is meaningless without the decryption key embedded in the unique link generated for you. We do not require account registration, and we do not collect your name, email address, phone number, or any other personally identifiable information to use our core service. Our web servers automatically collect standard technical data including IP addresses, browser type, operating system, and access timestamps in server logs. These logs are used exclusively for security monitoring, abuse prevention, and infrastructure maintenance, and are automatically purged after 7 days. We do not use this technical data to identify, track, or profile individual users.

The limited data we collect is used exclusively for the following purposes: (1) Delivering the self-destructing note service — storing encrypted note data temporarily until it is read by the recipient or reaches its expiration time, at which point it is permanently deleted. (2) Security monitoring — analyzing server logs to detect and prevent abuse, denial-of-service attacks, and unauthorized access attempts. (3) Infrastructure maintenance — monitoring server performance, uptime, and capacity to ensure reliable service delivery. (4) Legal compliance — responding to valid legal requests from Swiss authorities as required by applicable law. We do not use your data for advertising, marketing, user profiling, behavioral tracking, or any purpose unrelated to the direct provision and security of our service. We do not sell, rent, trade, or otherwise share your data with third parties for their commercial purposes. We do not use your data to build user profiles or to serve targeted advertisements.

All encrypted note data is stored on secure servers located in Zurich, Switzerland, operated by certified data center providers that comply with ISO 27001 and SOC 2 standards. Encrypted notes are stored only until they are read by the recipient (at which point they are permanently deleted within milliseconds) or until they reach their configured expiration time (default: 30 days), whichever comes first. Once deleted, the data cannot be recovered by any means — we do not maintain backups of note content. Server access logs containing technical data (IP addresses, browser information, timestamps) are stored for a maximum of 7 days and then automatically purged. Newsletter subscription data (if you voluntarily subscribe) is stored on our email service provider's servers and retained until you unsubscribe. All data transmissions between your browser and our servers are protected by TLS 1.3 encryption in transit, and all stored data is encrypted at rest using full-disk encryption on our servers.

Under Swiss data protection law (the Federal Act on Data Protection, FADP) and the European General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: (1) Right of access — you may request information about what personal data we hold about you. Given our minimal data collection practices, this is typically limited to server log entries. (2) Right to rectification — you may request correction of any inaccurate personal data. (3) Right to erasure — you may request deletion of your personal data. Note that encrypted notes are automatically deleted after reading or expiration, and server logs are automatically purged after 7 days. (4) Right to data portability — you may request a copy of your data in a machine-readable format. (5) Right to object — you may object to the processing of your personal data. (6) Right to lodge a complaint — you may file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority. To exercise any of these rights, please contact us at info@privnotccom.com. We will respond to all legitimate requests within 30 days.

Privnotc.com uses a minimal number of third-party services to operate our platform. These include: (1) Hosting infrastructure — our servers are hosted by a Swiss-based data center provider that is contractually bound to comply with Swiss data protection laws and maintains ISO 27001 certification. (2) Content delivery network (CDN) — we use a CDN to deliver static website assets (CSS, JavaScript, images) efficiently. The CDN may process your IP address and browser information to route content to the nearest server. (3) Email service provider — if you voluntarily subscribe to our newsletter, your email address is processed by our email service provider, which is contractually bound to use your data only for delivering our newsletter. We do not use third-party analytics services such as Google Analytics. We do not embed third-party advertising scripts. We do not use social media tracking pixels. We do not share encrypted note data with any third party under any circumstances. All third-party service providers we work with are carefully vetted, contractually obligated to protect your data, and located in jurisdictions with strong data protection laws.

We implement comprehensive technical and organizational security measures to protect your data. On the technical side, all notes are encrypted using AES-256 encryption in your browser before transmission (client-side encryption), ensuring that our servers never have access to plaintext note content. All data in transit is protected by TLS 1.3 encryption. All data at rest on our servers is protected by full-disk encryption. Our servers are hardened according to industry best practices, with regular security updates, intrusion detection systems, firewall protection, and automated vulnerability scanning. On the organizational side, access to our production servers is restricted to a minimal number of authorized personnel using multi-factor authentication and SSH key-based access. All server access is logged and audited. We conduct regular security reviews and penetration testing by independent third-party security firms. Our team members receive ongoing security awareness training. In the unlikely event of a security incident, we have a documented incident response plan that includes prompt notification of affected users and relevant authorities as required by applicable law.

Privnotc.com is not designed for, marketed to, or intended to be used by children under the age of 16. We do not knowingly collect personal data from children under 16. Since our service does not require account registration and we do not collect personally identifiable information during normal use, we have limited ability to verify the age of our users. However, if we become aware that a child under 16 has provided us with personal data (for example, through our newsletter subscription or contact form), we will take immediate steps to delete that information from our systems. Parents and guardians who believe that their child may have provided personal data to Privnotc.com are encouraged to contact us at info@privnotccom.com so that we can take appropriate action. We encourage parents and guardians to monitor their children's internet usage and to educate them about online privacy and the importance of not sharing personal information without parental consent.

We may update this Privacy Policy from time to time to reflect changes in our data practices, our services, applicable laws, or industry best practices. When we make material changes to this policy, we will notify users by posting a prominent notice on our website and updating the 'Last Updated' date at the top of this page. For significant changes that materially affect your rights or our data processing practices, we will provide at least 30 days' advance notice before the changes take effect. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of Privnotc.com after any changes to this policy constitutes your acceptance of the updated terms. If you disagree with any changes, you should discontinue use of our service. Previous versions of this Privacy Policy are available upon request by contacting us at info@privnotccom.com. This policy was last updated on May 23, 2026.