Privacy Policy

SecureNote operates on a data minimization principle, collecting only the absolute minimum information necessary to provide our service. We do not require user registration, personal information, or account creation for basic functionality. When you create a message, we temporarily store only the encrypted message content and metadata necessary for delivery. We do not collect names, email addresses, phone numbers, or other personal identifiers unless voluntarily provided for specific features like read receipts. Our servers automatically log basic technical information such as IP addresses, browser types, and access timestamps for security monitoring and service optimization, but this data is anonymized and automatically deleted within 30 days. We do not use tracking cookies, analytics scripts, or third-party advertising tools that could compromise your privacy.

The limited data we collect is used exclusively to provide and improve our secure messaging service. Encrypted message content is stored temporarily only until delivery and automatic deletion occurs. Technical logs are used for system monitoring, security threat detection, and service performance optimization. We never use your data for advertising, marketing, profiling, or any commercial purposes beyond providing the core service. We do not analyze message content, create user profiles, or track user behavior across sessions. All data processing is automated and designed to minimize human access. Our staff cannot access encrypted message content under any circumstances due to our zero-knowledge architecture. Any data analysis is performed on anonymized, aggregated statistics that cannot be traced back to individual users or messages.

SecureNote employs a distributed, encrypted storage system designed for maximum security and automatic data destruction. All message content is encrypted client-side using AES-256 encryption before transmission to our servers. Encrypted messages are stored temporarily in secure data centers with multiple layers of physical and digital security protections. Messages are automatically and permanently deleted after being read or upon expiration, with secure deletion protocols that overwrite data multiple times to prevent recovery. We maintain geographically distributed backups only for system resilience, not for data preservation—all backups follow the same automatic deletion schedules as primary storage. Our storage infrastructure is regularly audited by independent security firms to ensure compliance with industry best practices. We do not maintain long-term archives, permanent records, or backup copies of user messages under any circumstances.

As a SecureNote user, you maintain complete control over your data and privacy. You have the right to know what information we collect and how it's used, which is detailed in this policy. You can request information about any data associated with your usage, though our zero-knowledge system means we have very limited data to provide. You have the right to request deletion of any technical logs or metadata associated with your IP address or session, though most data is automatically deleted within 30 days anyway. You can opt out of any optional features that might collect additional information, such as read receipt notifications. You have the right to use our service anonymously without providing any personal information. If you believe your privacy rights have been violated, you can contact us immediately for investigation and resolution. You also have the right to file complaints with relevant data protection authorities in your jurisdiction.

SecureNote minimizes the use of third-party services to maintain maximum privacy control. We use reputable cloud infrastructure providers who meet strict security and privacy standards, but they cannot access encrypted message content due to our client-side encryption. We do not integrate with social media platforms, advertising networks, or analytics services that could compromise user privacy. Any third-party services we do use are carefully vetted for privacy compliance and are bound by strict data processing agreements. We do not share user data with marketing companies, data brokers, or other commercial third parties under any circumstances. When technically necessary, we may use trusted security services for DDoS protection and threat monitoring, but these services only access anonymized technical data, never message content. We regularly review and audit all third-party relationships to ensure they meet our privacy standards and user expectations.

SecureNote implements multiple layers of security to protect your data and privacy. All communications use TLS 1.3 encryption for transport security, while message content is protected by client-side AES-256 encryption. Our servers are hardened against attacks and regularly updated with security patches. We employ advanced intrusion detection systems, automated threat monitoring, and incident response procedures. Physical security includes biometric access controls, surveillance systems, and 24/7 security staffing at our data centers. We conduct regular penetration testing, vulnerability assessments, and security audits by independent firms. Our development practices include secure coding standards, code reviews, and automated security testing. We maintain incident response plans and will notify users immediately if any security breach could affect their data. Our security measures are continuously updated to address emerging threats and maintain the highest protection standards for user privacy and data security.

SecureNote is committed to protecting the privacy of children and complying with applicable children's privacy laws, including COPPA in the United States and similar regulations worldwide. Our service is designed for general audiences and we do not knowingly collect personal information from children under 13 years of age. We do not target children with our marketing or advertising, and our service does not include features specifically designed to appeal to children. If we become aware that we have collected personal information from a child under 13, we will immediately delete such information from our systems. Parents and guardians who believe their child has provided personal information to SecureNote should contact us immediately so we can investigate and take appropriate action. We encourage parents to monitor their children's internet usage and to help us protect their privacy by instructing them never to provide personal information online without permission. Our privacy-first approach and minimal data collection practices provide additional protection for users of all ages.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or service features. Any material changes will be prominently announced on our website and through our communication channels at least 30 days before taking effect. We will never make changes that reduce your privacy protections without clear notice and, where required by law, your consent. Minor updates for clarity or legal compliance may be made with shorter notice periods. We encourage users to review this policy regularly to stay informed about how we protect their privacy. The 'Last Updated' date at the top of this policy indicates when the most recent changes were made. If you disagree with any changes to this policy, you should discontinue use of our service before the changes take effect. Continued use after policy updates indicates acceptance of the revised terms. For significant changes, we may also provide additional notice through email or other direct communication methods where contact information has been voluntarily provided.