Frequently Asked Questions

How secure are my messages?

Your messages are secured using AES-256 encryption, which is implemented directly in your browser using the Web Crypto API. The encryption key is never sent to our server. Only the encrypted content is transmitted and stored.

Can the site administrators read my messages?

No. Due to our zero-knowledge architecture, we do not have access to your encryption keys or unencrypted content. The messages are encrypted in your browser before being sent to our servers, and we only store the encrypted version.

What happens when someone views my note?

When a recipient opens the link and confirms they want to view the note, it is immediately and permanently deleted from our servers after being served to their browser.

How long are notes stored?

Notes are stored for a maximum of 24 hours from creation. If they are not viewed within this period, they are automatically deleted. Once a note is viewed, it is instantly deleted from our servers.

What if I forgot to copy the note URL?

Unfortunately, there is no way to recover access to a note if you've lost the URL. The URL contains the encryption key (after the # symbol) which is required to decrypt the message. We recommend copying the URL immediately after creating a note.

What file types can I attach?

You can attach almost any file type up to 15MB in size. All attached files are encrypted in your browser before being uploaded, similar to the note content.

Can someone read my note if they intercept the URL?

Yes. The encryption key is contained in the URL (after the # symbol). Anyone who has the complete URL can decrypt and read the note. We recommend sharing the URL through secure channels and using additional authentication methods for highly sensitive information.

Is my data monitored or analyzed?

No. We do not monitor, analyze, or data-mine any content. Since all data is encrypted, we could not analyze it even if we wanted to.

How is my data protected on your servers?

Your data is protected through client-side encryption and secure database practices:

  • End-to-End Encryption: Your messages are encrypted in your browser using AES-256 before being sent to our servers
  • Immediate Deletion: Messages are deleted immediately after being viewed or after 24 hours, whichever comes first
  • No Key Storage: We never store or have access to encryption keys
  • HTTPS for Transit: All data in transit is protected by TLS/SSL encryption

Since all stored data is encrypted and never kept longer than 24 hours, there is minimal risk exposure even in the unlikely event of unauthorized database access.

What data do you log?

We keep logging minimal for your privacy. We don't maintain persistent audit trails or user profiles. Our approach is:

  • No long-term storage of access logs
  • No IP address tracking or profiling
  • No user session data or cookies beyond what's necessary
  • Security monitoring only (real-time abuse detection)

Important: We never log the actual content of your messages or files. We don't build profiles or track usage patterns.

Can I password protect my notes?

This feature is not currently implemented but is being considered for future updates.

Back to Main Page Read Our Privacy Policy