00101110110001001100010100000100001111000111010001
11000000001101101000010000101001110010010110111101
10100110010001011100100011101001111011000011110101
10111001111111010001001111111001011011010111111100
00001000011110111100101001010001011000000110001001
11000010001100110111010001000011011010110011100001
11111000010011001001101100000011011110101001011100
11010000100000011110011010000100101010111100000010
10111010000101111110000101111100010101110011010110
11101111011111100010010110011011101011000101011110
11100010000011111110011000001110000010111011000000
10011011110000110010010100010100010000100100111101
10010110111100001100010011101010110011010100010011
01001111110001111001101011101101001001011111000011
10100001010111111000110011101011101101000010100011
01101011000010000000001011000111011000010001101101
10000110000011000101101001000111011011100010100100
11111011000111011011011111111110111010001001110001
01010011000101101101001111001011000111010011110010
11010010101010011101111011110010100101001111100010
PrivNote

PrivNote Documentation

Create and share self-destructing private notes with end-to-end encryption.

About PrivNote
How it works and what it's for

What is PrivNote?

PrivNote is a secure platform for sharing sensitive information that automatically self-destructs after being read. It's designed for sharing passwords, private messages, or any information that shouldn't persist in communication channels like email or chat.

How It Works

  1. You create a note with sensitive information
  2. You can optionally add password protection, IP restrictions, and set an expiration time
  3. All notes are encrypted in your browser before being sent to the server using AES-256-GCM encryption
  4. For password-protected notes, your chosen password is used as the encryption key
  5. For notes without password protection, a secure random key is automatically generated and used for password-less encryption
  6. PrivNote generates a unique link that you can share
  7. When the recipient opens the link, the content is automatically decrypted in their browser (entering the password if required)
  8. After the note is viewed, it's permanently deleted from our servers
  9. If the recipient tries to access the link again, they'll see an error message

Password-Protected Notes

Encrypted with your chosen password. Recipients must enter the password to view the content.

Password-less Notes

Still encrypted with a secure random key. Recipients can view without entering a password.

Security & Privacy Features

Universal Client-side Encryption: All notes are encrypted in your browser using AES-256-GCM encryption before being sent to the server. This means that even we cannot read the content of your notes.

Password Protection: For notes with password protection, your chosen password is used as the encryption key. For notes without password protection, a secure random key is automatically generated and used for encryption.

Zero-Knowledge Architecture: Your sensitive data is encrypted before it leaves your device, ensuring that our servers never see the unencrypted content.

Data Storage: Notes are stored in Vercel KV, a secure Redis-compatible database. Each note is assigned a random, unique identifier, and the content is always stored in encrypted form.

Transport Security: All data is transmitted using HTTPS encryption to protect against interception.

IP Restrictions: You can choose to restrict access to a note to your current IP address, adding an extra layer of security.

Rate Limiting: We implement rate limiting to prevent abuse and brute force attacks.

Flexible Expiration: You can choose how long your note should be available before it automatically expires (1 hour, 24 hours, 7 days, or 30 days).

Automatic Deletion: Notes are permanently deleted after being viewed once. Additionally, all notes have an expiration timer, after which they are automatically deleted even if they haven't been viewed.

No Logs: We don't keep logs of note content or access patterns beyond what's necessary for the service to function.

Security Note

While PrivNote provides a secure way to share sensitive information, it's important to understand that:

  • The recipient could save or screenshot the content before it self-destructs
  • You should only share the generated link through secure channels
  • For extremely sensitive data, consider using end-to-end encrypted communication methods
Technical Implementation
How PrivNote is built and secured

Technology Stack

  • Next.js - React framework for the frontend and API routes
  • Vercel KV - Redis-compatible database for storing notes
  • Vercel Hosting - For secure, scalable deployment
  • Tailwind CSS & shadcn/ui - For the user interface
  • Web Crypto API - For client-side encryption and decryption

Encryption Process

1. Encryption

Note content is encrypted in your browser using AES-256-GCM before being sent to the server

2. Storage

Encrypted note is stored with a unique ID and expiration time

3. Decryption

When accessed, note is decrypted in the recipient's browser and deleted from the server

Security Implementation Details

Universal Client-side Encryption: All notes are encrypted in the browser using the Web Crypto API with AES-256-GCM encryption before being sent to the server. For password-protected notes, the encryption key is derived from the password using PBKDF2 with 100,000 iterations and SHA-256 hashing. For notes without password protection, a secure random key is automatically generated.

Automatic Decryption: For notes without password protection, the encryption key is securely stored with the note and automatically retrieved when the note is accessed. This allows for seamless decryption without requiring user input, while still maintaining end-to-end encryption.

Password-less Security: Even without a user-provided password, notes are still fully encrypted using cryptographically secure random keys. This provides the convenience of password-less sharing while maintaining strong encryption.

Data at Rest: Notes are stored in Vercel KV with randomly generated identifiers. All notes are encrypted before they reach our servers, ensuring that sensitive data is never stored in plain text.

Data in Transit: All communication between clients and servers is encrypted using HTTPS to protect against man-in-the-middle attacks.

Access Control: Each note can only be accessed once using its unique identifier. After a note is viewed, it's immediately deleted from the database. For password-protected notes, the correct password must be provided to decrypt the content.

IP Restrictions: When enabled, we store the creator's IP address and verify that requests to view the note come from the same IP address.

Rate Limiting: We limit the number of notes that can be created or viewed from a single IP address within a specific time window to prevent abuse.

Expiration: All notes have an expiration timer (1 hour, 24 hours, 7 days, or 30 days), after which they are automatically deleted from the database.

Additional Security Considerations

While PrivNote implements several security measures, here are some additional considerations for highly sensitive data:

  • For maximum security, use password protection for sensitive information
  • Consider using shorter expiration times for highly sensitive data
  • Share the password through a different communication channel than the link
  • Remember that the recipient could still save or screenshot the content before it self-destructs
  • For extremely sensitive data, consider using end-to-end encrypted communication methods
API Documentation
Technical documentation for developers

If you want to integrate PrivNote into your own application, you can find detailed information on our API documentation page.

View API Documentation
Frequently Asked Questions
Common questions about PrivNote

We've created a separate page with frequently asked questions to help you better understand PrivNote.

View FAQs
← Back to Home

Built with Next.js, Tailwind CSS, and Vercel KV. Secured with client-side encryption.