Privacy Policy

We collect minimal data necessary for service operation:

• Encrypted note content (without decryption keys)
• Metadata: creation time, TTL, view count
• IP addresses for rate limiting (not stored)
• Anonymous usage statistics (no personal data)

How we process your data:

• Encryption happens in your browser
• Decryption keys are never sent to server
• Notes are automatically deleted per settings
• We do not analyze or read note contents

Retention periods for different data types:

• Notes: until TTL expires or view limit reached
• Metadata: deleted with notes
• Access logs: 7 days for security
• Statistics: aggregated, no personal data

We do not share data with third parties, except:

• Cloudflare (CDN and DDoS protection)
• Upstash (managed Redis storage)
• Vercel (hosting platform)

You have the following rights:

• Right to deletion: use "Close and burn" button
• Right to portability: export data from browser
• Right to information: contact us with questions
• Right to rectification: recreate note with correct data

Security measures to protect your data:

• HTTPS encryption for all connections
• AES-GCM encryption with 256-bit keys
• Content Security Policy (CSP) headers
• Rate limiting to prevent attacks
• Regular security audits of code

For privacy questions, contact us: