Last modified: May 15th, 2022
At NotesOnline, privacy is taken very seriously, since the main purpose of the site is to preserve it. This policy outlines the measures taken by NotesOnline to protect the privacy of its users.
1. Service description
NotesOnline is a free web based service that allows users to create encrypted notes that they can share over the internet as unique one-time-use HTTPS URLs (hereafter referred to as links) which by default expire after its first access via any web browser.
As NotesOnline does not provide any means for transmitting the link, the act of sending the link is the full responsibility of NotesOnline users.
Depending on the communication channel of your choice (e.g., e-mail, fax, SMS, phone, instant messaging, social media), there may be a certain risk that third parties intercept your communication, get knowledge of the communicated link and thus may be able to read your note.
2. How the notes and its contents are processed
The link is generated in the user's browser and at no time is sent as such to NotesOnline. The link is thus in the sender's (and later possibly in the recipient's) hands only. Therefore, there is no way to recover a note if a NotesOnline user losses the link.
Since only the link binds the decryption key to the note's content and since NotesOnline does not have the link, at no time is any note held in any readable format state at NotesOnline. This assures that nobody (including Pirvnote's administrators) can read a note.
When using NotesOnline's default funtionality, when a note is retrieved, its data is completely removed from NotesOnline; there is absolutely no way to recover it again.
When "Show options" is selected and the user opts for a time interval for the note's removal, then independently of how many times the note is retrieved, the note will be deleted only after that specified time is completed.
After a note is deleted from NotesOnline, there is absolutely no way to recover it again.
When a note is not retrieved after 30 days, NotesOnline removes it permanently, just as if it were read.The NotesOnline sysadmin team will do as much as possible to protect the site against unauthorized access, modification or destruction of the data. But, even if someone or something could manage to gain access to the database, they would be unable to read the notes since their contents are encrypted and can't be decrypted without the links which NotesOnline never has a hold of.
3. Processing of IP addresses
NotesOnline is not logging the IP addresses; they are processed to enable communication with NotesOnline's servers but they are not part of the log-files. IP addresses are deleted as soon as they are no longer needed for the purpose of communication.
4. Pseudonymous data
The creator of the note can introduce personal data into the note. Even though this data is encrypted, the data can be decrypted again and thus constitutes pseudonymous (personal) data. In any case, one cannot deduce the note's creator from NotesOnline's database, as NotesOnline does not store IP addresses.
The decryption of the note's data is in the users' hands (sender and recipient). NotesOnline is not able to decrypt the note and access the data (personal or otherwise) introduced by the creator since NotesOnline is never in possession of the decryption key which is contained only in the link.
When a person clicks the NotesOnline's link, NotesOnline declines any responsibility related to the note's content.
6. Disclosure of Data to Third Party