Privacy Policy — Plivnote

Plivnote is designed on the principle of data minimization — we collect as little data as possible to provide our service. When you create a self-destructing note, the content of your note is encrypted in your browser using AES-256 encryption before it is transmitted to our servers. We store only the encrypted version of your note, and we do not possess the decryption key (which is embedded in the unique link generated for you). We do not require or collect any personal information such as your name, email address, phone number, or physical address to use our core service. Our web servers may automatically collect limited technical information such as IP addresses, browser type, operating system, and referring URLs in server access logs. These logs are used solely for security monitoring and abuse prevention, are not linked to any note content, and are automatically deleted after 7 days. We do not use this technical data for tracking, profiling, or advertising purposes.

The encrypted note data we store is used for one purpose only: to deliver your self-destructing note to the intended recipient when they access the unique link. Once the note has been read and the encrypted data has been decrypted by the recipient's browser, the encrypted data is permanently deleted from our servers. We do not analyze, mine, or process the content of notes in any way — indeed, our zero-knowledge architecture makes this technically impossible, as we never possess the decryption keys. The limited technical data collected in server access logs (such as IP addresses) is used exclusively for maintaining the security and integrity of our service, detecting and preventing abuse (such as spam or denial-of-service attacks), and troubleshooting technical issues. We do not use any collected data for advertising, marketing profiling, or sale to third parties. If you subscribe to our newsletter, we use your email address solely for sending you the newsletter content you requested, and you may unsubscribe at any time.

All encrypted note data is stored on secure servers located in Switzerland, which benefits from some of the strongest data protection laws in the world. Encrypted notes are stored only until they are read by the recipient, at which point they are permanently and irreversibly deleted from our servers. Unread notes that are not accessed within their expiration period (default: 30 days) are also automatically and permanently deleted. Our server access logs are retained for a maximum of 7 days before automatic deletion. Newsletter subscriber email addresses are stored securely and retained only for as long as the subscription is active. We use industry-standard security measures to protect all stored data, including encrypted storage, access controls, and regular security audits. Our Swiss hosting infrastructure is certified to meet rigorous physical and digital security standards.

Under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), you have several important rights regarding your personal data. These include the right to access any personal data we hold about you, the right to request correction of inaccurate data, the right to request deletion of your data, the right to restrict or object to certain types of data processing, and the right to data portability. However, due to the nature of our service, there is very little personal data for us to provide. We do not collect personal information when you create or read notes, and note content is encrypted with keys we do not possess. If you have subscribed to our newsletter, you may exercise your rights regarding your email address by contacting us at info@plivnotecom.com. We will respond to all legitimate requests within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority.

Plivnote uses a minimal number of third-party services to operate our platform. Our web hosting infrastructure is provided by Swiss-based data center operators who are contractually bound to comply with Swiss data protection standards. We may use a content delivery network (CDN) to ensure fast and reliable access to our website from locations around the world. If you subscribe to our newsletter, we use a third-party email service provider to manage subscriptions and deliver emails. All third-party service providers we work with are carefully selected based on their privacy practices and data protection compliance. We require all third-party providers to process data only in accordance with our instructions and applicable data protection laws. We do not share, sell, or rent any user data to third parties for advertising, marketing, or any other commercial purpose. We do not integrate third-party tracking pixels, social media widgets, or advertising networks into our platform.

Security is the foundation of everything we build at Plivnote. We employ multiple layers of security to protect our platform and your data. All communications between your browser and our servers are encrypted using TLS 1.3, the most current and secure transport layer protocol. Note content is encrypted using AES-256 encryption in your browser before transmission, ensuring that even in-transit data is protected by multiple encryption layers. Our servers are hardened according to industry best practices, with regular security updates, intrusion detection systems, and continuous monitoring. Access to our server infrastructure is strictly limited to authorized personnel and protected by multi-factor authentication. We conduct regular security audits and penetration testing to identify and address potential vulnerabilities. Our zero-knowledge architecture provides an additional layer of protection: because we never possess the decryption keys for your notes, a compromise of our server infrastructure would not expose note contents. Despite these measures, no system can guarantee absolute security. We encourage users to exercise caution when sharing sensitive information and to verify the identity of recipients before sending notes.

Plivnote is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. Since our core service does not require any personal information to use, the risk of inadvertent collection of children's data is minimal. However, if we become aware that we have inadvertently collected personal information from a child under 16 (for example, through a newsletter subscription), we will take immediate steps to delete that information from our systems. Parents and guardians who believe that their child may have provided personal information to Plivnote are encouraged to contact us at info@plivnotecom.com so that we can take appropriate action. We are committed to complying with all applicable laws and regulations regarding the protection of children's privacy, including the Swiss FADP and the EU GDPR provisions related to children's data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will post the updated version on this page with a revised 'Last Updated' date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. If we make changes that significantly affect your rights or our obligations, we will make reasonable efforts to notify users through a prominent notice on our website. Your continued use of Plivnote after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with any changes, you should discontinue use of our service. For questions about this policy or any updates, please contact us at info@plivnotecom.com. Previous versions of this policy are available upon request.