Open App

Privacy Policy

Effective Date: May 2026. This Privacy Policy governs the use of PrivNote and outlines our strict zero-data architecture.

1. Data Collection & Storage (The "No Data" Clause)

PrivNote operates entirely as a Client-Side Application. We do not own, operate, or rent any backend servers, databases, or cloud infrastructure to store your personal data, notes, or usage metrics.

All notes, passwords, and API keys are stored exclusively within your local browser environment using IndexedDB. Because we collect nothing, we have nothing to share, sell, or leak.

2. Cryptography & Zero-Knowledge Architecture

Your data is protected using state-of-the-art native browser cryptography (Web Crypto API). Specifically, we utilize AES-GCM (Advanced Encryption Standard with Galois/Counter Mode) coupled with PBKDF2 for key derivation.

This constitutes a strict "Zero-Knowledge" architecture. Encryption and decryption occur only on your local device. The developer, app owner, internet service providers, or any malicious third parties cannot decrypt or read your notes without your exact passwords.

Warning: Because we possess zero knowledge of your encryption keys, we are mathematically incapable of assisting you with password recovery or data restoration if you forget your passwords.

3. Third-Party API Handling (Telegram & GitHub)

PrivNote offers optional syncing features via third-party APIs (Telegram Bot API and GitHub API). When you provide a Bot Token or a Personal Access Token (PAT):

  • These credentials are saved only locally within your browser's IndexedDB.
  • Network requests to Telegram or GitHub are made directly from your browser to their respective servers.
  • PrivNote's infrastructure (which is just static hosting) never intercepts, proxies, collects, or sees your API keys or the encrypted blobs you transmit.

Your relationship with those third-party services is governed by their respective privacy policies.

4. Zero Tracking & No Analytics

We believe true privacy requires absolute silence. PrivNote explicitly declares a Zero Tracking Policy:

  • We do not use tracking cookies.
  • We do not embed third-party analytics scripts (e.g., Google Analytics, Mixpanel).
  • We do not utilize marketing pixels or session recording software.
  • Your usage behavior within the app remains entirely unmonitored.

5. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect new features (such as premium/paid features), technical changes, or legal requirements.

Any changes will be posted on this page. Because we do not collect your email address or personal data, we cannot notify you individually. Your continued use of PrivNote following the posting of changes constitutes your acceptance of such changes.

If you have any questions about this Privacy Policy, please refer to our Contact page or review our open-source codebase on GitHub to independently verify these claims.