Privacy Policy

Updated: 2026-03-04

1. Data Collection

We collect minimal information necessary to provide our secure messaging service. This includes technical data such as IP addresses for security monitoring, browser information for compatibility, and timestamps for note expiration management. We do not collect personal identification information unless you voluntarily provide it for premium account features. All note content is encrypted client-side before transmission and we never have access to the actual message content. Our zero-knowledge architecture ensures that even our technical staff cannot view or recover your sensitive information.

2. Use of Data

The limited data we collect is used exclusively to provide and improve our secure messaging service. IP addresses help us detect and prevent abuse, while technical metadata enables proper note expiration and delivery confirmation. We never use your data for advertising, marketing to third parties, or any commercial purposes beyond service provision. Usage analytics are anonymized and aggregated to help us improve security features and system performance. We do not create user profiles or track individual behavior patterns across sessions.

3. Data Storage

Note content is stored temporarily in encrypted memory only and is cryptographically destroyed immediately after reading or upon expiration. We use military-grade AES-256 encryption with ephemeral keys that are deleted along with the content. Our servers are located in SOC 2 certified data centers with physical security controls, environmental monitoring, and 24/7 surveillance. All data transmission occurs over encrypted HTTPS connections with perfect forward secrecy. We maintain minimal logs for security monitoring, which are automatically purged after 30 days.

4. User Rights

You have the right to request information about any personal data we may have collected, though our zero-knowledge architecture means we typically have no personal information to provide. You can request deletion of any account information if you've created a premium account. Since note content is automatically destroyed, there is no recoverable content data to delete. You have the right to object to data processing, though this may limit service functionality. For users in GDPR jurisdictions, you have additional rights including data portability, though the ephemeral nature of our service means there is typically no data to port.

5. Third-Party Services

We use carefully selected third-party services to support our operations, including cloud infrastructure providers, email delivery services for notifications, and payment processors for premium accounts. All third parties are bound by strict data protection agreements and are required to maintain security standards equivalent to our own. We do not share user data with advertising networks, analytics companies, or any other third parties for commercial purposes. Any data shared with service providers is limited to what is absolutely necessary for service functionality and is protected by contractual privacy safeguards.

6. Data Security

We implement multiple layers of security to protect your information, including end-to-end encryption, secure key management, regular security audits, and penetration testing by independent security firms. Our development team follows secure coding practices and all code undergoes security review before deployment. We maintain incident response procedures and will notify users promptly in the unlikely event of a security incident. Our infrastructure includes DDoS protection, intrusion detection systems, and automated threat monitoring. All staff undergo background checks and security training, and access to systems is strictly controlled on a need-to-know basis.

7. Children's Privacy

PMivNote is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information. Parents who believe their child has provided us with personal information should contact us immediately. For users between 13 and 18, we recommend parental guidance when using our service, particularly for understanding the permanent nature of note destruction and the importance of not sharing sensitive personal information online.

8. Policy Updates

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify users of significant changes through email notification for registered users and prominent notice on our website for all users. Continued use of our service after policy updates constitutes acceptance of the revised terms. We encourage users to review this policy regularly to stay informed about how we protect their privacy. The date of the most recent update is always displayed at the top of this policy. For material changes that affect data handling practices, we will provide at least 30 days advance notice.

Questions? Contact us:

info@pmivnote.com