Complete Reference

The Complete Privnote Guide

Everything you need to know about creating, sending, and managing self-destructing notes with Privnote — from your very first note to advanced configurations.

01

What Is Privnote?

Digital privacy concept

Privnote is a free, web-based service launched in 2008 that solves a specific and common problem: how do you share sensitive information with someone without that information persisting indefinitely in email inboxes, chat logs, or cloud storage? The answer Privnote provides is elegant in its simplicity — a note that destroys itself the moment it is read.

The service works entirely through a web browser. You visit Privnote.com, type your message, and the service generates a unique URL. When the recipient opens that URL, they see the message — and the note is immediately and permanently deleted from Privnote's servers. The URL becomes invalid. No copy remains anywhere on Privnote's infrastructure.

This approach is fundamentally different from simply deleting a message after sending it. With email or messaging apps, even "deleted" messages often remain in archives, backups, or server logs. Privnote's architecture is designed from the ground up so that the note cannot persist — it is a technical guarantee, not just a policy.

The Core Value Proposition

The value of Privnote lies in what it prevents rather than what it enables. It prevents your sensitive message from becoming a permanent part of someone's email archive. It prevents the note from being forwarded to unintended recipients. It prevents the information from appearing in email search results years later. It reduces the digital footprint of your most sensitive communications.

For this reason, Privnote has become a standard tool for IT professionals sharing credentials, businesses communicating sensitive instructions, journalists protecting sources, and anyone who values the principle that some information should have a natural expiration date.

02

Creating Your First Note

Step 1

Navigate to Privnote.com

Open your web browser and go to privnote.com. Make sure you are on the correct domain — the official site is privnote.com (not privnotes.com or any other variation, which are known phishing sites). You will see a simple text area in the center of the page.

Step 2

Type Your Message

Click inside the text area and type or paste your message. Privnote supports plain text of substantial length. You can include passwords, instructions, personal notes, codes, or any text-based information you want to share securely. There is no formatting support — Privnote is intentionally plain text only.

Step 3

Configure Options (Optional)

Click "Show options" to reveal advanced settings. Here you can set a manual password, choose an expiration time (1 hour, 24 hours, 7 days, or 30 days), and enter an email address to receive a notification when the note is read. These options are entirely optional — the basic note creation works without any of them.

Step 4

Click "Create Note"

Once you are satisfied with your message and options, click the "Create note" button. Privnote will encrypt your note in your browser and upload the encrypted data to its servers. This process takes only a second or two.

Step 5

Copy and Share the Link

Privnote will display a unique URL. Copy this link using the "Select link" button or manually. Do NOT click the link yourself — doing so will destroy the note before the recipient can read it. Share the link via email, messaging app, or any other channel. If you set a password, communicate that password through a separate channel.

03

Advanced Options Explained

Self-Destruct Timing

By default, notes self-destruct after being read, regardless of when that happens. But you can also set a time-based expiration:

  • After reading — Default. Destroys on first open.
  • 1 hour — Expires 1 hour after creation.
  • 24 hours — Expires next day if unread.
  • 7 days — One week window.
  • 30 days — One month window.

Manual Password

Adding a password means the recipient needs two things: the link AND the password. This is particularly valuable when:

  • The link might be shared through an insecure channel
  • You want to verify the recipient's identity
  • You need an additional layer of protection
  • The note contains highly sensitive credentials

Destruction Notification

Enter your email address to receive an alert when the note is opened and destroyed. The notification includes a reference name if you provided one. This is useful for confirming delivery or detecting unauthorized access.

Reference Name

You can give your note a reference name that appears in the destruction notification email. This helps you identify which note was read when you have sent multiple notes. The reference name is not visible to the recipient.

04

Sharing Your Note Safely

Secure communication

The security of a Privnote depends heavily on how you share the link. The link IS the key — anyone who has it can read the note. Here are the most important principles for safe sharing:

Use Separate Channels for Link and Password

If you add a password to your note, never send the password through the same channel as the link. If you email the link, call or text the password. If you send the link via Slack, email the password. This two-channel approach means that compromising one channel is not sufficient to access the note.

Choose Your Sharing Channel Wisely

The link can be shared through any channel, but consider the security of that channel. Email is generally acceptable for most use cases. Messaging apps like WhatsApp or Signal add additional encryption. Avoid sharing Privnote links in public forums, social media, or any channel where unintended parties might see the URL.

Warn the Recipient in Advance

Before sending the Privnote link, let the recipient know it is coming and that they should open it promptly. This prevents the note from expiring before they read it, and ensures they are prepared to save any important information before the note disappears.

Never Click the Link Yourself

After creating a note and copying the link, do not click it yourself to verify it. Doing so will destroy the note. If you need to verify the note was created correctly, create a test note first, then create the real note once you are confident in the process.

05

Receiving a Privnote

When someone sends you a Privnote link, the experience is straightforward but requires some awareness to handle correctly.

What to Expect When You Open the Link

When you click the Privnote link, you will typically see a brief warning that the note will be destroyed after you read it. You may be asked to confirm that you want to proceed. Once you confirm, the note content is displayed. Read it carefully — this is your only opportunity to see it. The moment the note is displayed, it is being deleted from the server.

Save Important Information Before Closing

If the note contains information you need to keep — such as a password, code, or set of instructions — copy or write it down before closing the browser tab. Once you close the tab, the note is gone. You cannot re-open the link to re-read it. There is no "I accidentally closed it" recovery option.

If the Note Has Already Been Read

If you open a Privnote link and see a message saying the note no longer exists or has already been destroyed, it means someone has already opened it. This could mean the sender accidentally opened it themselves, or — more concerning — someone intercepted the link. Contact the sender immediately to let them know and ask them to resend the information through a fresh note.

Entering a Password

If the note is password-protected, you will be prompted to enter the password before the content is displayed. The sender should have communicated this password to you through a separate channel. Enter the password exactly as provided — passwords are case-sensitive.

06

Using Password Protection

Password protection is one of Privnote's most powerful features and is strongly recommended for any note containing genuinely sensitive information. Here is how to use it effectively.

When to Use a Password

Use a password whenever the note contains credentials, financial information, personal identification data, or any content where unauthorized access would cause real harm. Even if you trust the communication channel, adding a password provides a second layer of protection against unexpected exposure.

Choosing a Good Password

The password for a Privnote does not need to be highly complex — it just needs to be something the recipient knows but an attacker would not. A simple agreed-upon phrase, a question only the recipient can answer, or a pre-shared code word all work well. The goal is authentication, not long-term password security.

Communicating the Password

Always communicate the password through a different channel than the link. If you send the link by email, call the recipient with the password. If you send the link by text message, email the password. This two-factor approach means that even if one channel is compromised, the attacker cannot access the note without both pieces.

The Password and Encryption

When you set a manual password, it is used as an additional encryption key on top of Privnote's default encryption. This means the note is doubly encrypted — once by Privnote's standard process and again with your custom password. Even if someone were to access Privnote's servers, they could not read a password-protected note without the password.

07

Destruction Notifications

The destruction notification feature is a simple but powerful tool for confirming that your note was delivered and read. Here is everything you need to know about using it.

How Notifications Work

When you enable destruction notifications by entering your email address during note creation, Privnote sends you an email the moment the note is opened and destroyed. The email confirms that the note was read and includes any reference name you provided. This gives you a delivery receipt for your sensitive communication.

Using Reference Names

If you send multiple notes, reference names help you identify which note was read. For example, you might label a note "Server credentials for John" or "Q4 budget figures." The reference name appears in the notification email but is never shown to the recipient — it is purely for your own record-keeping.

Detecting Unauthorized Access

Notifications are particularly valuable for security monitoring. If you receive a notification before you expect the recipient to have read the note — for example, within seconds of sending the link — it may indicate that someone else intercepted and opened the note. In such cases, assume the information is compromised and take appropriate action.

Privacy Considerations

By enabling notifications, you are providing your email address to Privnote. This is the only personal information Privnote collects in normal use. If you prefer complete anonymity, you can use Privnote without notifications — simply skip the email field during note creation.

08

Best Practices

Always verify the domain

Only use privnote.com. Phishing clones like privnotes.com exist specifically to steal your messages. Check the URL carefully before typing sensitive information.

Use passwords for sensitive notes

Any note containing credentials, personal data, or confidential information should have a password. Send the password through a different channel than the link.

Set appropriate expiration times

If the recipient may not read the note immediately, set an expiration time that matches your expectations. This prevents notes from lingering indefinitely if never opened.

Enable notifications for important notes

For notes containing critical information, enable destruction notifications. This gives you a delivery confirmation and helps detect unauthorized access.

Warn recipients before sending

Let the recipient know a Privnote is coming so they are prepared to read and save the content. Unexpected Privnote links may be ignored or opened at an inconvenient time.

Know when NOT to use Privnote

Privnote is not suitable for highly classified data, legal documents requiring audit trails, or information that needs to be referenced repeatedly. Use stronger tools for these cases.

09

Real-World Use Cases

Understanding when and how to apply Privnote in real situations helps you get the most value from the service. Here are the most common and effective use cases.

Sharing Initial Passwords

When creating a new account for a colleague, client, or team member, you need to communicate the initial password. Sending it in plain text via email means it will exist in both your sent folder and their inbox indefinitely. Privnote eliminates this risk — the password is shared once, read once, and then gone from both Privnote's servers and the email thread (since the email only contains a link, not the password itself).

Onboarding New Employees

IT teams routinely use Privnote during employee onboarding to share temporary credentials, VPN configurations, server access details, and other sensitive setup information. The self-destructing nature ensures that initial credentials are not lingering in email archives long after the employee has changed them.

Sharing API Keys and Tokens

Developers frequently need to share API keys, access tokens, and secret keys with teammates. These should never appear in plain text in Slack, email, or code comments. Privnote provides a clean, secure way to share these secrets once, after which the recipient should store them in a proper secrets manager.

Personal Sensitive Information

Sometimes you need to share personal information — a social security number, bank account details, or medical information — with a trusted person. Privnote ensures this information does not become a permanent part of your email correspondence.

Temporary Access Instructions

If you are giving someone temporary access to a system, property, or account, Privnote is ideal for sharing the access details. Once they have read the instructions, the note is gone — reducing the risk of the access information being misused later.

10

Limitations to Know

Privnote is a useful tool, but it is not a complete security solution. Understanding its limitations helps you use it appropriately and avoid over-relying on it for scenarios where stronger tools are needed.

Cannot Prevent Screenshots

Privnote cannot prevent the recipient from taking a screenshot, copying the text, or photographing the screen. Once the message is displayed, the information is in the recipient's hands. The self-destruction only prevents re-access via the link — it does not prevent the recipient from preserving the content by other means.

Text Only — No File Attachments

Privnote supports text only. You cannot attach files, images, documents, or any binary data. For secure file sharing with self-destructing behavior, consider services like Bitwarden Send or One-Time Secret.

Server Trust Required

While Privnote encrypts notes client-side, you are still trusting Privnote's servers to delete the note after reading and to handle the encrypted data responsibly. Privnote is not open-source, so independent verification of these claims is limited.

Phishing Clone Risk

Malicious clones of Privnote exist (notably privnotes.com) that intercept messages instead of delivering them. Always verify you are on the official privnote.com domain before creating or opening notes.

No Audit Trail

By design, Privnote leaves no record of what was shared. This is a feature for privacy but a limitation for compliance. If you need an audit trail of what was communicated, Privnote is not the right tool.