Everything you need to know about creating, sending, and managing self-destructing notes with Privnote — from your very first note to advanced configurations.
Privnote is a free, web-based service launched in 2008 that solves a specific and common problem: how do you share sensitive information with someone without that information persisting indefinitely in email inboxes, chat logs, or cloud storage? The answer Privnote provides is elegant in its simplicity — a note that destroys itself the moment it is read.
The service works entirely through a web browser. You visit Privnote.com, type your message, and the service generates a unique URL. When the recipient opens that URL, they see the message — and the note is immediately and permanently deleted from Privnote's servers. The URL becomes invalid. No copy remains anywhere on Privnote's infrastructure.
This approach is fundamentally different from simply deleting a message after sending it. With email or messaging apps, even "deleted" messages often remain in archives, backups, or server logs. Privnote's architecture is designed from the ground up so that the note cannot persist — it is a technical guarantee, not just a policy.
The value of Privnote lies in what it prevents rather than what it enables. It prevents your sensitive message from becoming a permanent part of someone's email archive. It prevents the note from being forwarded to unintended recipients. It prevents the information from appearing in email search results years later. It reduces the digital footprint of your most sensitive communications.
For this reason, Privnote has become a standard tool for IT professionals sharing credentials, businesses communicating sensitive instructions, journalists protecting sources, and anyone who values the principle that some information should have a natural expiration date.
Open your web browser and go to privnote.com. Make sure you are on the correct domain — the official site is privnote.com (not privnotes.com or any other variation, which are known phishing sites). You will see a simple text area in the center of the page.
Click inside the text area and type or paste your message. Privnote supports plain text of substantial length. You can include passwords, instructions, personal notes, codes, or any text-based information you want to share securely. There is no formatting support — Privnote is intentionally plain text only.
Click "Show options" to reveal advanced settings. Here you can set a manual password, choose an expiration time (1 hour, 24 hours, 7 days, or 30 days), and enter an email address to receive a notification when the note is read. These options are entirely optional — the basic note creation works without any of them.
Once you are satisfied with your message and options, click the "Create note" button. Privnote will encrypt your note in your browser and upload the encrypted data to its servers. This process takes only a second or two.
Privnote will display a unique URL. Copy this link using the "Select link" button or manually. Do NOT click the link yourself — doing so will destroy the note before the recipient can read it. Share the link via email, messaging app, or any other channel. If you set a password, communicate that password through a separate channel.
When someone sends you a Privnote link, the experience is straightforward but requires some awareness to handle correctly.
When you click the Privnote link, you will typically see a brief warning that the note will be destroyed after you read it. You may be asked to confirm that you want to proceed. Once you confirm, the note content is displayed. Read it carefully — this is your only opportunity to see it. The moment the note is displayed, it is being deleted from the server.
If the note contains information you need to keep — such as a password, code, or set of instructions — copy or write it down before closing the browser tab. Once you close the tab, the note is gone. You cannot re-open the link to re-read it. There is no "I accidentally closed it" recovery option.
If you open a Privnote link and see a message saying the note no longer exists or has already been destroyed, it means someone has already opened it. This could mean the sender accidentally opened it themselves, or — more concerning — someone intercepted the link. Contact the sender immediately to let them know and ask them to resend the information through a fresh note.
If the note is password-protected, you will be prompted to enter the password before the content is displayed. The sender should have communicated this password to you through a separate channel. Enter the password exactly as provided — passwords are case-sensitive.
Password protection is one of Privnote's most powerful features and is strongly recommended for any note containing genuinely sensitive information. Here is how to use it effectively.
Use a password whenever the note contains credentials, financial information, personal identification data, or any content where unauthorized access would cause real harm. Even if you trust the communication channel, adding a password provides a second layer of protection against unexpected exposure.
The password for a Privnote does not need to be highly complex — it just needs to be something the recipient knows but an attacker would not. A simple agreed-upon phrase, a question only the recipient can answer, or a pre-shared code word all work well. The goal is authentication, not long-term password security.
Always communicate the password through a different channel than the link. If you send the link by email, call the recipient with the password. If you send the link by text message, email the password. This two-factor approach means that even if one channel is compromised, the attacker cannot access the note without both pieces.
When you set a manual password, it is used as an additional encryption key on top of Privnote's default encryption. This means the note is doubly encrypted — once by Privnote's standard process and again with your custom password. Even if someone were to access Privnote's servers, they could not read a password-protected note without the password.
The destruction notification feature is a simple but powerful tool for confirming that your note was delivered and read. Here is everything you need to know about using it.
When you enable destruction notifications by entering your email address during note creation, Privnote sends you an email the moment the note is opened and destroyed. The email confirms that the note was read and includes any reference name you provided. This gives you a delivery receipt for your sensitive communication.
If you send multiple notes, reference names help you identify which note was read. For example, you might label a note "Server credentials for John" or "Q4 budget figures." The reference name appears in the notification email but is never shown to the recipient — it is purely for your own record-keeping.
Notifications are particularly valuable for security monitoring. If you receive a notification before you expect the recipient to have read the note — for example, within seconds of sending the link — it may indicate that someone else intercepted and opened the note. In such cases, assume the information is compromised and take appropriate action.
By enabling notifications, you are providing your email address to Privnote. This is the only personal information Privnote collects in normal use. If you prefer complete anonymity, you can use Privnote without notifications — simply skip the email field during note creation.
Understanding when and how to apply Privnote in real situations helps you get the most value from the service. Here are the most common and effective use cases.
When creating a new account for a colleague, client, or team member, you need to communicate the initial password. Sending it in plain text via email means it will exist in both your sent folder and their inbox indefinitely. Privnote eliminates this risk — the password is shared once, read once, and then gone from both Privnote's servers and the email thread (since the email only contains a link, not the password itself).
IT teams routinely use Privnote during employee onboarding to share temporary credentials, VPN configurations, server access details, and other sensitive setup information. The self-destructing nature ensures that initial credentials are not lingering in email archives long after the employee has changed them.
Developers frequently need to share API keys, access tokens, and secret keys with teammates. These should never appear in plain text in Slack, email, or code comments. Privnote provides a clean, secure way to share these secrets once, after which the recipient should store them in a proper secrets manager.
Sometimes you need to share personal information — a social security number, bank account details, or medical information — with a trusted person. Privnote ensures this information does not become a permanent part of your email correspondence.
If you are giving someone temporary access to a system, property, or account, Privnote is ideal for sharing the access details. Once they have read the instructions, the note is gone — reducing the risk of the access information being misused later.
Privnote is a useful tool, but it is not a complete security solution. Understanding its limitations helps you use it appropriately and avoid over-relying on it for scenarios where stronger tools are needed.
Privnote cannot prevent the recipient from taking a screenshot, copying the text, or photographing the screen. Once the message is displayed, the information is in the recipient's hands. The self-destruction only prevents re-access via the link — it does not prevent the recipient from preserving the content by other means.
Privnote supports text only. You cannot attach files, images, documents, or any binary data. For secure file sharing with self-destructing behavior, consider services like Bitwarden Send or One-Time Secret.
While Privnote encrypts notes client-side, you are still trusting Privnote's servers to delete the note after reading and to handle the encrypted data responsibly. Privnote is not open-source, so independent verification of these claims is limited.
Malicious clones of Privnote exist (notably privnotes.com) that intercept messages instead of delivering them. Always verify you are on the official privnote.com domain before creating or opening notes.
By design, Privnote leaves no record of what was shared. This is a feature for privacy but a limitation for compliance. If you need an audit trail of what was communicated, Privnote is not the right tool.