Terms of Service

1. Acceptance of Terms

By accessing or using SecretNotes ("the Service"), operated at secretnotes.pro, you agree to be bound by these Terms of Service ("Terms"). If you do not agree to all of the Terms, you may not access or use the Service. Using the Service in any way — including creating a note as an anonymous user — constitutes acceptance of these Terms.

2. Description of Service

SecretNotes is a zero-knowledge encrypted note-sharing platform. The Service allows users to create encrypted notes that can be shared via unique URLs. All encryption and decryption is performed exclusively on the client side (in the user's browser) using AES-256-GCM. The encryption key is embedded in the URL fragment (#) and is never transmitted to or stored on our servers.

For security-conscious users: you can independently verify our zero-knowledge claims by inspecting network requests in your browser's developer tools while creating a note. You will see that only encrypted data is ever sent to the server — no plaintext content or encryption keys leave your browser.

The Service provides the following core features:

• Creating and sharing encrypted notes with configurable expiration
• Burn-after-read functionality (immediate or delayed destruction after first access)
• Access password protection for notes (6-character server-side verification)
• Secure Requests — requesting encrypted data from other users
• Encrypted Messenger — real-time end-to-end encrypted conversations with PBKDF2 key derivation, read receipts, and group chats
• Brute-force protection with automatic lockout after failed attempts

3. User Tiers

The Service offers three usage tiers:

• Anonymous (Guest) — no registration required. Limited to 100,000 characters per note, 48-hour maximum expiry, and 15 notes per day. No note history, encrypted messenger, or folders.
• Free (Registered) — requires email registration and verification. Up to 200,000 characters per note, 30-day maximum expiry, 50 notes per day, note history, 3 Secure Requests per day, and 3 encrypted conversations.
• Premium — paid subscription. Up to 400,000 characters per note, 6-month maximum expiry, unlimited notes, Secure Requests, and encrypted conversations (including group chats), read notifications, and folder organization.

We reserve the right to modify tier limits at any time. Changes will be communicated via the Service.

4. Account Registration

To access Free and Premium features, you must create an account by providing a valid email address and password, or by authenticating via Google OAuth. You must verify your email address using a 6-digit verification code sent to the provided address.

You are responsible for:

• Providing accurate and current registration information
• Maintaining the security of your account credentials
• All activities that occur under your account

Passwords must be at least 8 characters long and contain at least one uppercase letter and one digit.

5. Encryption Keys and User Responsibility

Due to the zero-knowledge architecture, the encryption key for each note exists only in the URL fragment and is never sent to or stored on our servers. This means:

• We cannot recover lost encryption keys under any circumstances. If you lose the note URL, the encrypted content cannot be decrypted by anyone, including us.
• You are solely responsible for securely storing and sharing note URLs.
• We cannot view, read, or modify the plaintext content of any note.
• We are unable to assist with content recovery requests — this is technically impossible by design.

6. Note Expiration and Destruction

Notes are automatically and permanently deleted after their configured expiration period (ranging from 5 minutes to 6 months depending on your tier). This process is irreversible.

Notes with "burn after read" enabled are permanently destroyed immediately upon first access. If a delayed burn is configured, the note will be destroyed within the specified timeframe (1–60 minutes) after being read.

The Emergency Wipe feature allows registered users to immediately and irreversibly destroy all of their notes and Secure Requests. This action cannot be undone.

7. Secure Requests

The Secure Requests feature allows registered users to request encrypted data from others. Requests have configurable expiration periods and may include burn-after-read functionality. The same zero-knowledge principles apply — we cannot access the content of any Secure Request or its response.

8. Encrypted Messenger

The Encrypted Messenger allows registered users to engage in real-time, end-to-end encrypted conversations. Key aspects:

• End-to-end encryption — all messages are encrypted in your browser using AES-256-GCM with keys derived via PBKDF2-SHA256 (600,000 iterations). The conversation key is never transmitted to or stored on our servers.
• Key responsibility — the conversation encryption key is shared out-of-band between participants. If you lose the key, messages cannot be decrypted. We cannot assist with key recovery.
• Conversation limits — Free accounts are limited to 3 conversations. Premium accounts have unlimited conversations and group chat functionality.
• Group chats — available to Premium users. The group admin can add/remove members. All members share the same encryption key.
• Read receipts — the system tracks which participants have read each message. This metadata is not encrypted.
• Push notifications — optional Web Push notifications for new messages. Notification payloads contain no message content — only a generic alert.
• Panic mode — instantly clears all decrypted messages from browser memory without affecting server-side encrypted data.

Deleting a conversation permanently removes all associated encrypted messages, read receipts, and push subscriptions from our servers. This action is irreversible.

9. Prohibited Use

You agree not to use the Service to:

• Store or share any content that violates applicable laws, including but not limited to child exploitation material, terrorist content, or content infringing intellectual property rights
• Distribute malware, phishing links, or other harmful software
• Engage in harassment, threats, or extortion
• Circumvent rate limits or abuse the Service infrastructure
• Attempt to access, tamper with, or use non-public areas of the Service
• Probe, scan, or test the vulnerability of the Service without written authorization
• Engage in any other activity that violates applicable local, national, or international laws and regulations

While we cannot read the content of encrypted notes, we reserve the right to remove notes or suspend accounts if we have reasonable grounds to believe they are being used for prohibited purposes (e.g., based on metadata patterns or reports from third parties).

Upon receiving an abuse report, we may immediately and permanently delete the reported note without prior notice to its creator. To report abuse, use the Contact page and select "Abuse Report" as the topic.

10. Rate Limiting

To protect the Service and ensure fair usage, we enforce rate limits on key operations, including note creation, authentication attempts, and contact form submissions. Exceeding these limits will result in temporary access restrictions. Rate limits vary by user tier.

11. Intellectual Property

The Service, including its design, code, and branding, is the property of SecretNotes. You retain all rights to the content you encrypt and store using the Service. We claim no ownership over your encrypted data.

12. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted, error-free, or secure operation of the Service. The Service may be temporarily unavailable due to maintenance, updates, or circumstances beyond our control. We reserve the right to modify, suspend, or discontinue the Service (or any part thereof) at any time, with or without notice.

13. Limitation of Liability

To the maximum extent permitted by applicable law, SecretNotes and its operators shall not be liable for:

• Loss of data, encryption keys, or note content
• Unauthorized access to your notes resulting from compromise of the note URL
• Service interruptions, downtime, or data loss
• Any indirect, incidental, special, consequential, or punitive damages
• Actions taken based on the content of notes shared through the Service

The Service is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

14. Termination

We may terminate or suspend your access to the Service immediately, without prior notice, for conduct that we believe violates these Terms or is harmful to other users, us, or third parties, or for any other reason at our sole discretion.

You may terminate your account at any time by using the Emergency Wipe feature to destroy all associated data. Upon termination, your right to use the Service ceases immediately.

15. Governing Law

These Terms are governed by and construed in accordance with the laws of the European Union and the Republic of Poland. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of Poland.

16. Changes to Terms

We may update these Terms at any time by posting the revised version on this page with an updated "Last updated" date. Material changes will be communicated through the Service. Continued use of the Service after changes constitutes acceptance of the revised Terms.

17. Contact

For questions regarding these Terms, please visit our Contact page or email us at contact@secretnotes.pro.