Module 01

USAGE GUIDE

Complete operational manual for Privnote

PHASE 1Note Creation

01

VERIFY DOMAIN

Navigate to privnote.com directly. Verify the exact domain — phishing clones exist. Look for HTTPS and the exact domain string. Do not follow links from untrusted sources.

02

INPUT CONTENT

Type or paste your message in the text area. Plain text only — no formatting, no attachments. Supports large amounts of text including passwords, code, instructions, and multi-paragraph content.

03

CONFIGURE OPTIONS

Click "Show options" to configure: Expiration (1h/24h/7d/30d), Password (manual encryption layer), Notification email (destruction alert), Reference name (label for tracking).

04

CREATE NOTE

Click "Create note." The note is encrypted client-side using AES-256 before upload. The encryption key is embedded in the URL fragment. Privnote's servers receive only ciphertext.

05

COPY LINK — DO NOT CLICK

Copy the generated URL without clicking it. Clicking the link destroys the note immediately. Use the "Select link" button, then copy. Send the copied link to the recipient via your chosen channel.

PHASE 2Delivery & Reception

SENDER PROTOCOL

  • • Warn recipient before sending the link
  • • Send link via primary channel
  • • Send password via separate channel
  • • Enable notifications for confirmation

RECIPIENT PROTOCOL

  • • Open link only when ready to save content
  • • Copy or write down important information
  • • Do not close tab before saving
  • • Confirm receipt with sender if needed

PHASE 3Advanced Techniques

Two-Channel Password Delivery

The most effective security enhancement: always send the note link and the password through completely separate channels. If you email the link, call the recipient with the password. If you send the link via Slack, email the password. This ensures that compromising one channel is insufficient to access the note.

Expiration Strategy

Match expiration time to the sensitivity and urgency of the information. For time-sensitive credentials (e.g., a temporary access code valid for 1 hour), set a matching 1-hour expiration. For general use, 7-day expiration prevents notes from lingering indefinitely while giving recipients adequate time to read them.

Notification-Based Verification

Enable destruction notifications for all sensitive notes. A notification received at an unexpected time — immediately after sending, before the recipient could plausibly have read it — indicates potential link interception. Treat the information as compromised and take immediate action.