Complete operational manual for Privnote
Navigate to privnote.com directly. Verify the exact domain — phishing clones exist. Look for HTTPS and the exact domain string. Do not follow links from untrusted sources.
Type or paste your message in the text area. Plain text only — no formatting, no attachments. Supports large amounts of text including passwords, code, instructions, and multi-paragraph content.
Click "Show options" to configure: Expiration (1h/24h/7d/30d), Password (manual encryption layer), Notification email (destruction alert), Reference name (label for tracking).
Click "Create note." The note is encrypted client-side using AES-256 before upload. The encryption key is embedded in the URL fragment. Privnote's servers receive only ciphertext.
Copy the generated URL without clicking it. Clicking the link destroys the note immediately. Use the "Select link" button, then copy. Send the copied link to the recipient via your chosen channel.
The most effective security enhancement: always send the note link and the password through completely separate channels. If you email the link, call the recipient with the password. If you send the link via Slack, email the password. This ensures that compromising one channel is insufficient to access the note.
Match expiration time to the sensitivity and urgency of the information. For time-sensitive credentials (e.g., a temporary access code valid for 1 hour), set a matching 1-hour expiration. For general use, 7-day expiration prevents notes from lingering indefinitely while giving recipients adequate time to read them.
Enable destruction notifications for all sensitive notes. A notification received at an unexpected time — immediately after sending, before the recipient could plausibly have read it — indicates potential link interception. Treat the information as compromised and take immediate action.