Privacy & Disclaimer

Complete privacy

PrivyPad is built on a zero-knowledge architecture. We do not store any personal information except your email address, which is used solely for sign-in purposes.

There is no tracking, no analytics, and no third-party data collection of any kind. We cannot read your notes — all content is encrypted client-side using AES-256-GCM before it ever leaves your browser. The encryption key is derived from your password and never transmitted to our servers.

What we store

• Email address — used for authentication only.
• Password hash — your password is hashed client-side before being sent; we never see your plaintext password.
• Encrypted note data — stored as opaque encrypted blobs that are unreadable without your encryption key.

What we cannot do

• Read, access, or decrypt your notes.
• Recover your data if you lose your password — there is no password reset.
• Track your usage, behaviour, or browsing activity.
• Share your data with third parties — there is nothing to share.

Local mode

PrivyPad offers a fully local mode where no account is required. In this mode, your encryption key and all notes are stored entirely in your browser using IndexedDB. No data is sent to any server. Clearing your browser data will permanently delete everything.

Disclaimer

PrivyPad is provided “as is” without warranty of any kind. While we employ industry-standard encryption to protect your data, we cannot guarantee absolute security. You are solely responsible for maintaining the confidentiality of your password and any backup codes. Data lost due to a forgotten password cannot be recovered.