Privacy Policy

1. Zero-Knowledge Commitment

At ShardNote, privacy is not just a feature; it is our fundamental principle. We operate on a "zero-knowledge" architecture, meaning we have designed our system so that we cannot access your data, even if we wanted to.

2. Information Collection

We do not collect personal information such as names, email addresses, or phone numbers. Our server only receives:

• Encrypted Ciphertext: The data you send, already encrypted by your browser.
• Initialization Vector (IV): A random value required for decryption, which is also public to the server.
• Metadata: Expiration time (TTL) and whether the content is a file or text.

The Encryption Key: The key required to decrypt your note is never sent to our server. It remains in your browser and is shared via the URL fragment (the part after the #), which browsers do not transmit to servers.

3. Data Encryption

All encryption is performed client-side using the industry-standard AES-GCM 256-bit algorithm. This ensures that your data is secure from the moment it leaves your device.

4. Data Retention and Deletion

ShardNote is designed for temporary storage. Data is automatically and permanently deleted when:

• The "Auto-destroy after reading" option is triggered (default).
• The selected Time-To-Live (TTL) expires.
• You manually delete the note using the administrative link (if available).

Once deleted, data is scrubbed from our systems and cannot be recovered by anyone, including us.

5. Third-Party Services

We do not use invasive tracking cookies, analytics, or third-party advertising scripts. We may use essential services for hosting and database management, but these providers only see encrypted data blobs.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us.