On this page
Security Architecture
Technical specifications on our Client-Side Encryption (CSE) protocols and trustless storage infrastructure.
Security Basics
- End-to-end encryption in your browser—encrypted locally before upload, so plaintext never leaves your device.
- The encryption/decryption key is generated in your browser and embedded in the shared link. PrivateNote.ai never receives or stores it.
- Our servers store only encrypted ciphertext and do not possess the keys needed to decrypt it.
Client-Side Encryption
Notes are encrypted locally in browser memory before transmission using the Web Crypto API. The server only sees the resulting ciphertext blob.
Key Handling
Standard private notes encode the raw 256-bit key as Base64url in the URL fragment (#...). Password-protected notes wrap the content key with Argon2id-derived keys.
The shared link grants access to the note. Share it only with intended recipients.
Cryptography
Symmetric Encryption
AES-256-GCM
Authenticated encryption with 128-bit auth tags and additional authenticated data (AAD) binding note id, expiry, and read limits. 256-bit keys remain a practical barrier even against Grover-style quantum key search.
12-Byte Cryptographic IV
Unique Initialization Vectors prevent pattern recognition across multiple notes.
Key Derivation (KDF)
Argon2id (v2 profile)
Password-protected notes use Argon2id with memory-hard parameters (time=3, memory=64 MiB, parallelism=1) to increase brute-force cost, especially on GPU/ASIC attackers.
16-Byte Cryptographic Salt
Unique salt per note ensures protection against rainbow table attacks.
Infrastructure & Operational Security
EU-jurisdiction storage
Authentication data, encrypted notes, and operational records are stored in EU-jurisdiction infrastructure.
Atomic State Management
Cloudflare Durable Objects provide atomic consistency for read-once logic, preventing race conditions and double-consumption.
No Tracking Cookies
Stateless API. No advertising or tracking pixels ever loaded.
Turnstile Verification
Human-only request verification prevents brute-force note enumeration.
Supply Chain & Integrity
Because encryption runs in your browser, the app bundle you load is part of the trust model. We rely on static hosting, pinned CI builds, and browser guardrails—not a guarantee against a compromised client, but deliberate limits on what can execute.
Deployment and browser safeguards
- Static Cloudflare Pages deploys with content-hashed build assets from CI
- HTTP Content Security Policy plus security headers; allowlists only where features require them (Turnstile, on-device AI CDNs, WASM)
- Reproducible installs from package-lock.json (npm ci in deploy pipelines)
- HTTPS with HSTS (preload) at the edge via Cloudflare
- No ad or analytics scripts; third-party JS is mainly Turnstile and optional AI CDN loads when you use those features
AI Data Handling
AI is optional when drafting a note—you never need it to create a secure link. When you use it, choose between on-device Private AI and opt-in Cloud Assist; they have different privacy boundaries.
Private AI (on-device)
Privacy
Runs in your browser (WebLLM). Draft text is not sent to PrivateNote.ai or any third party for inference.
After you save
Your text is processed locally. Only the encrypted note is uploaded—the AI prompt does not travel to our servers.
Device requirements
When supported, we load Qwen3 0.6B or Gemma 2 2B on WebGPU-capable desktops. Expect up to ~1 GB of browser storage for model weights and enough GPU memory to run them. Often cannot run on phones or weaker laptops—use Cloud Assist or write without AI.
First-time setup
First use may download quantized weights (up to ~1 GB) from public CDNs (e.g. Hugging Face or jsDelivr)—separate from your encrypted note upload. Later sessions may reuse cached weights.
Cloud Assist (hosted)
Privacy
Runs on Cloudflare Workers AI (Google Gemma 4 26B). You must opt in—draft plaintext leaves your device. Nothing is sent until you confirm Cloud Assist.
After you save
Only the encrypted note is uploaded. While drafting, your prompt passes through the PrivateNote.ai Worker in plaintext—we do not store it, but our edge handles it for that request before Cloudflare processes it.
Device requirements
Any modern browser with a network connection—no GPU or large local storage required. Used when Private AI cannot run on your device or you choose hosted drafting.
First-time setup
None required. No model download, install step, or local cache—opt in and send a draft when prompted.
Threat Model & Limitations
A useful threat model states what we protect, who we protect against, what we assume, which controls apply—and what we explicitly do not cover. Protections earlier on this page map to section 4; sections 1–3 and 5 define the boundaries.
What we protect
Note plaintext
Encryption keys
Read-once guarantees
Expiry & read limits
User account data
Authentication credentials
Assumptions
- The user’s device and browser are trusted when encrypting or decrypting.
- The browser correctly implements Web Crypto.
- TLS to our origin works as intended.
- Delivered application code has not been maliciously modified (see Supply Chain & Integrity).
- The note link is shared only with intended recipients.
What we cover
- Server or database compromise (ciphertext at rest only)
- Malicious or curious administrators accessing stored notes
- Storage or infrastructure provider breach
- Network interception of note traffic (TLS plus ciphertext)
- Automated note enumeration and abuse (Turnstile, rate limits)
- Brute-force attempts against password-protected notes (Argon2id)
- Account takeover attempts (HttpOnly sessions, rotation on sign-in, rate limits, optional TOTP, step-up for sensitive actions)
- Second fetch or replay of read-once notes (atomic consumption on first view)
What we do not cover
- Malware on sender or recipient devices
- Malicious browser extensions
- Compromised operating systems
- Screen capture or recording software
- Clipboard monitoring
- Sharing the full note URL (including the #fragment key) over insecure channels or with unauthorized parties
- Compromise of the delivered JavaScript application
- Phishing attacks against users
- Social engineering
- Cloud Assist inference when you opt in (third-party processing of draft plaintext)
Technical Integrity
We prioritize clarity and measurable security guarantees over marketing claims.