Privacy Policy

Effective Date: January 1, 2026

1. Information We Do Not Collect

Due to our Zero-Knowledge architecture, we do not and cannot read the contents of the messages, files, or images you share. All payload data is encrypted client-side using AES-256-GCM before it reaches our servers. We do not store or transmit decryption keys to our backend systems.

2. Information We Collect

We may collect non-personally identifiable information such as browser type, operating system, and IP address strictly for security, abuse prevention, and rate-limiting purposes.

3. Third-Party Services & Advertising

We use third-party vendors, including Google AdSense, to display advertisements. AdSense uses cookies to serve ads based on your prior visits to our website or other websites on the internet. You may opt out of personalized advertising by visiting Google Ads Settings.

4. Data Retention and Destruction

Encrypted payloads are stored temporarily in our database. Once a payload is retrieved by a recipient, it is permanently and irreversibly deleted ("burned"). Payloads that are not retrieved within their selected expiration window (between 1 hour to 7 days) are automatically and securely purged.

5. Contact Us

If you have any questions about this Privacy Policy or our security practices, please contact us at support@burnnote.cloud.