Last modified: May 15th, 2023
At Tornote, privacy is taken very seriously, since the main purpose of the site is to preserve it. This policy outlines the measures taken by Tornote to protect the privacy of its users.
1. Service description
Tornote is a free web based service that allows users to create encrypted notes that they can share over the internet as unique one-time-use HTTPS URLs (hereafter referred to as links) which by default expire after its first access via any web browser.
As Tornote does not provide any means for transmitting the link, the act of sending the link is the full responsibility of Tornote users.
Depending on the communication channel of your choice (e.g., e-mail, fax, SMS, phone, instant messaging, social media), there may be a certain risk that third parties intercept your communication, get knowledge of the communicated link and thus may be able to read your note.
2. How the notes and its contents are processed
The link is generated in the user's browser and at no time is sent as such to Tornote. The link is thus in the sender's (and later possibly in the recipient's) hands only. Therefore, there is no way to recover a note if a Tornote user losses the link.
Since only the link binds the decryption key to the note's content and since Tornote does not have the link, at no time is any note held in any readable format state at Tornote. This assures that nobody (including Tornote 's administrators) can read a note.
When using Tornote's default funtionality, when a note is retrieved, its data is completely removed from Tornote; there is absolutely no way to recover it again.
When "Show options" is selected and the user opts for a time interval for the note's removal, then independently of how many times the note is retrieved, the note will be deleted only after that specified time is completed.
After a note is deleted from Tornote, there is absolutely no way to recover it again.
When a note is not retrieved after 30 days, Tornote removes it permanently, just as if it were read.The Tornote sysadmin team will do as much as possible to protect the site against unauthorized access, modification or destruction of the data. But, even if someone or something could manage to gain access to the database, they would be unable to read the notes since their contents are encrypted and can't be decrypted without the links which Tornote never has a hold of.
3. Processing of IP addresses
Tornote is not logging the IP addresses; they are processed to enable communication with Tornote 's servers but they are not part of the log-files. IP addresses are deleted as soon as they are no longer needed for the purpose of communication.
4. Pseudonymous data
The creator of the note can introduce personal data into the note. Even though this data is encrypted, the data can be decrypted again and thus constitutes pseudonymous (personal) data. In any case, one cannot deduce the note's creator from Tornote 's database, as Tornote does not store IP addresses.
The decryption of the note's data is in the users' hands (sender and recipient). Tornote is not able to decrypt the note and access the data (personal or otherwise) introduced by the creator since Tornote is never in possession of the decryption key which is contained only in the link.
When a person clicks the Tornote 's link, Tornote declines any responsibility related to the note's content.
6. Disclosure of Data to Third Party