Priva Note

Protected by your Master Password

When you save a note, its title and content are encrypted with your master AES-256 key before being sent to the server. The server only ever stores ciphertext — it cannot read your notes.

Your identity is anonymous

You don't create an account. Instead, a 64-character token is derived from your master salt using SHA-256. This token identifies your notes on the server without ever exposing your password.

Only decrypted in your browser

Notes are decrypted locally using your master CryptoKey — the same key that protects your authenticator accounts. If you're locked out, no one can read your notes.

Re-encrypted with a share password

When you share a note, you set a separate share password. The note is re-encrypted with a new AES-256 key derived from that password (PBKDF2, 310k iterations) before being sent to the server. The original encrypted version is kept separately.

Share link + password required

You send the recipient a unique share link. They must enter the share password to decrypt the note in their browser. Without the password, the ciphertext on the server is meaningless.

Revoke at any time

You can revoke sharing at any time. The share token is deleted from the server, making the old link dead. You can also regenerate the link with a new password to invalidate the previous one.