How SecureNote Works

End-to-end encryption means we never see your content.

1

You write your note

Enter your secret content in the text area. You can use Markdown formatting for rich text, or plaintext for code and simple notes.

2

Encryption happens in your browser

Using WebAssembly, your browser performs military-grade encryption locally:

  • A secure random password is generated (or you provide your own)
  • The password is strengthened using PBKDF2 key derivation
  • Your note is encrypted with AES-256 encryption
  • Only the encrypted data is sent to our servers
3

The password stays with you

Your link looks like: securenote.app/view/abc123#YourPasswordHere

Everything after the # symbol is handled entirely by your browser and is never transmitted over the network. This means no one can ever see your password: not us, not anyone in between like your ISP or our hosting provider.

You can verify this yourself by opening your browser's developer tools and inspecting the network requests.

4

Recipients decrypt in their browser

When someone opens your link, their browser downloads the encrypted content and uses the password from the URL fragment to decrypt it locally. The decrypted content never touches our servers.

Security Highlights

  • Zero-knowledge architecture — We cannot read your notes even if we wanted to
  • Self-destructing notes — Set expiration times or view limits
  • No accounts required — Create and share notes anonymously
  • WebAssembly encryption — Fast, native-speed cryptography in your browser

Important Note

While we use strong encryption, the security of your note ultimately depends on keeping the link secret. Anyone with the full link (including the password after #) can read your note. Share it only through secure channels.