A complete, practical tutorial covering every step from creating your first note to using advanced features like passwords and expiration timers.
Navigate to privnote.com — make absolutely sure you are on this exact domain. The official service is at privnote.com (not privnotes.com, not privnote.net, not any other variation). Phishing clones exist that look identical but steal your messages. Verify the URL in your browser's address bar before typing anything.
What you will see: A clean, simple page with a large text area in the center and a "Create note" button below it. There is also a "Show options" link for advanced settings.
Click inside the text area and type your message. You can also paste text from your clipboard. Privnote supports plain text only — there is no formatting, no bold, no images, no attachments. Just text.
The text area supports substantial amounts of text — enough for passwords, detailed instructions, multi-paragraph messages, or code snippets. Most users never hit the character limit.
Common use cases: Passwords, API keys, personal identification numbers, bank account details, confidential instructions, temporary access codes.
Click "Show options" to reveal three powerful settings. While optional, configuring these is strongly recommended for any note containing sensitive information:
Once your message is ready and options are configured, click "Create note." Privnote will encrypt your note in your browser and upload the encrypted data to its servers. This takes one to two seconds.
After creation, you will see a new page displaying your unique note link. This is the only time you will see this link — Privnote does not store it for you.
Use the "Select link" button to highlight the URL, then copy it. Do NOT click the link yourself. If you open it, the note will be destroyed before the recipient can read it.
Send the link to your recipient via email, text message, messaging app, or any other channel. If you set a password, send that password through a completely different channel.
Best practice: Before sending, let the recipient know a Privnote is coming so they are prepared to read and save the content when they open it.
When someone sends you a Privnote link, open it in your browser. You may see a brief warning that the note will be destroyed after reading. Confirm to proceed. Read the note carefully — this is your only chance to see it.
If the note contains information you need to keep, copy or write it down before closing the tab. Once you close the browser tab, the note is gone permanently. There is no way to re-open the link.
If you open the link and see a "note not found" message, it means the note was already read by someone else — possibly the sender accidentally, or someone who intercepted the link. Contact the sender immediately.
If the note is password-protected, you will be prompted to enter a password before the content is displayed. The sender should have communicated this password to you through a separate channel.
Password protection is the single most important security enhancement you can add to a Privnote. When you add a password, the note is encrypted with both Privnote's standard encryption and your custom password. Even if someone intercepts the link, they cannot read the note without the password.
The key rule: always send the password through a different channel than the link. If you email the link, call the recipient with the password. If you send the link via Slack, email the password. This two-channel approach ensures that compromising one channel is not sufficient to access the note.
The default behavior — self-destruct after reading — is appropriate for most use cases. However, time-based expiration is useful when you are not sure when the recipient will read the note. Setting a 7-day expiration ensures the note does not linger on Privnote's servers indefinitely if the recipient never opens it.
For urgent information, a 1-hour or 24-hour expiration creates a sense of urgency and limits the window during which the link could be intercepted and used.
Destruction notifications are valuable for two purposes: confirming delivery and detecting unauthorized access. If you receive a notification at an unexpected time — for example, within seconds of sending the link — it may indicate that someone intercepted and opened the note before the intended recipient. In such cases, treat the information as potentially compromised.