Privacy Policy

Last updated: 2025-11-06

This Privacy Policy explains how Bedrock Secure Notes (“we”, “us”, “our”) collects, uses, and protects information when you use our one-time, burn-after-reading note service (the “Service”).

1. What we collect

  • Sender details: name and email address provided by the sender.
  • Recipient details: recipient email address provided by the sender.
  • Note content: encrypted at rest. We never store it in plaintext.
  • Operational metadata: creation time, optional expiration time, and (after viewing) the time viewed.
  • Access details on view: IP address and user agent are recorded when the one-time link is consumed.

2. How we use information

  • To deliver the Service (create the note, email the one-time link, allow one-time viewing).
  • To notify the sender if they opted to receive a view notification.
  • To provide the sender a read-only status page (viewed/not viewed, timestamps).
  • To protect the Service (e.g., rate limiting, abuse prevention, troubleshooting).

3. Encryption & deletion

Notes are encrypted at rest using industry-standard authenticated encryption. When a note is viewed via its one-time link, the stored ciphertext (and related materials) is destroyed. Minimal metadata (e.g., timestamps) may remain so the sender’s status link continues to work. Expired notes may be purged automatically based on system settings.

4. Email transmission

We send transactional emails to the recipient (one-time link) and to the sender (confirmation and—if selected—viewed notice). Your email provider(s) will process these messages according to their own policies.

5. Cookies & tracking

We do not use analytics cookies on the note pages. The Service may use essential session cookies where necessary for security (e.g., CSRF).

6. Data sharing

We do not sell personal information. We may share limited data with infrastructure providers (e.g., email/SMS, hosting) strictly to operate the Service, or disclose if required by law or to protect rights, property, or safety.

7. Data retention

  • Encrypted notes: retained only until first view or expiration, then destroyed.
  • Metadata: retained for operational integrity and audit; may be periodically purged.

8. Security

We apply reasonable technical and organizational measures, including encryption at rest and rate limiting for sensitive endpoints. No method of transmission or storage is 100% secure; use the Service for minimal necessary sensitive content only.

9. Your choices

  • Senders can opt in/out of viewed-notification emails.
  • Senders can bookmark and check the status page until the note expires or is purged.

10. Contact

Questions or requests: bdrk@bedrocksupport.ca

This document is provided for general information and does not constitute legal advice. Adapt with your counsel as needed.