Privacy Policy

Last updated: March 2, 2026

At ReadOnce.eu ("Service", "we", "us", "our"), operated by BiLOUD SRL (VAT: RO34723223, Registration No. J2015002244239), your privacy is not just a policy — it is the fundamental architecture of our service. This Privacy Policy explains how we handle information when you use our self-destructing encrypted notes service, and details the technical measures we employ to ensure your privacy.

The core promise: ReadOnce.eu is built on a zero-knowledge encryption model. We cannot read your notes or access your files. We do not store your encryption keys. We do not require any personal information. Your privacy is guaranteed by mathematics, not just policy.

1. Information We Do NOT Collect

Let us be clear about what we do not collect or store:

Note content and files: We never have access to the plaintext content of your notes or the original content of attached files. All encryption and decryption occurs exclusively in your browser. File names and sizes are also encrypted — we cannot see what files you attach.
Encryption keys: The decryption key exists only in the URL fragment (after the # symbol). Per the HTTP specification (RFC 3986), URL fragments are never transmitted to servers. We have no mechanism to capture, log, or store these keys.
Personal information: We do not collect names, email addresses, phone numbers, or any other personally identifiable information.
User accounts: There are no accounts, profiles, or registration. You are completely anonymous.
Tracking cookies: We do not use tracking cookies, advertising cookies, or any third-party analytics services.
Browser fingerprints: We do not collect or store browser fingerprinting data.

2. Information We DO Store (Temporarily)

When you create a note, the following data is temporarily stored on our servers:

Encrypted ciphertext: The AES-256-GCM encrypted version of your note text. This is mathematically indistinguishable from random data without the decryption key.
Encrypted file attachments: If you attach files, each file is encrypted in your browser before upload and stored as an encrypted binary blob on our servers. The original file content, file name, and file size are all encrypted and inaccessible to us.
Initialization Vector (IV): A random 96-bit value used during encryption. This is not secret but is unique to each note and each file.
Salt: A random 128-bit value used in key derivation. This is not secret but is required for decryption.
Note ID: A randomly generated 12-character identifier used in the URL.
Timestamps: The creation time and expiration time (7 days after creation).

All of this data is permanently deleted (from both the database and disk storage) the moment the note is read, or automatically after 7 days if the note is never accessed.

3. Our Zero-Knowledge Encryption Architecture

ReadOnce.eu employs a zero-knowledge encryption architecture, meaning the server has zero knowledge of the content it stores. Here is a detailed technical overview:

3.1 Encryption Process (When Creating a Note)

Your browser generates a cryptographically secure random 256-bit key using the Web Crypto API (crypto.getRandomValues()).
A random 128-bit salt is generated for key derivation.
The raw key is processed through PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations using SHA-256, combined with the salt, to produce the final AES-256 encryption key. This key stretching adds significant computational cost to any brute-force attack.
A random 96-bit Initialization Vector (IV) is generated to ensure that even identical plaintext produces different ciphertext.
Your note is encrypted using AES-256-GCM (Advanced Encryption Standard with 256-bit key in Galois/Counter Mode). GCM mode provides both confidentiality (encryption) and integrity (authentication), meaning any tampering with the ciphertext will be detected during decryption.
Only the encrypted ciphertext, IV, and salt are sent to our server. If files are attached, each file is individually encrypted using the same key and salt, with a unique IV per file. File names and sizes are also encrypted before transmission. The encryption key never leaves your browser.
The key is encoded into the URL fragment: https://readonce.eu/n/{id}#{key}. Since URL fragments are never included in HTTP requests, the key is never transmitted to our servers.

3.2 Decryption Process (When Reading a Note)

The recipient's browser extracts the encryption key from the URL fragment.
The browser requests the encrypted data (ciphertext, IV, salt) from our server.
The key is processed through the same PBKDF2 derivation with the stored salt.
The note is decrypted locally in the browser using AES-256-GCM.
The GCM authentication tag is verified to ensure the data has not been tampered with.
The decrypted plaintext is displayed only in the recipient's browser.
Upon reading (or closing the tab), a deletion request is sent to permanently remove the encrypted data from our servers.

3.3 Why This Matters

Even if our servers were compromised, an attacker would only obtain encrypted ciphertext that is computationally infeasible to decrypt without the key. AES-256 is approved by the U.S. National Security Agency (NSA) for protecting TOP SECRET classified information. Breaking AES-256 by brute force would require more energy than exists in the observable universe.

4. Data Destruction

Data destruction is a core feature of our Service, not an afterthought:

Immediate destruction on read: When a note is revealed by the recipient, a deletion request is sent to our servers. The encrypted note text is permanently removed from the database, and all encrypted file attachments are permanently deleted from disk storage.
Automatic expiration: Notes and their attached files that are not read within 7 days are automatically purged from both the database and disk storage by our cleanup process.
No backups of note content or files: We do not create backups, replicas, or copies of note data or attached files. When it's deleted, it's gone.
Multiple destruction triggers: Destruction is triggered by the "Destroy Now" button, closing the browser tab, navigating away from the page, and the 30-day automatic expiration. These redundant mechanisms ensure notes and files are destroyed even if one trigger fails.

5. Server Logs

Like most web servers, our infrastructure may generate standard access logs that can include:

IP addresses
Request timestamps
HTTP request paths (excluding URL fragments, which contain the encryption key)
HTTP status codes
User agent strings

These logs are maintained by our hosting infrastructure for operational and security purposes. They do not contain encryption keys, note content, or any data that could be used to decrypt notes. Server logs are subject to the hosting provider's retention policies and are periodically rotated and deleted.

6. Cookies and Local Storage

ReadOnce.eu does not use cookies for tracking, analytics, or advertising purposes. We do not store any data in your browser's local storage, session storage, or IndexedDB. The Service operates entirely statelessly from the client perspective.

7. Third-Party Services

We use the following third-party services:

Google Fonts: We load the Inter and JetBrains Mono typefaces from Google Fonts. This means Google may receive your IP address when fonts are loaded. Google's privacy policy applies to this data. No other third-party services, analytics platforms, or advertising networks are used.

8. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect any information from children. Since we do not collect personal information from any users, this concern is inherently mitigated by our architecture.

9. International Data Transfers

Our servers are located within the European Union, and the Service is operated by BiLOUD SRL, a company registered in Romania (an EU member state). Since we employ zero-knowledge encryption and do not collect personal data, the privacy implications of data transfer are minimal. The encrypted data stored on our servers is mathematically meaningless without the decryption key, which we never possess.

10. Your Rights Under GDPR

As an EU-based service, we respect the rights granted under the General Data Protection Regulation (GDPR). However, our zero-knowledge architecture means:

Right to access: We cannot provide you with the content of your notes because we cannot decrypt them. The encrypted data is automatically deleted after reading or after 7 days.
Right to erasure: Notes are automatically destroyed after being read or after 7 days. You can also manually destroy a note at any time using the "Destroy Now" button.
Right to data portability: Since we do not maintain user accounts or store personal data, there is no personal data to port.
Data minimization: We collect the absolute minimum data necessary to provide the Service — only the encrypted ciphertext and cryptographic parameters, stored only for the brief period until the note is read or expires.

11. Security Measures

In addition to our zero-knowledge encryption architecture, we employ the following security measures:

HTTPS/TLS: All communications between your browser and our servers are encrypted in transit using TLS (Transport Layer Security).
Security Headers: We implement strict HTTP security headers including HSTS (HTTP Strict Transport Security), X-Content-Type-Options, X-Frame-Options, and a restrictive Referrer-Policy.
No-Referrer Policy: We use a no-referrer policy to prevent the note URL from being leaked through HTTP referrer headers when you click external links.
Input Validation: All server-side inputs are validated and parameterized to prevent injection attacks.
Rate Limiting: We implement measures to prevent abuse and protect the Service's availability.

12. Limitations

While we have designed ReadOnce.eu with the strongest privacy protections we can provide, please be aware of the following limitations:

The security of a note depends on how securely the link is shared. If the link is intercepted (e.g., sent over an unencrypted channel), the interceptor could read the note.
We cannot prevent the recipient from copying, screenshotting, or otherwise saving the note content or downloaded files after they have been decrypted in their browser.
Browser extensions or malware on the sender's or recipient's device could potentially access note content.
While we do not intentionally log encryption keys, we cannot guarantee that no infrastructure component (e.g., a misconfigured proxy) could inadvertently capture URL fragments in edge cases.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Open Source Commitment

Our encryption implementation uses the Web Crypto API, a W3C standard built into all modern browsers. This means the cryptographic operations are performed by your browser's native, audited, and battle-tested cryptographic library — not by custom code that could contain vulnerabilities. You can verify our client-side encryption implementation by viewing the source code in your browser's developer tools.

15. Data Controller

The data controller for this Service is:

Company: BiLOUD SRL
VAT Number: RO34723223
Registration Number: J2015002244239

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the information provided on our website.

Back to Home Terms of Service