Secure Notes

Your message is AES-256 encrypted and deleted after reading.

How It Works

Creating and sharing a private note takes just three steps.

1. Write

Type your confidential message. No account or registration required.

2. Encrypt

Your message is transmitted via SSL and encrypted with AES-256 before storage.

3. Share

Send the link to the recipient. The note is deleted automatically after reading.

Secure and Ephemeral Messaging

Share sensitive information safely and privately. Your note is transmitted securely over SSL and encrypted on our server using AES-256 encryption before being stored. It can be viewed only once by the recipient, ensuring your data stays protected.

How to Create a Private Note

Write your message, click Create, and share the generated link with your recipient. Once the note is opened, it is permanently deleted and cannot be viewed again.

Why Use This Tool?

Every note is encrypted with AES-256 and deleted immediately after reading. No registration required, ensuring complete privacy for confidential data transfer.

AES-256 Encryption

Read Once, Then Deleted

No Account Needed

Optional OTP Protection

SSL Transmission

Privnote, OneTimeSecret, Bitwarden Send & Privacy Share — Honest Comparison

Looking for a Privnote alternative? You are not alone. After Krebs on Security exposed multiple Privnote phishing clones in 2024, plus growing GDPR concerns about US-hosted note services, more people are evaluating their options. Here is an honest comparison of the four most popular self-destructing note services in 2026.

Quick Answer

All four services can send a note that disappears after reading. They differ in what they document publicly, whether they require an account, and where the servers are located. Privacy Share is the only free option that documents AES-256 encryption, optional OTP email verification of the recipient, no account requirement, and German hosting.

Comparison Table

Feature	Privacy Share	Privnote	OneTimeSecret	Bitwarden Send
Free	✓	✓	✓	✓ (basic)
AES-256 encryption	✓ documented	Not publicly documented	✓ documented	✓ documented
OTP email verification of recipient	✓	✗	✗	✗
No account required	✓	✓	✓	✗
Auto-delete after read	✓	✓	✓	Configurable
Set expiration time	up to 30 days	~30 days	Configurable	1h–30 days
File attachments	✗	✗	Limited	✓
Server location	Germany (EU)	Not publicly disclosed	US / community	US

Privnote

Best for: Quick, low-stakes notes when convenience matters more than verifiable architecture.

Watch out for: Privnote does not publicly document its encryption architecture or server locations, which makes it harder to evaluate for regulated use cases. Phishing clones (privnote.online, privnote.net, and dozens more) have been documented since 2024 by Krebs on Security. Always verify you are on privnote.com exactly.

OneTimeSecret

Best for: Privacy-conscious users who want open-source software they can audit, contribute to, or self-host.

Watch out for: The hosted version's UI feels dated. There is no built-in way to verify the recipient — anyone with the link can read the message. Self-hosting is the recommended path for sensitive use cases.

Bitwarden Send

Best for: People already using Bitwarden's password manager.

Watch out for: You need a Bitwarden account to create a Send. That is friction in the classic use case ("I need to share one secret with one person, right now"). The recipient does not need an account — but you do.

Privacy Share

Best for: Sending sensitive credentials, secrets, or confidential text where you want proof the right person opened it — via OTP email verification — without forcing anyone to create an account. Hosted on servers in Germany, with no personal data retained after note creation (the OTP email is used once for delivery and then discarded).

Tradeoff: No file attachments. Text-only by design.

GDPR considerations for EU users

For EU users — especially in B2B contexts — GDPR compliance is often decisive:

Privacy Share: Servers in Friedersdorf, Germany (host: ALL-INKL.COM). No personal data stored after note creation (the OTP email is used once for delivery and discarded).
OneTimeSecret: Fully controllable when self-hosted in the EU; the hosted version (US) requires Standard Contractual Clauses (SCC).
Bitwarden Send: Processed in the US. For regulated data (health, finance, employee data), SCC and additional safeguards are typically required.
Privnote: Server locations are not publicly disclosed, which makes a GDPR impact assessment difficult upfront.

Which one should you use?

Sharing a password with a friend or family member? Privnote works for low-stakes cases. Privacy Share's optional OTP gives you confirmation the right person opened it.
Sharing internal company secrets? OneTimeSecret if you self-host; Privacy Share if you do not want to maintain infrastructure.
Sharing files in addition to text? Bitwarden Send (account required) or use a dedicated file-transfer tool.
Need to evaluate against compliance or audit requirements? Open-source tools (OneTimeSecret, Bitwarden Send) let you or your security team review the actual implementation. Tools without published technical details are difficult to assess.
GDPR-regulated data (EU)? Privacy Share (Germany) or self-hosted OneTimeSecret in the EU. Tools hosted or routed through the US typically require additional contractual safeguards.

Frequently Asked Questions

Is Privnote actually safe?

Privnote has been operating since 2008 and is widely used for low-stakes secret sharing. Whether it is "safe enough" for your use case depends on what you need to verify. For credentials, API keys, or anything regulated, choose a tool that publishes its encryption architecture so you (or your security team) can evaluate it.

Can a self-destructing note be recovered after reading?

With tools that document zero-knowledge encryption (Privacy Share, OneTimeSecret, Bitwarden Send), the note and its key are designed to be destroyed on read. With any tool, encrypted blobs may temporarily exist in backups depending on the operator's data-retention policy.

What is the actual difference between Privacy Share and Privnote?

Privacy Share publicly describes how it handles your data: AES-256 encryption, optional OTP email verification of the recipient, German hosting, and no personal data retention after note creation. Privnote does not publish equivalent details. If transparency about data handling matters to you, that is the most concrete difference.

Why does Privacy Share ask for an email when I enable OTP?

Only when you toggle OTP on. The email address is used once to send a 6-digit verification code to your recipient and is not stored afterwards. The default mode requires no email at all.

Are these tools GDPR-compliant?

Privacy Share is hosted in Germany and stores no personal data after note creation, which simplifies GDPR compliance for EU senders. OneTimeSecret can be self-hosted in any region. Bitwarden Send processes data in the US — for GDPR-regulated data this typically requires Standard Contractual Clauses and additional safeguards. For Privnote, server locations are not publicly disclosed, which makes GDPR impact assessments more difficult.

What happens if someone screenshots the note before it self-destructs?

No self-destructing tool can prevent screenshots — Privnote, OneTimeSecret, Bitwarden Send and Privacy Share all share this limitation. If screenshot risk is critical, deliver the secret in person or via a managed secrets vault, not a note tool.