Share Zoom Admin Access Safely (Roles, SSO)

OneTimeRead

Private Notes That Live Only Once

Privacy Policy

Last updated: August 11, 2025

This Privacy Policy explains how OneTimeRead (“we”, “us”, “our”) collects, uses, and protects information when you use our website, the one-time note service, and our blog (together, the “Service”). By using the Service, you agree to this Policy. If you have questions, contact us at contact@onetimeread.com.

Who we are

OneTimeRead provides a simple way to share sensitive notes that self-destruct after being read once, plus security and privacy content on our blog.

Information we collect

1) Information you provide

  • Support or contact messages: When you email us, we receive your email address and message.
  • Recipient email (optional): If you choose to send a one-time note via email, we process the recipient’s email address to deliver the link.

2) Information collected automatically

  • Server logs: Standard logs (IP address, user-agent, date/time, referrer, and requested URL) for security, abuse prevention, and reliability.
  • Cookies: Essential cookies to keep the site functioning (and, if enabled on the blog, preferences like comment settings).

3) Analytics (optional)

If enabled, we may use privacy-friendly analytics or Google Analytics (GA4) to understand aggregate usage. Analytics data is typically de-identified and aggregated.

4) Advertising (optional)

If we enable Google AdSense on the blog, AdSense may set cookies or use mobile identifiers to serve and measure ads. See Advertising & cookies.

One-time notes: how it works (privacy by design)

  • End-to-end approach: Your note is encrypted in the browser using a random key before it is sent to our server.
  • We never store plaintext or the key: The encryption key stays with you (in the link’s fragment #k=…) and is not sent to the server.
  • What the server receives: A random code, the ciphertext, and the IV. These are not useful without the key.
  • One-time read & destruction: After the note is retrieved and decrypted by the recipient, we destroy the stored ciphertext and related metadata.
  • Email delivery (optional): If you choose to notify a recipient by email, we send the link. We do not include the secret key in emails by default unless you explicitly opt in to a one-click format.

Important: Anyone who gets the full link including the key can read the note once. Share it carefully.

How we use information

  • Provide and operate the Service (create, deliver, and destroy one-time notes).
  • Maintain security and prevent abuse (rate limiting, fraud and spam prevention).
  • Improve reliability and user experience (debugging, performance).
  • (Optional) Analyze usage in aggregate to understand what features are useful.
  • (Optional) Display and measure ads on the blog.

We do not sell your personal information.

Where GDPR/UK GDPR applies, we rely on:

  • Performance of a contract: To deliver the one-time note service you request.
  • Legitimate interests: Site security, fraud prevention, and essential analytics.
  • Consent: Where required for non-essential cookies/ads.

Advertising & cookies (blog)

If we enable Google AdSense:

  • AdSense may set cookies or use identifiers to show personalized or non-personalized ads and to measure performance.
  • You can manage ad personalization in Google’s Ad Settings and learn more at Google’s policies.

If we enable Google Analytics (GA4):

  • GA4 may use cookies or similar technologies.
  • Where required by law, we will present consent choices.

Data retention

  • One-time notes: Stored only until first read (or until expiry, if configured) and then permanently destroyed.
  • Email addresses: Retained only as long as needed to deliver email and comply with abuse prevention and legal obligations.
  • Server logs: Retained for a limited period for security and operational continuity.
  • Analytics/ads data: Retention follows provider settings.

Security

We use industry-standard technical and organizational measures to protect data, including HTTPS, robust client-side cryptography for notes, and hardened server configurations. No method is 100% secure, but we work to protect your information.

Your rights

Your rights depend on where you live and applicable law. Subject to verification and exceptions, you may have rights to:

  • Access, correct, or delete personal information;
  • Object to or restrict certain processing;
  • Withdraw consent where processing is based on consent;
  • Portability of your data (structured, commonly used format).

To make a request, email contact@onetimeread.com. We may need to verify your identity and our obligations under applicable law.

Region-specific notes (summary):

  • EEA/UK (GDPR/UK GDPR): You may contact your data protection authority.
  • California (CCPA/CPRA): We do not “sell” data as defined by CCPA. We will honor applicable rights to know, delete, and correct.

International transfers

We may process information on servers or with providers located in different countries. Where required, we use safeguards such as Standard Contractual Clauses.

Children’s privacy

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate action.

Our blog may contain links to third-party sites. We are not responsible for their content or privacy practices. Review their policies.

Changes to this Policy

We may update this Policy to reflect changes in our practices or the law. We will post the updated version here with a new “Last updated” date. Significant changes may be announced on the site.

Contact us

Questions or requests about this Policy or your data? Email: contact@onetimeread.com