Privacy Policy

Minus11 is a Free Ultra-Fast online note-taking platform We provide a platform for users to capture thoughts, organize ideas, and share notes without compromising their privacy.

Minus11 is built on the Zero Knowledge architecture. This means we have designed the system so that we technically cannot read, access, or sell your private notes. We cannot use your data to train AI models, and we cannot provide your unencrypted content to third parties even if legally compelled.

We will never charge you for using our platform. We don't show ads, we don't track you for marketing, and we don't sell your data.

We use Firebase Authentication (by Google) for secure email and password sign-in. When you create an account, we collect:

• Your email address (used for login and account recovery)
• Your password (hashed and stored securely by Firebase we never see your plain-text password)
• Account creation timestamp

Your login credentials are managed entirely by Google's Firebase infrastructure, which follows industry-leading security practices.

Your encryption key is derived from your password using the PBKDF2 algorithm. This happens locally in your browser every time you log in.

Unlike systems that store keys in a way that can be lost, Minus11 ensures your notes are always accessible as long as you remember your password.

We use Google Firebase Cloud Firestore (a NoSQL database) to store your encrypted notes. Here's what we store:

• Encrypted note content (ciphertext only—unreadable without your key)
• Note metadata: creation date, last modified date, note ID
• User ID (from Firebase Authentication, to associate notes with your account)
• Pinned status (whether you've pinned a note)

While hosted by Google, they cannot read your notes as they only store scrambled "ciphertext" (encrypted blobs). Even if our database is breached, your notes remain secure because the encryption keys are never stored on our servers.

Minus11 allows you to share specific notes with others via a unique URL. When you click "Share Link", we generate a URL that includes the decryption key as a URL Fragment (#):

When the recipient opens this link, their browser uses the embedded key to decrypt the note locally. Because we use a URL Fragment (#) for the key, it is never transmitted to our servers or the hosting provider—it stays purely in the recipient's browser.

Important: Anyone with the share link can read that specific note. Treat share links like passwords—only send them to people you trust.

If you choose to use the AI Summarize feature, the specific text of that note is temporarily sent to Groq Inc. for processing using their Llama language models.

This is the only time your note content leaves your device in plaintext form. The data is:

• Sent over a secure HTTPS connection
• Processed in real-time and immediately discarded
• Never stored by Groq or used to train AI models

If you have sensitive notes, we recommend not using the AI summarization feature on those notes.

We are committed to minimal data collection. We do NOT:

• Track your browsing behavior across other websites
• Use cookies for advertising or marketing purposes
• Sell your data to third parties
• Store your plaintext note content on our servers
• Store your encryption keys
• Use your data to train AI models (except when you explicitly use the AI summarization feature)
• Show you advertisements
• Require personal information beyond your email address

Your encrypted notes are stored indefinitely until you delete them. You can delete individual notes or your entire account at any time.

When you delete a note or your account, the encrypted data is permanently removed from our database. However, we cannot decrypt or verify the content of deleted notes due to our zero-knowledge architecture.

We technically cannot provide decrypted content to third parties (including law enforcement or government agencies) because we do not possess your encryption keys.

However, you are solely responsible for the content you store. We do not monitor or moderate note content. As long as you maintain access to your account and remember your password, your data remains accessible and secure.

Minus11 is provided "as is" without warranties. We are not liable for data loss, security breaches, or any damages arising from your use of the service.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

If we make significant changes that affect your privacy, we will notify you via email (if you've provided one) or through a prominent notice in the application.