How a Poof Goes Poof

Poof was built with two things in mind, privacy and impermenance, and the beauty of those two things combined.

When you send a "Poof" note to somoene, the contents of the note are encrypted (text, to-dos, the generated url for the note, etc) and temporarily stored in a database. No one, including myself the creator of Poof, can see the contents of your Poof without having the unique link to it, ensuring privacy unless an unlikely breach occurs.

While we employ advanced encryption techniques and robust security measures, it is important to acknowledge that no system is entirely immune to potential data breaches or cryptographic attacks.

Poof notes can be shared in one of two ways:

You can choose to have an email address be alerted when a Poof note is opened. If you attach to dos to a note... you can choose to have an email be alerted when those to dos are completed. That email gets triggered when all to dos on the note get marked completed by the visitor of the generated note via its URL. These emails and their contents are not stored and are generated at the time of opening and/or task completion. The email address you enter is encrypted and stored in our database simply so it can be used by the server when these emails get triggered. The email recipient of the notification is not added to any mailing list or mailing software (I hate that stuff) and the encrypted email address associated with the note is deleted from the database either after its due date or after opening.

Daily backups are taken for emergencies, such as restoring after an outtage or migrating the database. Each backup is deleted after 7 days. Note: data in backups remains encrypted and unreadable.

FAQ

How does a note self-destruct?

Any record of its existense gets deleted. This happens either after its due date has passed, or after someone has viewed it one time (depending on the settings you have chosen for the note).

Can I delete my note before its due date?

If you have created a note with a due date, that due date is set. You can not alter it or delete the note early.

How can I know my note is secure?

Without sacrificing the security standards that have been put in place, you can rest assured that every part of your note's data is encrypted before it is stored. Check back here for a link to the GitHub so you can see for yourself the measures that have been put in place to keep your notes and data secure.

Can someone I don't want to see my note... see my note?

This process and tool is only as secure as you are. If you generate a link to a note and share it, know that the recipient of that link can do whatever they wish with it. If you trust the end party this should not be an issue but you should be aware how the tool works.

If you are worried about a malicious party viewing your note, they would need to "guess" the generated URL of your note which we have made as close to impossible as we could without having exhaustively long URLs for each note.

Why did you make Poof? What's the point of a self-destructing note?

I often work with a lot of remote workers, clients, developers, etc. Sharing passwords, sensitive information, or related project notes and tasks has always been a pain. Inevitably you leave some exposure or digital paper trail somewhere.

I can't tell you how many old random note Google Docs I have with instructions for some contractor or client that may or may not have sensitive information in it. How much nicer would it be to share these things and know they were going to be deleted forever? Enter Poof...