Privacy Policy
At 10minbox, we believe privacy is a fundamental human right. Our architecture is designed from the ground up to be zero-knowledge. This means we cannot read, scan, or access your data, and we don't know who you are.
1. Zero-Knowledge Architecture
All files and notes you upload are encrypted directly in your browser using AES-256-GCM. The encryption key is derived from your chosen PIN and the unique Box ID. This key is never transmitted to our servers. Because we never receive the plaintext PIN or the encryption key, it is mathematically impossible for us (or anyone who intercepts the data) to decrypt your files.
2. What We Collect (and Don't Collect)
- No Accounts: We do not ask for your name, email address, or phone number.
- No Logs: We do not log IP addresses or track user activity.
- Metadata: We only store the encrypted payload, a salted hash of the PIN for verification, and the Box ID.
3. 10-Minute Auto-Purge
We do not store your data long-term. Every box and its contents are automatically and permanently deleted from our servers 10 minutes after creation. If a box is successfully opened and downloaded before the 10 minutes expire, the data is deleted immediately. Once deleted, it cannot be recovered.
4. Third-Party Services (Cloudflare Turnstile)
To protect our infrastructure from bots and abuse, we use Cloudflare Turnstile. Turnstile is a privacy-preserving CAPTCHA alternative.
This site is protected by Cloudflare Turnstile and the CloudflarePrivacy Policy andTerms of Service apply.
5. Changes to this Policy
Since we don't collect personal information, any changes to this policy will not affect how your personal data is handled (because we don't have it). We will post any updates to this page.
Last updated: July 2026