I care deeply about user privacy, which is why I don't store any user-identifiable information. The only information that's stored on the server is the note data. The note data consist of the following:
- ID (randomly generated)
- Content (the note someone wrote)
- 'Allow Deletion' boolean
- Hashed Password (bcrypt with 12 rounds)
If 'Allow Deletion' has been checked when the note was created (it is checked by default), then the note data can be deleted by any person who has access to the URL. When a note is deleted, it is deleted completely. This means that a deleted note cannot be recovered.
In order to protect Note.Delivery against abuse and attacks, I use a rate limiter package, that will store your IP in memory for 1 hour. I also use CloudFlare, which will discard access logs within 4 hours. I do not log anything myself, as I feel confident that the rate limiter together with CloudFlare can mitigate any attacks that may occur. If you wish to self-host Note.Delivery, then you can easily remove the rate limiter package from the source code, as well as choose not to use CloudFlare if you so desire.
Note.Delivery also use AES-256 encrypted cookies for the sole purpose of displaying potential error messages. You can easily delete and block the cookies without breaking anything (besides the fact that potential error messages won't be displayed if cookies are being blocked).
If you encounter any problems, or have any questions, then feel free to open an issue on GitHub.