๐Ÿ”’ rivo.lat Security & Privacy Report

๐Ÿ›ก๏ธ Security & Privacy

Your data is yours alone. Here's exactly how we protect it.

๐Ÿ“ก 1. Zero-Server Architecture

rivo.lat has no backend servers. Every file (HTML, CSS, JavaScript) is static and hosted on a CDN. There is no database, no API, no logging, no collection of any kind.

โŒ No server-side code
โŒ No database connections
โŒ No user accounts
โŒ No logging of IP addresses

โœ… What you write never leaves your browser.

๐Ÿ’พ 2. Local Storage Only

Your notes and images are saved exclusively in your browser's localStorage and IndexedDB (for images). This means:

  • โœ”๏ธ Data is stored on your device, not our servers
  • โœ”๏ธ You can delete everything by clearing browser data
  • โœ”๏ธ No one (including us) can access your notes remotely

๐Ÿช 3. No Cookies

VERIFIED 0 cookies are set by rivo.lat. We do not use session cookies, tracking cookies, or any persistent identifiers.

// Check for yourself in DevTools: // Application โ†’ Cookies โ†’ https://www.rivo.lat โ†’ (empty)

๐Ÿ‘๏ธ 4. No Tracking & No Third Parties

Zero analytics, zero pixels, zero trackers. We do not use:

  • โŒ Google Analytics / Umami / Plausible
  • โŒ Facebook Pixel / Twitter conversion
  • โŒ Hotjar / CrazyEgg / any heatmaps
  • โŒ Any external tracking scripts

The only external resource is cdnjs.cloudflare.com for the PDF library (html2pdf.bundle.min.js). This library runs entirely in your browser and sends no data.

๐Ÿ” 5. HTTPS Everywhere

Your connection to rivo.lat is fully encrypted using TLS 1.2/1.3. This prevents:

  • ๐Ÿ›ก๏ธ Eavesdropping (man-in-the-middle attacks)
  • ๐Ÿ›ก๏ธ Tampering with your notes during transmission
  • ๐Ÿ›ก๏ธ ISP tracking of your page content
โœ… Valid SSL certificate (Let's Encrypt)
โœ… HSTS enabled (HTTP automatically upgrades to HTTPS)
โœ… Grade A+ on SSL Labs (if tested)

๐Ÿ›ก๏ธ 6. Security Headers (CSP & Friends)

We enforce strict browser security policies:

  • Content-Security-Policy โ€“ Only allows scripts from 'self' and cdnjs
  • X-Frame-Options: DENY โ€“ Prevents clickjacking attacks
  • X-Content-Type-Options: nosniff โ€“ Stops MIME type sniffing
  • Referrer-Policy: no-referrer โ€“ No referer header sent
  • Permissions-Policy โ€“ Blocks camera, mic, geolocation, etc.

๐Ÿšซ 7. What We Never Do

  • โŒ Request donations or payment (no PayPal, no Patreon, no Buy Me a Coffee)
  • โŒ Show any advertisements (zero ads, zero banners)
  • โŒ Ask for personal information (name, email, phone)
  • โŒ Store or log IP addresses
  • โŒ Use fingerprinting techniques
  • โŒ Embed social media widgets or share buttons

๐Ÿ” 8. Transparency & Verification

You can independently verify everything claimed here:

  • ๐Ÿ”ง Open Browser DevTools (F12) โ†’ Network tab โ†’ See all requests (only 5-6 total)
  • ๐Ÿ”ง Application tab โ†’ Cookies & Storage โ†’ Verify no cookies stored
  • ๐Ÿ”ง Sources tab โ†’ Examine all JavaScript code (fully open source)
  • ๐Ÿ”ง Use online tools like SecurityHeaders.com to check our grade

๐Ÿ“… 9. Last Security Review

Date: April 17, 2026

Status: โœ… All security claims verified and active.

Contact (security only): security@rivo.lat (if you discover a vulnerability, please report responsibly)


โ† Back to rivo.lat notebook
๐Ÿ”’ rivo.lat๐Ÿค๐Ÿท โ€” Zero tracking, zero cookies, zero servers. Your thoughts, your browser, your privacy.