๐ก 1. Zero-Server Architecture
rivo.lat has no backend servers. Every file (HTML, CSS, JavaScript) is static and hosted on a CDN. There is no database, no API, no logging, no collection of any kind.
โ No database connections
โ No user accounts
โ No logging of IP addresses
โ What you write never leaves your browser.
๐พ 2. Local Storage Only
Your notes and images are saved exclusively in your browser's localStorage and IndexedDB (for images). This means:
- โ๏ธ Data is stored on your device, not our servers
- โ๏ธ You can delete everything by clearing browser data
- โ๏ธ No one (including us) can access your notes remotely
๐ช 3. No Cookies
VERIFIED 0 cookies are set by rivo.lat. We do not use session cookies, tracking cookies, or any persistent identifiers.
๐๏ธ 4. No Tracking & No Third Parties
Zero analytics, zero pixels, zero trackers. We do not use:
- โ Google Analytics / Umami / Plausible
- โ Facebook Pixel / Twitter conversion
- โ Hotjar / CrazyEgg / any heatmaps
- โ Any external tracking scripts
The only external resource is cdnjs.cloudflare.com for the PDF library (html2pdf.bundle.min.js). This library runs entirely in your browser and sends no data.
๐ 5. HTTPS Everywhere
Your connection to rivo.lat is fully encrypted using TLS 1.2/1.3. This prevents:
- ๐ก๏ธ Eavesdropping (man-in-the-middle attacks)
- ๐ก๏ธ Tampering with your notes during transmission
- ๐ก๏ธ ISP tracking of your page content
โ HSTS enabled (HTTP automatically upgrades to HTTPS)
โ Grade A+ on SSL Labs (if tested)
๐ก๏ธ 6. Security Headers (CSP & Friends)
We enforce strict browser security policies:
Content-Security-Policyโ Only allows scripts from 'self' and cdnjsX-Frame-Options: DENYโ Prevents clickjacking attacksX-Content-Type-Options: nosniffโ Stops MIME type sniffingReferrer-Policy: no-referrerโ No referer header sentPermissions-Policyโ Blocks camera, mic, geolocation, etc.
๐ซ 7. What We Never Do
- โ Request donations or payment (no PayPal, no Patreon, no Buy Me a Coffee)
- โ Show any advertisements (zero ads, zero banners)
- โ Ask for personal information (name, email, phone)
- โ Store or log IP addresses
- โ Use fingerprinting techniques
- โ Embed social media widgets or share buttons
๐ 8. Transparency & Verification
You can independently verify everything claimed here:
- ๐ง Open Browser DevTools (F12) โ Network tab โ See all requests (only 5-6 total)
- ๐ง Application tab โ Cookies & Storage โ Verify no cookies stored
- ๐ง Sources tab โ Examine all JavaScript code (fully open source)
- ๐ง Use online tools like SecurityHeaders.com to check our grade
๐ 9. Last Security Review
Date: April 17, 2026
Status: โ All security claims verified and active.
Contact (security only): security@rivo.lat (if you discover a vulnerability, please report responsibly)