Frequently Asked Questions

Anotas.online is a free, no-sign-up tool for writing and sharing notes online. You write a note in your browser, protect it with a password, and share the link. The recipient enters the password to read it. That is the whole product.

No. Anotas.online has no concept of accounts or user identity. You never need to provide an email, phone number, or any personal information. Every visit starts from the same screen.

Yes, completely free for all uses, personal or professional. We do not have a paid tier. The service is supported by display ads on public pages (homepage, blog, legal pages). The actual note pages — where you write, lock, or read content — never show ads.

There is no hard limit, but to prevent automated abuse we rate-limit note creation to 5 new notes per hour from the same IP address. This is more than enough for legitimate human use.

Up to 50,000 characters per note — roughly equivalent to a 10-page document.

We store note content unencrypted in our database so it can be read back when you or your recipient open the link. We do not actively read or analyze the contents. Passwords are stored only as one-way bcrypt hashes — we never see or store the password itself.

Links use a memorable slug like luna-523 but the password is what actually protects access. Without the password, the URL alone shows only a locked screen. We also rate-limit password attempts to 20 per hour per IP to make brute-force impractical.

There is no recovery option. We do not have your email and do not know who you are, which means we have no way to verify ownership or send a reset link. If the password is lost, the note cannot be edited or read again. This is intentional — the trade-off for not collecting your identity.

Yes. Open the note, enter the password, edit the content to be empty (or replace it with anything else). Notes that have been inactive for more than a year are automatically removed.

Passwords are hashed using bcrypt with a cost factor of 12, which is the OWASP-recommended setting at the time of this writing. The hash is one-way — even with database access we cannot recover the original password.

We do not log IP addresses in plain text. When you make a request, your IP is immediately hashed with SHA-256 and only the hash is stored, used exclusively for rate limiting. The hash cannot be reversed to identify you.

Minimally. We use one local storage key (anotas-lang) to remember your language preference. On public pages (homepage, blog, About/Privacy/Cookies/Contact), Google AdSense sets a small number of cookies to serve and frequency-cap ads. The note pages themselves do not load AdSense and do not set ad cookies.

End-to-end encryption requires the user to manage a key — usually in the URL fragment after the # symbol. If you lose the URL or break the fragment, the content is permanently unrecoverable. We chose a password model because it is more forgiving (you can change channels, write down the password on paper) while still keeping the content protected at the application layer.

Google Keep and Notion are powerful note systems tied to your identity, with sync, history, search, and collaboration features. Anotas.online does none of that — it is intentionally minimal. The use case is different: not "where I keep all my notes" but "where I share a single piece of text safely, then forget about it".

Those services are great for one-time burn-after-read messages. Anotas.online is different: notes persist and can be edited multiple times. They are protected by a password rather than self-destructing on first read. Use a one-time secret tool if you want the note to vanish after first view; use Anotas.online if you want a reusable, password-protected note.

No. By design, every note requires a password. This is a deliberate friction that prevents accidental over-sharing — you cannot create a "public link" because someone always needs the password to open it.

Not at this time. The site is built with Next.js (frontend) and PHP + MySQL (backend), hosted on Hostinger.

An independent team based in the Dominican Republic. No corporate backing, no investors, no data-broker partnerships. Contact us at hello@anotas.online.