Privacy-by-Design Checklist

Privacy by design is more than a buzzword — it's a method for building systems that respect users from the start. Quickburn was shaped by this philosophy. Use the checklist below to evaluate any service you rely on, including ours. This is information, not legal advice.

1. Data minimization

Only collect what you need. Quickburn stores ciphertext, expiry time, and a read counter. If a service asks for birth dates or device IDs, question why.

2. Purpose limitation

Define why data is collected and stick to it. Our sole purpose for storing metadata is to deliver and delete your secret. We do not repurpose logs for marketing.

3. Storage limitation

Set retention periods. Quickburn deletes secrets immediately after they burn and purges logs within 30 days. Look for similar guarantees elsewhere.

4. Integrity and confidentiality

Use strong encryption and access controls. We rely on AES‑GCM and limit who can access the production database. Regular security reviews help catch issues early.

5. Transparency

Policies should be easy to find and written in plain language. Quickburn’s privacy policy spells out our practices and any future changes will be versioned.

6. User control

People should be able to delete their data. Because Quickburn requires no account, deleting a link removes the associated data automatically.

7. Accountability

Someone must be responsible for privacy. Our small team reviews changes with a privacy checklist and logs decisions in our repository.

Following a privacy‑by‑design approach keeps us honest and helps users evaluate whether a tool deserves their trust. Adapt this checklist for your own projects and hold vendors to the same standard.