Your passcode never leaves your browser in readable form โ not at signup, not at login, not during a passcode reset. The server only ever sees a one-way PBKDF2 verifier of it, the same way it's stored, so there is nothing "real" for anyone with server or database access to steal. Your actual encryption key is derived locally and used to encrypt/decrypt entries in this browser only.
The server does run a background clock that deletes each entry's ciphertext the moment it expires, whether or not anyone is logged in โ that's what makes the countdown trustworthy even with the app closed. But because the server never holds your key, a background deletion can only produce a generic notification (mode + rough length, no words). Rich notifications with the real text or an exact redacted replay only happen when this app was open at the moment an entry expired, since that's the only time your key exists anywhere outside your own head. Turn off "Include entry text" above if you'd rather those rich notifications never include your actual words either.
Admins can trigger a passcode reset, but never see the new passcode or your full email โ it's generated by the server and emailed directly to the address on file. Admins have no path to your entries, ever.
This permanently deletes your account, your email address, any entries still counting down, and your notification history. It cannot be undone โ there is no backup copy anywhere, by design.