Privacy Policy
Last updated: 2026-01-01
What we collect
For anonymous use (free tier): none. We do not collect names, email addresses, or personal data. We receive only encrypted ciphertext that we cannot read. Operational logs (IP address, timestamp) are retained for 7 days for abuse prevention only.
For registered accounts: email address, hashed password, and organization name. IP address at registration and login for security purposes.
What we never collect
The content of any secret. Our zero-knowledge architecture means plaintext content is encrypted in your browser before it ever reaches our servers. We are technically incapable of reading any secret content.
How we use data
Email: account authentication, team invitations, billing notifications. We do not sell data. We do not use data for advertising. We do not share data with third parties except Stripe (payment processing) and Cloudflare (infrastructure).
Data retention
Secrets: automatically deleted after TTL expires or after being read. There is no recovery. Account data: retained until account deletion. Operational logs: 7 days.
Your rights (GDPR)
EU residents have the right to access, rectify, erase, and export their data. Contact [email protected]. We respond within 72 hours.