Privacy Policy
Last updated: March 1, 2026
Our Commitment
At SecureShare, privacy is not just a featureβit's our foundation. We've built our platform using zero-knowledge architecture, which means we cannot access, read, or share your secrets even if we wanted to.
π What We Don't Collect
- Your secrets: We only store encrypted data that we cannot decrypt
- Encryption keys: Keys remain in your browser and are never sent to our servers
- Passwords: If you set a password, only a bcrypt hash is stored
- Personal information: We don't require registration or collect identifying data
- IP addresses: We don't log or store IP addresses
- Browsing history: We don't track your activity across the web
π What We Do Store
- Encrypted content: Your secret in encrypted form (unreadable without the key)
- Encryption metadata: Initialization vectors and authentication tags (required for decryption)
- Configuration settings: Expiration time, view limits, and burn-after-read preferences
- Notification emails: If you opt-in for view notifications (never shared with third parties)
- Anonymous analytics: Aggregated usage statistics (number of secrets created, no personal data)
π‘οΈ How We Protect Your Data
- End-to-End Encryption: AES-256-GCM encryption performed in your browser
- Zero-Knowledge Architecture: We never have access to unencrypted data
- Automatic Deletion: Secrets are automatically deleted after viewing or expiration
- Secure Infrastructure: Hosted on secure, encrypted servers
- HTTPS Only: All connections are encrypted using TLS 1.3
- No Third-Party Tracking: We don't use analytics services that track users
π Data Retention
Secrets are stored only for as long as necessary:
- Maximum storage time: 7 days (configurable down to 5 minutes)
- Deleted immediately after viewing (if burn-after-read is enabled)
- Deleted when view limit is reached
- Deleted when expiration time is reached
- No backups or archives are kept
π§ Email Notifications
If you provide an email address for view notifications:
- Used only to notify you when your secret is accessed
- Deleted along with the secret
- Never shared with third parties
- Not used for marketing or promotional purposes
π Third-Party Services
SecureShare uses minimal third-party services:
- Redis: For encrypted data storage (data is encrypted before reaching Redis)
- Hosting Provider: For infrastructure (cannot access encrypted data)
We do not use advertising networks, social media trackers, or analytics platforms that could compromise your privacy.
βοΈ Legal Requests
Due to our zero-knowledge architecture, we cannot comply with requests to decrypt user data because we don't have the ability to do so. If we receive a legal request:
- We can only provide encrypted data (which is useless without the key)
- We cannot provide encryption keys (they never reach our servers)
- We may be required to provide metadata (creation time, expiration time)
πͺ Cookies
We use minimal cookies for essential functionality:
- Session management (to remember your preferences during your visit)
- No tracking or advertising cookies
- All cookies are session-only and deleted when you close your browser
πΆ Children's Privacy
SecureShare is not intended for children under 13. We do not knowingly collect information from children. If you believe a child has used our service, please contact us.
π Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be announced on our website. Continued use of the service after changes constitutes acceptance of the updated policy.
π¬ Contact Us
If you have questions about this privacy policy or our practices, contact us at:
Email: privacy@secureshare.app
β Your Rights
You have the right to:
- Know what data we store (only encrypted secrets)
- Request deletion of your secrets (they auto-delete anyway)
- Opt-out of email notifications (by not providing an email)
- Use the service anonymously (no registration required)