SecretVoid

PRIVACY_POLICY

Last Updated:

1. INTRODUCTION

SecretVoid ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our zero-knowledge, end-to-end encrypted secret sharing service.

2. ZERO-KNOWLEDGE ARCHITECTURE

SecretVoid is designed as a zero-knowledge system. SecretVoid operators cannot decrypt your secrets. This is a cryptographic property of the architecture, not a policy statement — we do not have access to your plaintext secrets or client-side encryption keys, and no employee or system change can grant us that access.

SecretVoid uses dual-layer AES-256-GCM encryption:

  • Layer 1 (Client-Side): Your secret is encrypted in your browser before leaving your device. The decryption key lives only in the URL fragment (#), which browsers never transmit to servers
  • Layer 2 (Server-Side): We encrypt the already-encrypted blob again with our own server key for defence in depth
  • Decrypting a secret requires both your client key and our server key simultaneously — neither alone is sufficient
  • We store only double-encrypted data. Even a full server breach exposes nothing readable without your client key

What we cannot do:

  • Read, decrypt, or access your plaintext secrets
  • Access your client-side encryption keys
  • Recover a secret after it has expired or been burned
  • Comply with requests to produce plaintext secret content — we do not possess it

What we cannot prevent:

  • A compromised device, browser, or operating system capturing your secret before or after encryption
  • Malware, keyloggers, or malicious browser extensions running on your device
  • Someone watching your screen when a secret is displayed
  • A recipient intentionally or accidentally forwarding or sharing a secret after viewing it
  • Phishing attacks that trick you into entering your secret on a different site
  • The recipient's device being compromised

3. DATA WE COLLECT

3.1 Encrypted Secrets

We temporarily store encrypted blobs that we cannot decrypt. If you enable "Burn After Reading," secrets are automatically deleted immediately after being viewed once. Otherwise, secrets remain accessible until they expire (based on your chosen expiration time: 1, 3, or 7 days).

3.2 Optional Passphrase Protection

If you choose to protect a secret with a passphrase, all passphrase handling occurs entirely in your browser. We only store a flag indicating that a passphrase is required (hasPassphrase: true). We never receive, store, or process the actual passphrase - it remains on your device only.

3.3 Operational Metadata

We collect standard operational metadata for security, rate limiting, and abuse prevention. This is entirely separate from secret content, which we cannot access. Metadata we may collect includes:

  • IP addresses and approximate geolocation (country only)
  • Browser type and device category (desktop/mobile)
  • Timestamps of requests
  • Secret IDs (not content) for access logging
  • HTTP status codes

We explicitly do not log: secret content, encryption keys, URL fragments, or any data that would allow us to reconstruct a plaintext secret. This data is retained for up to 30 days.

3.4 Email Notifications (Optional)

If you optionally provide an email address for read receipt notifications, we encrypt it server-side using AES-256-GCM with a separate key from our content encryption key. It is stored temporarily alongside the encrypted secret and deleted immediately after the notification is sent.

Notification emails contain only: a timestamp, the country of the viewer (not city or IP address), and device type (desktop/mobile). Notification emails never contain secret content — we cannot include what we cannot read.

Email delivery is handled by SendGrid (a Twilio company). SendGrid acts as a data processor and receives only the recipient email address and the notification message described above. SendGrid does not receive, and we do not transmit, any secret content. SendGrid's privacy policy is available at their website.

We do not use email addresses for marketing, tracking, or any purpose other than the single notification described above.

3.5 User Account Data (Pro Tier)

If you create a Pro account, we store your email address, hashed password (using bcrypt), subscription tier, and Stripe customer ID. This data is stored securely in MongoDB and is used solely for account authentication and subscription management.

4. HOW WE USE DATA

  • To provide the secret sharing service
  • To enforce expiration and one-time viewing policies
  • To verify passphrases (using hashes only)
  • To prevent abuse and enforce rate limits
  • To send optional email notifications
  • To improve service performance and security

5. DATA RETENTION

Encrypted secrets are stored temporarily in MongoDB with automatic TTL (time-to-live) expiration:

  • If "Burn After Reading" is enabled, secrets are deleted immediately after being viewed once
  • If "Burn After Reading" is disabled, secrets can be viewed multiple times until they expire
  • All secrets expire after 1, 3, or 7 days (based on your selection and tier)
  • Server-side encryption keys rotate automatically on a weekly basis. Secrets are guaranteed to remain decryptable for their full stated expiry period. Once a secret expires, the key that encrypted it is permanently discarded — expired secrets cannot be recovered under any circumstances
  • Server logs are retained for up to 30 days for security purposes
  • Email addresses for read receipts are deleted immediately after notification is sent
  • User account data is retained until you request account deletion

6. THIRD-PARTY SERVICES

We use the following third-party services:

  • MongoDB Atlas: For temporary encrypted secret storage and user account data (Pro tier)
  • Render: For hosting infrastructure
  • Stripe: For payment processing and subscription management (Pro tier)
  • SendGrid: For sending optional email notifications
  • Google Analytics: For anonymous usage analytics
  • CDNs: For serving static assets (fonts, icons)

These services have their own privacy policies and may process data according to their terms.

7. SECURITY

We implement industry-standard security measures including HTTPS encryption, rate limiting, and secure server configurations. However, no method of transmission over the internet is 100% secure. The zero-knowledge architecture ensures that even if our servers are compromised, your secrets remain encrypted and unreadable.

Automatic key rotation: Our server-side encryption keys are rotated on a regular schedule. Multiple key versions are maintained simultaneously so that all active secrets remain accessible throughout their stated expiry period. After expiry, the corresponding keys are permanently destroyed, making recovery of expired secrets technically impossible — including by SecretVoid staff.

8. OPEN SOURCE & VERIFICATION

SecretVoid's client-side encryption module is open source and publicly auditable. The code that runs in your browser to encrypt and decrypt secrets is published on GitHub and available as an npm package.

Verify it yourself: You can confirm the exact code running in your browser at any time. Open DevTools (F12), go to the Network tab, reload the page, and find the crypto.js request. The response will be the unminified, human-readable source — compare it directly against the published package at npmjs.com/package/secretvoid-crypto. We serve it unmodified, straight from the package.

9. YOUR RIGHTS

Due to our zero-knowledge architecture, we cannot identify which encrypted secrets belong to you without your unique link. Once you share a secret link, you control who can access it. You can destroy secrets before they expire by using the "Destroy Secret" button after viewing.

Pro Tier Users: You have the right to access, modify, or delete your account data at any time. You can cancel your subscription from your dashboard, and you may request complete account deletion by contacting support.

10. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know: You may request details about the personal information we collect, use, and disclose
  • Right to Delete: You may request deletion of personal information we hold about you
  • Right to Opt-Out: We do not sell personal information to third parties. There is nothing to opt out of
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights

What we collect: IP addresses and browser metadata for security and rate limiting purposes. Optionally, email addresses if you provide them for notifications or account creation. We do not collect or store plaintext secret content — it is encrypted in your browser before reaching us.

To exercise your rights, contact us at support@secretvoid.com. We will respond within 45 days as required by law.

11. CHILDREN'S PRIVACY

SecretVoid is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

13. CONTACT

If you have questions about this Privacy Policy, please contact us at support@secretvoid.com.