1. Introduction
At SecureVault, your privacy is not just a policy; it's our core product. We interpret "Zero Knowledge" literally. We have engineered our systems so that we cannot see, read, or monetize your data, even if we wanted to.
2. Data We Collect
We believe in data minimization. We only collect what is strictly necessary to provide our service:
- Account Information: Your email address (for authentication and alerts) and a hash of your master password (which we cannot reverse).
- Encrypted Blobs: Your vault data is uploaded to our servers as encrypted blobs. We do not hold the keys to decrypt this data.
- Log Data: Minimal server logs for security auditing and debugging, which are regularly rotated and purged.
3. How We Use Your Data
We use your data solely to:
- Provide and maintain the SecureVault service.
- Notify you of security alerts (e.g., unrecognized logins).
- Prevent abuse and ensure system integrity.
We do NOT sell, rent, or share your personal data with advertisers or third parties.
4. Your Master Password
Your Master Password is the key to your vault. We do not know it, and we cannot reset it. If you lose your Master Password, you lose access to your data. This is the trade-off for true security.
5. Data Security
We employ industry-standard security measures, including:
- AES-256 Encryption: Applied to your data locally on your device before it ever reaches our servers.
- TLS/SSL: All data in transit is encrypted.
- Salted Hashing: We use strong algorithms to protect your authentication credentials.
6. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or a prominent notice on our website.
7. Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@securevault.com.