Privacy Policy

Last Updated: March 2026

At Secure Vault, we believe that privacy is a fundamental human right. This Privacy Policy explains how we collect, protect, and mathematically handle your data.

1. Zero-Knowledge Encryption

Secure Vault operates on a strict "Zero-Knowledge" architecture.

  • Your Vault Data: All items saved in your vault are encrypted and decrypted locally on your device using AES-256-GCM.
  • Your Master Password: We never transmit or store your raw Master Password. We only receive a cryptographic hash to authenticate your session.
  • Our Inability to Access: Because we do not possess your Master Password, our employees, developers, and server administrators are mathematically incapable of decrypting, reading, or sharing your vault data.

2. Information We Collect

To provide the Secure Vault service, we collect the minimum necessary operational data:

  • Account Information: An email address to identify your account and send security alerts.
  • Security Metadata: IP addresses, browser user-agents, and cryptographic device fingerprints used strictly to detect malicious login attempts and provide you with an Audit Log.
  • Encrypted Blobs: The encrypted ciphertext of your vault items, which is mathematically useless without your Master Password.

3. Account Deletion and Right to be Forgotten

You have the absolute right to delete your account at any time. Because your data is cryptographically bound, initiating an account deletion from your dashboard will permanently and irreversibly obliterate your authentication hashes and all encrypted vault blobs from our active databases.