Privacy Policy

What we store

• Encrypted file blobs and encrypted metadata (filenames, message subjects, bodies, attachments)
• Your email address and public key
• Wrapped (ciphertext) versions of your private key and master key
• Plain operational metadata: account creation time, storage size in bytes, recipient ids, subscription state, audit events

What we never store or see

• Your password
• Your master key or private key in plaintext
• File or message contents, plaintext filenames, subjects, or attachments
• File or message encryption keys

How encryption works

Your password is run through Argon2id locally to derive a master key. Your X25519 keypair is generated locally. The private key is encrypted with the master key (XChaCha20-Poly1305) and stored on the server only as ciphertext. Every file gets a fresh random key; that key is sealed for each recipient's public key. We never have access to any plaintext key.

Your rights (GDPR)

You can export your data and delete your account from the Security Center.