CipherOnce

Privacy Policy

Last updated: 2/10/2026

CipherOnce is built with privacy as a core principle. This Privacy Policy explains what data we collect, why we collect it, and—most importantly—what we cannot see or access.

Zero-Knowledge Architecture

CipherOnce is designed as a zero-knowledge service. Secrets and files are encrypted and decrypted entirely within your browser using modern cryptography (AES-256-GCM).

The encryption key is embedded in the URL fragment (#key) and is never transmitted to our servers. As a result:

  • We cannot read your secrets
  • We cannot recover lost secrets
  • We cannot decrypt your files

Information We Collect

Data You Provide
  • Encrypted Secret Content: Stored only in encrypted form. We never see plaintext.
  • Secret Configuration: Expiration time, view limits, passphrase usage, and feature flags.
  • Account Information: Email address and authentication identifiers if you register an account.
Automatically Collected Data
  • Access Logs: When a secret is accessed, we may log:
    • IP address
    • Browser User-Agent
    • Access timestamp
    • Access status (success, expired, invalid, etc.)
    • Error metadata (when applicable)
    These logs are visible only to the secret owner and are used for transparency and abuse prevention.
  • Server Logs: Basic operational logs required for security, rate limiting, and debugging. These logs are not used for tracking or profiling.

How We Use Your Information

  • To store and deliver encrypted secrets
  • To enforce expiration and view limits
  • To secure accounts and prevent abuse
  • To display access history to secret owners
  • To communicate critical service or security notices

We do not use your data for advertising, behavioral analytics, or profiling.

Data Retention & Deletion

  • Secrets: Permanently deleted after expiration, view limit, or manual destruction.
  • Access Logs: Deleted automatically when the associated secret is deleted.
  • Accounts: You may delete your account at any time, which removes all associated data.

Third-Party Services

CipherOnce uses a minimal set of trusted infrastructure providers:

  • Supabase: Database, authentication, and server functions. Privacy Policy
  • Vercel: Hosting and edge infrastructure. Standard operational logs may apply.

We never sell or share your data with advertisers or data brokers.

Cookies

CipherOnce uses essential cookies only for authentication and session management. We do not use tracking, analytics, or advertising cookies.

Your Rights

  • Access or delete your account data
  • Delete secrets at any time
  • Request account removal

Changes to This Policy

We may update this policy as CipherOnce evolves. Updates will be reflected on this page with a revised date.

Contact

For privacy questions, data requests, or security disclosures:

Developer profile