01
Zero-Knowledge Architecture
CipherOnce is designed as a zero-knowledge service. Secrets and files are encrypted and decrypted entirely within your browser using modern cryptography (AES-256-GCM).
The encryption key is embedded in the URL fragment (#key) and is never transmitted to our servers. As a result:
- We cannot read your secrets
- We cannot recover lost secrets
- We cannot decrypt your files
Data You Provide
- Encrypted Secret Content: Stored only in encrypted form. We never see plaintext.
- Secret Configuration: Expiration time, view limits, passphrase usage, and feature flags.
- Account Information: Email address and authentication identifiers if you register.
Automatically Collected
- Access Logs: IP address, browser User-Agent, timestamp, access status, and error metadata. Visible only to the secret owner.
- Server Logs: Basic operational logs for security and rate limiting. Not used for tracking or profiling.
03
How We Use Your Information
- To store and deliver encrypted secrets
- To enforce expiration and view limits
- To secure accounts and prevent abuse
- To display access history to secret owners
- To communicate critical service or security notices
We do not use your data for advertising, behavioral analytics, or profiling.
04
Data Retention & Deletion
- Secrets: Permanently deleted after expiration, view limit, or manual destruction.
- Access Logs: Deleted automatically when the associated secret is deleted.
- Accounts: You may delete your account at any time, which removes all associated data.
CipherOnce uses a minimal set of trusted infrastructure providers:
- Supabase: Database, authentication, and server functions. Privacy Policy →
- Vercel: Hosting and edge infrastructure. Standard operational logs may apply.
We never sell or share your data with advertisers or data brokers.
CipherOnce uses essential cookies only for authentication and session management. We do not use tracking, analytics, or advertising cookies.
- Access or delete your account data
- Delete secrets at any time
- Request account removal
We may update this policy as CipherOnce evolves. Updates will be reflected on this page with a revised date. Continued use after changes constitutes acceptance of the updated policy.
