CipherOnce

Privacy Policy for CipherOnce

Last updated: 12/26/2025

Welcome to CipherOnce. We are committed to protecting your privacy and ensuring you have a transparent understanding of how we handle your data. This Privacy Policy outlines our practices concerning the collection, use, and protection of your information. Our core principle is zero-knowledge; your secrets are yours alone.

Our Zero-Knowledge Commitment

CipherOnce is fundamentally designed as a zero-knowledge service. When you create a secret, it is encrypted and decrypted exclusively within your browser using strong, modern cryptography (AES-256-GCM). The encryption key is appended to the shareable URL and is never transmitted to our servers. This means we, the operators of CipherOnce, have no ability to view, access, or decrypt your secret content.

Information We Collect

To provide our service, we collect a minimal amount of information:

Information You Provide
  • Encrypted Secret Data: The content of your secret, in its fully encrypted form. We cannot read this.
  • Secret Metadata: The settings you choose for a secret, such as its expiration time, maximum number of views, and whether it is protected by a passphrase.
  • Account Information: If you create an account, we collect your email address and associate it with your authentication provider (e.g., GitHub). This is used for account management and security.
Information Collected Automatically
  • Access Logs: For secrets created by registered users, we log access attempts. This log includes the viewer's IP address, browser User-Agent, and the time of access. These logs are only visible to the secret's owner and are a feature to enhance security.
  • Server Logs: Like most web services, our servers may automatically log basic information for security and debugging purposes, such as your IP address, browser type, and the pages you visit. This data is not linked to specific secrets.

How We Use Your Information

Your information is used for the following purposes:

  • To Operate the Service: To store your encrypted secrets, enforce the access rules you define, and allow you to manage your secrets via your dashboard.
  • For Security: To protect your account, monitor for malicious activity, and allow you to track access to your secrets.
  • To Communicate With You: To send important notices regarding your account, such as security alerts or password reset emails. We will not send you marketing emails.

Data Retention and Deletion

We retain data only for as long as necessary:

  • Secrets: A secret is permanently and irrecoverably deleted from our database immediately when its expiration time is reached, its maximum view count is met, or it is manually "burned" by its creator.
  • Access Logs: Access logs associated with a secret are permanently deleted when the secret itself is deleted.
  • User Accounts: Your account information is retained as long as your account is active. You may delete your account at any time, which will also delete all associated secrets and logs.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to others. We limit data sharing to the essential third-party services that help us operate CipherOnce:

  • Supabase: We use Supabase for our database, authentication, and serverless functions. Supabase is our primary data processor. You can view the Supabase Privacy Policy here.
  • Hosting Provider: Our application is hosted on Vercel. Standard server logs may be collected and stored by our hosting provider for security and operational purposes.

Cookies

We use cookies for essential functionlity only. Specifically, we use them to manage your authentication session if you are logged in. We do not use cookies for tracking or advertising purposes.

Your Rights

As a user, you have the right to access, correct, or delete your personal information. If you have an account, you can manage your secrets directly from your dashboard. To request account deletion, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us.