KeyVoid

At KeyVoid, privacy is not just a feature—it is the foundation of our service. This Privacy Policy explains what information we collect, how we use it, and how we protect your privacy through our zero-knowledge architecture.

1. Information We Collect

We collect minimal information necessary to provide our service:

Account Information: Your email address (required for authentication and notifications)
Encrypted Data: Your vault contents, which are encrypted in your browser before reaching our servers
Technical Data: Basic server logs for debugging and security (IP addresses, timestamps, request types)

2. What We Cannot Access

Due to our zero-knowledge encryption architecture, we explicitly cannot access:

Your master password or encryption keys
The contents of your vault or any stored secrets
Metadata about your stored items (titles, descriptions, etc.)
Your browsing history or usage patterns within the vault

All encryption and decryption occurs locally in your browser. The data we store on our servers is entirely encrypted blobs that are meaningless without your master password.

3. How We Use Your Information

We use the limited information we collect to:

Provide, maintain, and improve the KeyVoid service
Authenticate your account and prevent unauthorized access
Send important security notifications and service updates
Respond to your support requests and feedback
Monitor for security threats and fraudulent activity

We do not use your information for advertising, marketing, or any commercial purposes beyond providing the vault service.

4. Data Storage & Security

Your data is protected through multiple security layers:

Client-Side Encryption: AES-256-GCM encryption performed in your browser using your master password
Server-Side Encryption: Additional encryption layer applied to already-encrypted data at rest
Secure Transmission: All data transmitted over HTTPS/TLS 1.3
Access Controls: Strict authentication and authorization mechanisms

5. Third-Party Services

We use the following third-party services:

Hosting Provider: For server infrastructure (hosts encrypted data only)
Email Service: For sending authentication and notification emails

All third-party providers are contractually bound to maintain confidentiality and security. They never have access to your unencrypted data or master password.

6. Data Retention

We retain your encrypted data for as long as your account is active. If you choose to delete your account, all associated data will be permanently deleted within 30 days. Server logs are retained for 90 days for security purposes before automatic deletion.

7. Your Rights

You have the right to:

Access your personal information (email, account details)
Export your encrypted vault data at any time
Correct inaccuracies in your account information
Delete your account and all associated data

To exercise these rights, please contact us through the app or email support.

8. No Tracking Policy

KeyVoid does not use cookies for tracking, analytics, or advertising purposes. We do not employ any third-party analytics services (no Google Analytics, no tracking pixels, no telemetry). Your usage of the application is completely private.

9. Compliance

We comply with applicable data protection laws. Our zero-knowledge architecture inherently supports privacy regulations by design—we literally cannot access your personal data even if requested, because we do not possess the decryption keys.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. We will post any changes on this page and update the last modified date. Continued use of the service after changes constitutes acceptance of the updated policy. It is your responsibility to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us through our GitHub repository or email support.