Logo

Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy explains how SecureVault ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our secure secret sharing platform ("Service"). We are committed to protecting your privacy and ensuring the security of your data.

2. Information We Collect

2.1 Account Information

  • Email address (when provided for notifications)
  • Authentication data from SSO providers (Microsoft Entra ID)
  • Name and profile information from identity providers

2.2 Secret Data

  • Encrypted secrets you create (we cannot read them)
  • Labels and metadata associated with secrets
  • Recipient email addresses (for notification purposes only)

2.3 Usage Data

  • IP addresses for security and rate limiting
  • Browser user agent information
  • Audit logs of actions taken (create, reveal, expire)
  • Timestamps of activities

3. How We Use Your Information

  • To provide and maintain the Service
  • To send email notifications about shared secrets
  • To send one-time passwords (OTPs) for authentication
  • To prevent abuse and ensure security
  • To comply with legal obligations
  • To improve and optimize the Service

4. Data Security

We implement robust security measures to protect your data:

  • All secrets are encrypted using AES-256-GCM encryption
  • Encryption keys are protected using envelope encryption
  • Secrets are permanently deleted after viewing or expiration
  • All data in transit is protected by TLS encryption
  • We never store plaintext secrets or encryption keys together

5. Data Retention

  • Secrets: Deleted immediately after all views are consumed or upon expiration
  • Audit logs: Retained for 90 days for security purposes
  • Account data: Retained as long as your account is active
  • Email addresses: Hashed and stored for delivery tracking

6. Data Sharing

We do not sell, rent, or share your personal information with third parties except:

  • When required by law or legal process
  • To protect our rights, privacy, safety, or property
  • With service providers who help operate our Service (under strict confidentiality)
  • In connection with a merger, acquisition, or sale of assets

7. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Request limitation of processing
  • Right to data portability: Request transfer of your data
  • Right to object: Object to processing of your data

To exercise these rights, contact us at the email address provided below.

8. Cookies

We use essential cookies to maintain your session and security. For more information, see our Cookie Policy.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: Support@dlitsolutions.com