SecureShare

Privacy Notes

Privacy is the core design goal.

At SecureShare, privacy is the design goal. The planned zero-knowledge architecture should mean we cannot access share plaintext or decryption keysonce the encrypted sharing workflow is implemented and tested.

Last updated:

TL;DR: This repository is a frontend shell for a planned zero-knowledge sharing workflow. Do not treat it as production privacy behavior yet.

Intended Privacy Model

Three product goals that still need implementation and tests

Keep Plaintext Out of Server Custody

The planned workflow encrypts in the browser before data reaches the server.

Short-Lived Storage

Deletion after viewing, expiration, or manual action is planned but not implemented yet.

Minimal Data Use

Data resale and marketing use are not implemented, and any future analytics should follow the project's sensitive-data rules.

What We Collect (And Don't)

Transparency about data practices is non-negotiable

Information We Collect

  • Encrypted content blobsPlanned encrypted storage, not implemented yet
  • Account email (registered users)For authentication and notifications only
  • Share metadataCreation time, expiration settings (not content)
  • Basic analyticsAnalytics are not implemented yet.

What We Never Collect

  • Unencrypted content, the planned workflow encrypts before upload
  • Encryption keys, the planned workflow keeps keys client-side
  • Passwords you share, planned handling is ciphertext-only server storage
  • IP addresses for tracking, access logging is not implemented yet

Data Retention & Deletion

Your data should have a defined lifespan by design

Shared Content

Encrypted content deletion after viewing, expiration, or view-limit exhaustion is planned but not implemented yet.

Account Data

Account storage and deletion are not implemented yet.

Server Logs

Production server logging policy is not implemented yet. Project rules prohibit logging share content, passwords, private keys, request bodies, and other sensitive user-provided data.

Analytics Data

Analytics are not implemented yet.

Cookies & Local Storage

Minimal Cookie Usage

The planned production app should use cookies sparingly and only for essential functionality:

  • Session cookies, to keep you logged in once account authentication is implemented
  • No third-party tracking cookies, we should not use advertising or cross-site tracking

Important Notice

Under the planned zero-knowledge architecture, there are some things the service should not be able to do:

  • Recover share plaintext if you lose access to the decryption key
  • Decrypt share content without the browser-held key
  • Reconstruct deleted share plaintext

This still requires implementation, review, and tests before it can be treated as a production guarantee.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we'll notify you through the site. We encourage you to review this page periodically.

Continued use of SecureShare after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, we're here to help:

Contact form