Privacy Policy for CipherSend.link

Quick Summary: CipherSend.link is designed for privacy. We never see your secrets, don’t require accounts, and only collect minimal technical data to keep the service running and secure. Google Analytics is used for aggregate, anonymous usage stats. You can opt out.

Privacy Policy for CipherSend.link

Last Updated: December 3, 2025

1. Introduction

At CipherSend.link ("we," "us," or "our"), your privacy and security are our top priorities. This Privacy Policy explains what information we collect, how we use it, and your rights as a user. Our service is anonymous and ephemeral by design: we collect only what is strictly necessary to operate and protect the service.

2. How CipherSend.link Protects Your Privacy ("Zero-Knowledge" Design)

• Client-Side Encryption: Your secret is encrypted in your browser before it ever leaves your device.
• We Never See Your Secrets: The decryption key is embedded in the link you share. We never receive or store this key, so we cannot decrypt your data.
• What We Store: Only the encrypted data blob, which is meaningless to us and anyone else without the key.

3. Information We Collect

A. Information You Submit (The Secret)

We collect the encrypted text you submit. As stated above, this is stored in a format that makes it impossible for us to read.

B. Usage Data & Server Logs

When you use CipherSend.link, our servers automatically log basic technical information to keep the service secure and reliable. This may include:

• IP Addresses: Used for security (e.g., DDoS protection, abuse prevention), rotated or anonymized regularly.
• Browser Type & Version: To ensure compatibility and troubleshoot issues.
• Access Times: To enforce secret expiration and monitor for abuse.

C. No Personal Identification

We do not require or collect user accounts, email addresses, names, or passwords. We never attempt to link technical data to your identity.

4. How We Use Your Information

We use the minimal information we collect only to:

1. Provide the Service: Temporarily store encrypted data so it can be retrieved by the recipient.
2. Enforce Expiration: Automatically delete secrets after they are viewed or after 24 hours.
3. Security & Abuse Prevention: Monitor for spam, botnets, and other abuse.

We never sell, trade, or rent your data to anyone.

5. Cookies and Local Storage

5.1 Essential Local Storage We use your browser's Local Storage or Session Storage only to perform encryption and decryption. This data never leaves your device.

5.2 Analytics

We use Google Analytics to understand how people use CipherSend.link. Google Analytics collects only aggregate, anonymized usage data (such as page views, device/browser type, and general location). This data is never linked to your secrets or identity.

Your Choices:

• You can opt out of Google Analytics by enabling "Do Not Track" in your browser or using browser extensions that block analytics scripts.
• Learn more: How Google uses data

6. Data Retention and Deletion

Our data retention policy is strict and automated:

• Upon Viewing: When a secret is viewed, it is immediately and permanently deleted from our servers.
• Time Expiration: If not viewed, it is deleted 24 hours after creation.
• Backups: Active secrets are excluded from long-term backups to prevent "ghost" data from remaining after deletion.

7. Third-Party Service Providers

We may use trusted third-party companies to help us run CipherSend.link (e.g., hosting providers like AWS, Vercel, or DigitalOcean). These providers may have access to server logs (such as IP addresses) for infrastructure management, but they cannot decrypt your secrets.

• Hosting Provider: Vercel

8. Disclosure to Law Enforcement

If we are compelled by a valid legal order (e.g., a subpoena or court order) to disclose data:

1. We will comply with the law.
2. However, because of our Zero-Knowledge architecture, we can only provide the encrypted blob. We cannot provide the decrypted content because we do not possess the key or any way to access it.

9. International Data Transfers

Your information, including IP addresses, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. By using the Service, you consent to this transfer.

10. Children's Privacy

Our Service is not intended for anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected such data, we will promptly delete it.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Contact Us

Your Rights:

• You can contact us at any time to ask about your data, request deletion, or raise privacy concerns.

If you have any questions about this Privacy Policy, please contact us:

• By email: contact@ciphersend.link