TL;DR: We can't read your files. Your data is encrypted before it reaches us. We collect minimal metadata. We don't sell data. We're committed to your privacy.
At PrivVault, privacy isn't just a feature—it's our foundation. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
1.1 Information You Cannot Hide From Us
Due to the nature of internet technology, some information is necessarily visible to us:
- Account Information: Email address (if you create an account), payment information (processed by third-party processors)
- File Metadata: File size, upload time, file type (but NOT file names or contents)
- Usage Data: Storage usage, bandwidth consumption, number of files
- Technical Data: IP address, browser type, device type (for service delivery and security)
1.2 Information We CANNOT See
Thanks to zero-knowledge encryption, we cannot access:
- File Contents: The actual data inside your files
- File Names: What you name your files
- Folder Structure: How you organize your files
- Encryption Keys: Your password and encryption keys never leave your device
Important: We mathematically cannot decrypt your files. Even if compelled by law, we cannot provide plaintext access to your data.
2. How We Use Your Information
We use the minimal information we collect for:
2.1 Service Delivery
- Storing and retrieving your encrypted files
- Calculating storage usage for billing
- Optimizing file delivery and sync performance
- Managing your account and subscription
2.2 Service Improvement
- Analyzing aggregate usage patterns (not individual behavior)
- Identifying and fixing technical issues
- Developing new features based on general usage trends
2.3 Security and Fraud Prevention
- Detecting and preventing abuse of the service
- Protecting against DDoS attacks
- Identifying potentially fraudulent payment activities
2.4 Legal Compliance
- Responding to valid legal requests (we provide only metadata, never file contents)
- Complying with data protection regulations
3. Our Zero-Knowledge Encryption
Zero-knowledge encryption means we have zero knowledge of your data:
3.1 How It Works
- Client-Side Encryption: Files are encrypted in your browser/app before upload
- Key Derivation: Your password derives encryption keys using Argon2id (memory-hard algorithm)
- No Key Storage: We never receive, store, or have access to your encryption keys
- Post-Quantum Layer: Additional Kyber-768 encryption for future-proofing
3.2 What This Means for You
- Pro: Your data is completely private, even from us
- Pro: No one can compel us to decrypt your files
- Con: If you lose your password, we cannot recover your files
4. Data Sharing and Disclosure
4.1 We Do NOT Sell Your Data
We do not and will never sell, rent, or trade your personal information or metadata to third parties for marketing purposes. Period.
4.2 Service Providers
We share minimal data with trusted service providers:
- Payment Processors: Stripe for card payments (they handle payment info, we never see card numbers)
- Infrastructure Providers: Server hosting providers store encrypted files (they cannot decrypt them)
- Email Service: For account-related emails only (you can opt out of marketing emails)
4.3 Legal Requirements
We may disclose metadata (not file contents) if required by valid legal process:
- Valid court orders or subpoenas
- Situations involving imminent danger to life or safety
- Enforcement of our Terms of Service
We publish transparency reports detailing legal requests. We challenge overbroad requests and notify users when legally permitted.
5. Your Privacy Rights
5.1 Access and Portability
- Download all your files anytime
- Export your account data
- View your storage usage and metadata
5.2 Deletion Rights
- Delete individual files at any time
- Delete your entire account and all associated data
- Request deletion of metadata (some may be required for legal/billing purposes)
5.3 GDPR Rights (EU Users)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
5.4 CCPA Rights (California Users)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we don't sell, but the right exists)
- Right to non-discrimination for exercising privacy rights
6. Data Retention
- Active Accounts: We retain your encrypted files as long as your account is active
- Free Accounts: Files deleted after 30 days of inactivity
- Paid Accounts: Files retained permanently unless deleted by you
- Deleted Files: Permanently removed from all servers within 30 days
- Account Closure: All data deleted within 30 days of account deletion request
7. International Data Transfers
Your encrypted data may be stored in multiple jurisdictions based on your settings. You can choose specific regions or let our AI optimize placement. All transfers comply with applicable data protection laws.
8. Children's Privacy
PrivVault is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy. We'll notify you of significant changes via email or prominent notice in the app. Continued use after changes constitutes acceptance.
10. Security Measures
- Zero-knowledge encryption (AES-256-GCM + Kyber-768)
- Regular security audits by independent firms
- Bug bounty program for responsible disclosure
- Encrypted data transmission (TLS 1.3)
- Multi-factor authentication option
- DDoS protection and intrusion detection