Sekretly

Privacy Policy

Last updated: April 3, 2026

1. Overview

Sekretly ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data. Our core principle is zero-knowledge encryption — we are technically unable to access your secret content.

2. Information We Collect

Account information: When you create an account, we collect your email address and name through our authentication provider, Clerk. This is necessary to identify you and enable the Service.

Encrypted secret data: We store your secrets in encrypted form only. Encryption happens on your device using AES-256-GCM before data is transmitted to our servers. We do not possess your encryption keys and cannot decrypt your data.

Recipient email addresses: We collect the email addresses of your designated recipients so we can notify them when a secret is released.

Usage data: We collect basic usage information such as check-in timestamps and trigger configurations to operate the Service (e.g., determining when to release secrets).

File metadata: If you upload files, we store the encrypted file on Amazon S3 along with the original filename. The file contents are encrypted client-side before upload.

3. What We Cannot Access

Due to our zero-knowledge architecture, we cannot access: the plaintext content of your secrets, your vault password, recipient passwords, or your encryption keys. If you lose your passwords, we cannot recover your data. This is by design — your privacy is guaranteed by mathematics, not policy.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate your identity and manage your account.
  • Evaluate trigger conditions and release secrets to recipients when conditions are met.
  • Send transactional emails (e.g., secret release notifications) to you and your recipients.
  • Respond to your support requests.

5. Cookies

We use essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users.

6. Data Retention

Your encrypted secrets are retained until you delete them or your account is terminated. Account data is retained for as long as your account is active. Upon account deletion, we will remove your data from our systems within a reasonable timeframe. Encrypted files stored on S3 are deleted when the associated secret is deleted.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data (note: encrypted secrets can only be decrypted by you with your passwords).

To exercise these rights, contact us at support@sekretly.com.

8. Data Security

We implement industry-standard security measures to protect your data in transit and at rest. All communications use TLS encryption. Secret content is protected by AES-256-GCM client-side encryption, ensuring that even in the unlikely event of a server breach, your secrets remain unreadable.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance.

10. Contact

If you have questions about this Privacy Policy, please contact us at support@sekretly.com.