Privacy Policy

Last updated: December 2025

The Short Version

We collect minimal data to run the service. Your secrets are encrypted on your device — we can't read them. We don't sell your data.

What We Collect

Data	Why
Email address	Account identification, billing, service updates
Public keys	Encryption (so your team can encrypt secrets for you)
Encrypted secrets	That's the service — but we can't decrypt them
Audit logs	Who accessed what, when (for your security)
Payment info	Processed by Stripe — we don't store card numbers
IP addresses	Audit logs, abuse prevention
Usage analytics	Product improvement (via PostHog — no ads, no data sales)

What We Don't Collect

• Your decrypted secrets (we can't — encryption is client-side)
• Your private keys (they never leave your device)
• Third-party ad trackers or data brokers

How We Use Your Data

• To provide and maintain the service
• To process payments
• To send service-related emails (not marketing)
• To respond to support requests

Who We Share Data With

• Stripe — payment processing
• Infrastructure providers — hosting (they see encrypted data only)
• Law enforcement — only if legally compelled (and even then, we can't decrypt your secrets)

We don't sell your data. Ever.

Data Retention

We keep your data while your account is active. If you delete your account, we remove your data within 30 days, except where we're legally required to retain it.

Your Rights

You can:

• Export your data
• Delete your account
• Request information about what we store

Security

Your secrets are encrypted with AES-256-GCM before they reach our servers. We use TLS for all connections. We can't decrypt your data even if we wanted to.

Changes

We'll notify you of significant privacy policy changes via email.

Contact

Privacy questions? Email us at hello@getenvv.com