Sekretosekre.to
Sekreto

Privacy Policy

Welcome to our secret-sharing service. Your privacy is the foundation of this platform. This policy outlines our practices and our commitment to protecting your data. Our core philosophy is simple: we can't share or expose what we don't have.

Our "Zero-Knowledge" Commitment

This service is built on a zero-knowledge architecture. This means we have intentionally designed the system so that we, the service operators, cannot read the content of your secrets. All encryption and decryption happen directly on your device, and the encryption keys are never sent to our servers.

Information We Collect

We collect the absolute minimum information necessary to provide this service.

What We Store in Our Database:

  • The Encrypted Secret Data: Encrypted in your browser, only the scrambled version is stored.
  • Expiration Rules: Time limits and view counts you set.
  • Required Decryption Values: IV and Salt (non-sensitive values needed by the encryption algorithm).
  • Key Verification Hash: A fingerprint of the keys used to detect link tampering (not reversible).

Information We DO NOT Collect or Store:

  • Your Plaintext Secret
  • Your Passphrase
  • Your Encryption Keys
  • Personal Information: No accounts, names, or emails are required or collected.

Secure and Abuse Prevention

To maintain the security and reliability of our service, we implement industry-standard abuse prevention measures. As part of this, we may temporarily process and store your IP address solely for the purpose of enforcing rate limits and preventing automated abuse (such as spam or denial-of-service attacks).

  • Purpose: IP addresses are used only to detect and limit excessive or suspicious activity.
  • No Tracking: These IP addresses are never used for analytics, profiling, or advertising, and are not linked to your secrets or any personal information.
  • Retention: IP addresses are retained only as long as necessary to enforce rate limits and are automatically deleted or expire after a short period.

This approach helps us protect the platform and its users while maintaining our commitment to privacy and zero-knowledge principles.

How We Use Your Information

The limited, non-sensitive data we collect is used only to:

  • Provide the service: Serve the encrypted secret to recipients with valid links.
  • Enforce expiration: Automatically delete secrets after the view or time limits are reached.

We do not use your information for advertising, analytics, or any other secondary purpose.

Data Deletion

Your encrypted data is permanently deleted from our servers when:

  • The view limit is reached.
  • The time limit expires.
  • The recipient deletes the secret after viewing.
  • You delete the secret using your private deletion link.

Once deleted, the data is gone permanently and cannot be recovered.

Cookies

We do not use tracking or advertising cookies. Only essential cookies may be used to maintain secure sessions and basic functionality.

Third-Party Services

We host our infrastructure using trusted providers like Supabase. We choose these platforms based on their security reputation and commitment to user privacy.

Changes to This Privacy Policy

We may update this policy over time. Any changes will be posted on this page. Please review this policy periodically to stay informed.

Contact Us

If you have any questions about this Privacy Policy, please don't hesitate to contact us at admin[at]sekre[dot]to.

Last updated: June 22, 2025