Privacy Policy

Last Updated: August 20, 2025

1. General Provisions

At Enqrypted ('website'), user privacy, absolute confidentiality, and a zero-knowledge, no-log architecture are fundamental principles. We operate under a true zero-knowledge model. We cannot and do not store personal information, message content, metadata, or encryption keys on our servers. All cryptographic operations run entirely client-side in your browser.

Critical Security Notice: Share QR codes, links, and passwords only via secure, separate channels (never through the same communication method). Enqrypted cannot be held responsible for security incidents arising from improper sharing practices.

2. Information We Collect

Personal Data: NONE

Enqrypted does not request, collect, store, or retain any personal information including: names, emails, phone numbers; IP addresses or location data; device identifiers or browser fingerprints; account credentials or user profiles; message content, file content, or metadata; timestamps, recipient information, or communication patterns.

Technical Data: Minimal & Anonymous Only

We may collect fully anonymized, aggregate metrics solely for: system uptime monitoring; performance optimization; basic traffic statistics (total requests, not individual sessions).

No personally identifiable information or message/file metadata is ever included in any analytics.

3. Cookies and Similar Technologies

We use minimal, anonymous cookies strictly for: Essential website functionality (including secure user authentication and CSRF token protection); anonymous, aggregate analytics (no personal data).

We never store: message content, passwords, encryption keys, or any personal information in cookies. Authentication data and security tokens are stored using secure, industry-standard practices.

4. Purpose of Data Use

Our limited data processing serves only to: maintain system performance and reliability; prevent abuse and ensure service availability; generate anonymized traffic statistics.

We explicitly do not: record, store, or log personal data, message contents, or file contents; share any information with third parties; maintain application logs or access logs; track individual user behavior or create user profiles.

5. Security & Cryptography

Zero-Knowledge Architecture

All encryption/decryption happens locally in your browser. We never possess plaintext data, derived keys, or passwords.

Cryptographic Specifications

Key Derivation: Argon2id: Time cost (t): 3 iterations; Memory cost (m): 256 MB; Parallelism: Adaptively selected per device; Unique, cryptographically secure random salt per secret/password
Authenticated Encryption: XChaCha20-Poly1305 (AEAD): Unique 24-byte nonce per encryption; 128-bit authentication tag for tamper detection; 256-bit symmetric keys derived client-side
Randomness: All nonces and salts generated using cryptographically secure PRNG (Web Crypto API)

Security Guarantees

Through our zero-knowledge architecture and strong encryption mechanisms, it is mathematically impossible to decrypt your data without the required key. Encryption keys are generated entirely by you and exist only in your possession and with the person you share the message with. No one, including us, can read your data without access to these keys.

6. User Responsibilities

Safeguard and transmit QR codes, links, and passwords via secure, separate channels; Use strong, unique passwords - lost passwords cannot be recovered; Understand that expired or single-use links become permanently inaccessible; Maintain good operational security practices on your devices.

Your overall security depends on these practices beyond our platform's technical protections.

7. Payments (Cryptocurrency / No KYC)

Cryptocurrency payments are accepted via Coinbase Commerce without KYC requirements; No collection of billing names, card details, or government IDs; No association of wallet addresses with user identities.

Note: Blockchain transactions are publicly visible by nature. While Coinbase Commerce processes payments, it does not require KYC information. Review your wallet provider's privacy practices for additional protection.

8. Third-Party Service Providers

Limited to anonymized, aggregate analytics for uptime/performance monitoring. No user content, passwords, keys, metadata, or personally identifiable information is ever shared

We explicitly do not use: advertising networks or tracking pixels; retargeting or behavioral analytics; third-party marketing platforms; social media integrations with tracking.

9. Data Retention & Deletion

All data (messages, files, keys, salts, nonces) exists only temporarily during client-side operations; Data is destroyed from memory/storage immediately after cryptographic operations complete; Zero server-side storage - no backups, logs, or copies maintained; No data recovery possible once deleted.

This is a feature, not a limitation - ensuring true digital privacy.

10. Legal Compliance

Government Requests: Due to our zero-knowledge architecture, we cannot comply with data requests for user content because we do not possess any user data to provide.

11. Disclaimer & Limitations

Platform Limitations: While Enqrypted provides military-grade, zero-knowledge encryption, overall security also depends on: user password strength and device security; secure sharing practices for access credentials; protection against social engineering attacks.

Liability: Enqrypted cannot be held liable for security breaches arising from insecure handling practices outside our platform's technical controls.

12. Changes to This Policy

Significant changes will be published here with an updated 'Last Updated' date; Major policy changes will be announced prominently on the website; We recommend reviewing this policy periodically.

13. Contact & Transparency

Questions or Concerns:

Our Commitment:

We value complete transparency about our privacy practices and your absolute digital privacy. This policy reflects our genuine technical capabilities and limitations. We believe in honest privacy, not privacy theater.