Privacy

To provide you with our secret service, we store your email address, public key, and in-transit messages on our server.

✓ We never receive, store or ask you to send your encryption or signing keys
✓ In-transit secrets are encrypted on the client — we cannot decrypt them
✓ Secrets auto-expire after 4-72 hours depending on plan, unless otherwise specified.
✓ No tracking cookies on this website
✓ The client sends minimal, anonymous telemetry (which can be disabled).
✓ 100% of our funding comes from private server sales — we don't sell or provide data to third parties, other than to directly provide this service (e.g. your data transits our hosting provider)

Telemetry

The client sends minimal telemetry before it completes, to help monitor performance. This can be disabled with `secrt set telemetry=false`.

Telemetry includes operating build ID, system and CPU type, the subcommand name (without parameters), total, user and system time (rounded to milliseconds), and the exit code:


                 {
                  "buildId": "test.sh",
                  "goos": "darwin",
                  "goarch": "arm64",
                  "command": "ls",
                  "elapsedMs": 5,
                  "utimeMs": 4,
                  "stimeMs": 3,
                  "exitCode": 0
                }

You can view the complete set of JSON messages exchanged with the server by setting export SECRT_DEBUG_JSON=true

Stored Data and Legal Access

• To provide the service, we store your email address, public keys, encrypted messages, and anonymous access/error logs
• Server and telemetry logs may include IP addresses, timestamps, payload sizes, and API URLs. Identifying information is never logged and we take care to avoid sending or storing data that could be used for fingerprinting.
• If you purchase a private server, we store the name and email address and financial transactions used to make the purchase. We may contact you regarding your purchase, new features, deprecations, or other service-related information
• If you sign up for our newsletter, we'll send you updates to the secrt command and to our services. We will not provide your details to any third party except as needed to provide our service.
• If necessary, we will comply with lawful requests for logs and other data, but your messages can't be decrypted without your private key.

Remember that the secrets you send are only as private as the person receiving them.

Questions? Contact privacy@secrt.io