iKryptiKrypt

Privacy Policy

Last updated: January 2026

Our Commitment to Privacy

iKrypt is built on a zero-knowledge architecture. We do not have access to the plaintext contents of your secrets. Encryption happens in your browser, and the decryption key is never sent to our servers. Your privacy is protected by mathematics, not just policy.

What We Cannot Access

  • Your secrets - All encryption happens in your browser before data reaches our servers
  • Encryption keys - Keys are stored only in URL fragments, which are never sent to servers
  • Decrypted content - We only ever see encrypted ciphertext

What We Store

  • Encrypted ciphertext - The encrypted version of your secret (unreadable without the key)
  • Initialization vector (IV) - Required for decryption, but useless without the key
  • Metadata - Creation time, expiry time, view count, max views
  • Notification email - Only if you opt-in, stored temporarily until secret expires

Data Deletion

Encrypted secrets become inaccessible when:

  • The maximum view count is reached
  • The expiration time passes
  • Whichever comes first

Expired secrets are deleted on a rolling basis. Once deleted, the data is no longer retrievable through the Service.

Analytics

We use lightweight, privacy-focused analytics (Vercel Analytics, Google Analytics, and Microsoft Clarity) to understand aggregate usage. We track:

  • Page views (anonymized)
  • General geographic region
  • Device type and browser

We do not track individual users or link analytics data to specific secrets.

Cookies

iKrypt uses minimal cookies for essential functionality only. We do not use tracking cookies or sell data to third parties.

Rate Limiting

To prevent abuse, we may temporarily store hashed IP addresses for rate limiting. This data is retained only as long as necessary for abuse prevention and is never linked to your secrets.

Email Notifications

If you provide an email for view notifications:

  • We only use it to notify you when your secret is viewed
  • We delete it when the secret expires or is fully viewed
  • We never add you to marketing lists or share your email

Third-Party Services

We use the following third-party services:

  • Firebase/Firestore - Database for storing encrypted secrets
  • Cloudflare - CDN and DDoS protection
  • Resend - Email delivery for notifications
  • Upstash - Rate limiting

Your Rights

Due to our zero-knowledge architecture, we cannot identify which secrets belong to you. If you have concerns about data you've shared, simply let the secret expire or reach its view limit for automatic deletion.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on our website.

Contact

For privacy-related questions, contact us at hello@ikrypt.com