🔐 SendSecure

Privacy Policy

Effective date: 2026

At SendSecure, your privacy is the primary design goal. This Privacy Policy explains what data we handle, how it’s protected, and what we do (and do not) log or track.

Zero-Knowledge Design

SendSecure is designed as a zero-knowledge platform. We never have access to your plaintext messages, your password, or the decrypted contents of any attached file. Encryption and decryption occur in your browser.

What We Store

The only data stored on our servers is the minimum required to deliver the service:

• Encrypted messages (ciphertext only).
• Encrypted file blobs, if you attach a file (maximum 25 MB).
• Random salts and initialization vectors (IVs) needed for client-side decryption.
• Basic metadata such as creation time and expiry time.

Your password is never transmitted to us and is not stored anywhere on our servers. Without your password, stored content remains cryptographically unreadable.

How Your Data Is Protected

• Encryption and decryption happen entirely in your browser using the WebCrypto API plus a browser-side Argon2id implementation for key derivation.
• Messages and files are encrypted using AES-GCM with 256-bit keys.
• Encryption keys are derived from your password using Argon2id, a modern, memory-hard key derivation function designed to resist GPU/ASIC cracking attempts.
• Each message and each file encryption uses its own unique, randomly generated salt and IV, ensuring identical content does not produce identical ciphertext.
• After a message (and any attached file) is successfully decrypted, the stored encrypted content is permanently deleted from our servers.
• If never accessed, encrypted data is automatically deleted after its configured expiry (1 to 7 days, depending on your selection).

Cookies and Tracking

SendSecure does not use advertising cookies, analytics trackers, or third-party marketing scripts. We do not track you across sites, build user profiles, or sell behavioral data.

Third-Party Disclosure

We do not sell, rent, or share your encrypted content with third parties. There are no integrations with advertisers, social networks, or analytics providers.

Data Security

SendSecure follows best practices for secure transport and handling. Even in the unlikely event of a server compromise, any stored message or file would remain cryptographically unreadable without the user’s password.

Your Consent

By using SendSecure, you agree to this Privacy Policy. If changes are made, they will be reflected on this page along with an updated effective date.

Contact

If you have questions about this Privacy Policy or about SendSecure in general, contact:
[email protected]