Privacy Policy

Last updated: June 2, 2026

A Quick Note

SecureShare is built to encrypt files before upload, but it is not a zero-knowledge service. This policy explains what data the service stores to operate accounts, sharing, rate limiting, and analytics.

What I Collect (and Why)

To keep things running smoothly, here's what I collect:

  • Google Account Info:your name, email address, profile image, and authentication records needed to let you sign in and manage your account.
  • Encrypted Account Key Material:for signed-in accounts, the service stores your public key, encrypted private key, key-wrapping salt/IV values, and related metadata required to reopen your account locally.
  • File And Share Metadata:encrypted file names, encrypted shared file names, file sizes, expiry times, share IDs, download counters, and related upload or share records.
  • Session And Security Data:session IDs, IP addresses, and user-agent level data used for login sessions, abuse prevention, and rate limiting.
  • Trial Share Verification Data:when you create a no-account share, the service stores a hash of the share passphrase so recipients can be verified.
  • Analytics And Cookies:SecureShare uses cookies for authentication and includes Google Analytics for site usage measurement.

What SecureShare Does Not Store In Raw Form

The service is designed so it does not store:

  • Raw account passphrases.
  • Raw private keys for signed-in accounts.
  • Plaintext file contents as part of normal storage.
  • Your browsing activity outside SecureShare.

How Your Info Is Used

Only to make the app work — no funny business. Specifically:

  • Run account login, session management, and passphrase flows
  • Store encrypted uploads and protected shares
  • Enforce upload, download, and abuse-prevention limits
  • Measure site usage and improve the product over time
  • Handle support, debugging, and security issues

Do I Share Your Data?

SecureShare does not sell personal data. Data is shared only with infrastructure and service providers needed to run the app, such as authentication, hosting, storage, email, and analytics.

How Long Is Data Stored?

Account uploads and shares remain until deleted or expired under the product rules in effect. Session, rate-limit, and analytics data are retained for operational and security purposes for as long as reasonably needed.

Your Rights

You can reach out any time to:

  • Access or update your account info
  • Delete your account or uploaded files
  • Ask what account data SecureShare stores about you

A public privacy contact email is not available yet. Until one is published, raise questions or issues through the GitHub repository.

Security Stuff

Files are encrypted before upload, and signed-in account keys are stored only in encrypted form. The service still stores encrypted payloads and metadata, so privacy depends on both the client-side encryption design and the server infrastructure remaining sound.

Changes?

If anything changes in how SecureShare handles data, this page will be updated with the new policy and date.

Let's Talk

Until a public privacy email is published, use GitHub issues for questions, bug reports, or policy concerns.