Docs Security Terms Privacy

Privacy Policy

How we handle your data with complete transparency.

Last Updated: May 2026

SecLink is built on a zero-knowledge architecture. This Privacy Policy details the strict limits on what data we collect, why we collect it, and how it is processed to ensure GDPR compliance.

What We Collect

  • Encrypted Secrets: We store the scrambled, encrypted blob of your data. We do not have the decryption key and are technically incapable of reading this data.
  • Access Logs: To prevent abuse and limit rates, we log metadata when a secret is accessed. This includes a cryptographically hashed version of the IP address (irreversible), country data, device type, and the timestamp of access.

What We DON'T Collect

  • Plaintext Secrets: Your unencrypted message never leaves your device.
  • Decryption Keys: The key used to encrypt the data remains only in the URL fragment and is never sent to our servers.
  • Personal Accounts: You do not need to create an account or provide an email address to use the core service.
  • Payment Data: We do not collect or store any billing or payment details (until the release of our paid API tiers, which will be handled by a compliant third-party processor).

Data Retention

We believe data should not outlive its usefulness:

  • Secrets: Automatically and permanently deleted according to the sender's configured expiry settings (e.g., after 1 view, 1 hour, or 7 days).
  • Access Logs: Automatically purged from our systems after 90 days.

Third-Party Subprocessors

We do not sell your data. To operate SecLink securely, we rely on the following trusted infrastructure provider:

  • Upstash: We use Upstash to provide high-performance Redis database hosting for storing our encrypted blobs and ephemeral access logs.

Your Rights (GDPR)

You have the right to request erasure of your data. Due to our zero-knowledge architecture, we cannot search for data by its plaintext contents or author identity. To exercise your right to erasure (i.e., immediate deletion of a secret), simply view the secret yourself to burn it, or report the specific Link ID to our abuse team.

Contact & Jurisdiction

If you have questions about our privacy practices or wish to submit a data request, please contact our Data Protection Officer at privacy@datafort.cloud.

This Privacy Policy is governed by the laws of India. By using SecLink, you consent to the processing of data in accordance with this policy.