Secreta

Privacy Policy

Last updated: April 16, 2026

Introduction

Secreta ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our password management service.

Our service is built on a zero-knowledge architecture, meaning we cannot access your encrypted data. Your master password and encryption keys are never transmitted to or stored on our servers in a form we can read.

Information We Collect

Information You Provide

  • Account Information: Email address and encrypted authentication data when you create an account.
  • Encrypted Vault Data: Your passwords and credentials are encrypted client-side before transmission. We store only encrypted data that we cannot decrypt.
  • Payment Information: If you subscribe to a paid plan, payment details are processed by our third-party payment processor. We do not store full credit card numbers.

Automatically Collected Information

  • Usage Data: We collect anonymized usage statistics to improve our service, such as feature usage patterns and error reports.
  • Device Information: Browser type, operating system, and device identifiers for security and troubleshooting purposes.
  • Log Data: IP addresses, access times, and pages viewed for security monitoring and abuse prevention.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our password management service
  • Process transactions and send related information
  • Send technical notices, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities to improve user experience
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Comply with legal obligations

Zero-Knowledge Architecture

Our service uses client-side encryption with AES-256-GCM. This means:

  • Your master password is never sent to our servers
  • All encryption and decryption happens in your browser
  • We store only encrypted data that we cannot read
  • Even if our servers were compromised, your data would remain encrypted
  • We cannot reset your master password or recover your data if you forget it

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing with third parties.
  • Service Providers: With trusted third parties who assist in operating our service, subject to confidentiality agreements.
  • Legal Requirements: When required by law, subpoena, or government request. Note that due to our encryption, we can only provide encrypted data.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

Data Security

We implement industry-standard security measures to protect your information:

  • AES-256-GCM encryption for all stored credentials
  • PBKDF2 with 100,000 iterations for key derivation
  • TLS encryption for all data in transit
  • Regular security audits and penetration testing
  • Two-factor authentication support
  • Comprehensive audit logging

Data Retention

We retain your encrypted vault data for as long as your account is active. When you delete your account:

  • Your encrypted vault data is permanently deleted within 30 days
  • Anonymized usage statistics may be retained for analytics
  • Audit logs are retained for 90 days for security purposes
  • Backup copies are purged according to our retention schedule

Your Rights

Depending on your location, you may have the following rights:

  • Access and receive a copy of your personal data
  • Rectify inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability (export your data)
  • Withdraw consent at any time

To exercise these rights, please contact us at the email address provided below.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at: