Client-side encryption protects your content: links, notes, files, photos, collections, vault passwords, and OTP secrets are encrypted before they leave your device. The server stores ciphertext plus minimal metadata (timestamps, sizes, quotas).

Non-E2EE data (email, billing metadata, login 2FA secrets for this service) stays encrypted at rest with server-side keys and always travels over TLS. We avoid third-party scripts in the app surface to keep the crypto context clean.

Cookies: we only set essential cookies for authentication/session continuity and UI preferences (e.g., theme). We do not set analytics, marketing, or cross-site tracking cookies. If this changes, we will ask for consent before setting any non-essential cookies.

Analytics/metrics: we currently rely on backend-only operational and security logs (e.g., auth events counts, API error rates, rate-limit triggers) without client-side trackers. Data is aggregated, access-controlled, and retained only as long as needed for security and reliability.

This page is a living draft; the formal legal policy will replace it before production launch.