Data we process
- Encrypted secret payload (ciphertext and IV) with expiry and view limits.
- Operational metadata required for security controls like rate limiting.
- Optional analytics events only after consent, with masked page paths.
Privacy and data control
Built for zero-trust secret sharing
VaultLink is designed to reduce exposure by default. Secrets are encrypted in the browser, we store ciphertext only, and decryption material is kept client-side.
Updated February 7, 2026
Data we do not collect
- Plaintext secret contents.
- Secret IDs, URL fragments, key material, tokens, or hashes in analytics payloads.
- Automatic page tracking of unique secret links.
Your controls
- Set expiry and max-view policies per secret at creation time.
- Reject analytics consent to keep analytics storage disabled.
- Use one-time links and short TTLs to reduce data persistence.
Security and compliance posture
Our controls are aligned with data minimization and privacy-by-design principles expected under GDPR and common SOC, PCI, and ISO governance programs. For security reporting or data protection requests, contact us directly.