Welcome to sharesecure.ly ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your information when you use our secure messaging service.

sharesecure.ly is operated from the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The data controller for your personal information is sharesecure.ly, operated from the United Kingdom.

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@sharesecure.ly

3.1 Information You Provide

• Email addresses: Only when you opt-in to receive notifications when your shared secrets are viewed
• Encrypted content: Your messages are encrypted in your browser before transmission and stored encrypted on our servers

3.2 Information We Automatically Collect

• Technical data: IP addresses, browser type, device information (for security and service improvement)
• Usage data: When secrets are created, viewed, or deleted (without access to content)
• Cookies: Essential cookies for website functionality and theme preferences

3.3 Information We Cannot Access

We use your information for the following purposes:

• Service provision: To store and deliver your encrypted messages
• Security: To protect against abuse and ensure service security
• Notifications: To send email alerts when your secrets are viewed (only if requested)
• Legal compliance: To comply with applicable laws and regulations
• Service improvement: To analyze usage patterns and improve our service (in aggregate, anonymized form)

Under UK GDPR, we process your personal data based on:

• Contractual necessity: To provide the secure messaging service you've requested
• Legitimate interests: For security, fraud prevention, and service improvement
• Consent: For email notifications (you can withdraw consent at any time)
• Legal obligation: To comply with applicable laws

We do not sell, trade, or rent your personal information. We may share information only in these limited circumstances:

• Service providers: Trusted third parties who help us operate our service (email delivery, hosting)
• Legal requirements: When required by law, court order, or government request
• Safety: To protect the rights, property, or safety of our users or others

Important: Even in these cases, we cannot share the content of your messages as they are encrypted with keys we don't possess.

• Secret messages: Automatically deleted based on your chosen expiration settings (time-based or view-based)
• Email addresses: Deleted when the associated secret is deleted
• Technical logs: Retained for up to 12 months for security and service improvement
• Account data: If we implement user accounts, data retained until account deletion

You have the following rights regarding your personal data:

• Right of access: Request information about what personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Request transfer of your data in a structured format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for email notifications at any time

To exercise these rights, contact us at privacy@sharesecure.ly

We implement industry-standard security measures:

• End-to-end encryption: AES-256-GCM encryption performed in your browser
• Zero-knowledge architecture: We cannot access your message content
• Secure transmission: All data transmitted over HTTPS
• Access controls: Strict access controls to our systems and data
• Regular security reviews: Ongoing security assessments and improvements

Our primary servers are located in the UK. If we use service providers outside the UK, we ensure appropriate safeguards are in place, including:

• Adequacy decisions from the UK government
• Standard contractual clauses approved by UK authorities
• Other appropriate safeguards as required by UK GDPR

We use cookies for:

• Essential cookies: Required for website functionality
• Preference cookies: Remember your theme and language preferences
• Analytics cookies: Understand how you use our service (anonymized)

You can control cookies through your browser settings.

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority: https://ico.org.uk