Privacy Policy

LAST UPDATED: MARCH 2026

Welcome to ZeroKey. Your privacy isn't just a feature of our service; it is the entire foundation. This policy explains what minimal data we collect and how we ensure your sensitive payloads remain completely unreadable to anyone but the intended recipient.

1. Zero-Knowledge Architecture

ZeroKey operates on a strict end-to-end encrypted (E2EE), zero-knowledge model.

  • Your Payloads: All text and media files are encrypted locally on your device using AES-GCM encryption before they are ever sent to our servers.
  • Your Keys: We do not generate, store, or have access to your decryption keys. The key is generated locally and embedded in the URL fragment, which standard web browsers never transmit over the network.
  • The Result: We physically cannot read, scan, or monetize the contents of your messages or files. To us, your data is just random mathematical noise.

2. Data Retention & Destruction

  • Burn-After-Reading: The exact moment a secure link is successfully opened and decrypted by the recipient, the encrypted text and associated media blobs are permanently and automatically deleted from our PostgreSQL database and storage buckets.
  • No Backups: We do not keep historical backups of deleted payloads. Once a message is burned, it is permanently wiped from the server hardware.

3. Analytics & Tracking

We believe in absolute minimal data collection. We do not use invasive tracking scripts, canvas fingerprinting, WebGL hardware rendering checks, or IP logging to monitor your behavior.

  • Google Analytics: We utilize Google Analytics strictly to monitor basic, anonymized website traffic (e.g., total daily visitors and general page views). This helps us maintain server capacity and ensure the site remains online.
  • No Identity Linking: We do not use this analytics data to track individual user journeys or link identities to specific encrypted payloads.

4. Law Enforcement

Because we utilize true end-to-end encryption and fundamentally do not possess the decryption keys, we cannot provide the plaintext contents of any message or file to law enforcement, government agencies, or third parties, even if legally compelled by subpoena to do so. We can only turn over the encrypted, unreadable blobs currently resting on the server, which are useless without the URL hash key.