Privacy is one of the key principles behind SendCrypted. And as such, we are committed to protecting your privacy. This policy will outlines the data we collect, or rather don't collect.

This policy is occasionally reviewed and updated as we see fit.

What metadata do we collect?

SendCrypted does not collect or store any metadata associated with the use of our service.

Can SendCrypted view/recover my secret information?

No. The encryption key is generated in your browser and all secret data is encrypted in your browser, the key is never sent to the server.

Is my encrypted data used for any purpose by SendCrypt?

SendCrypted does not use your encrypted data for any reason. Once a secret is read or the expiration is reached, all data is purged from the database.

Are there any potential security risks?

The largest potential security risks would be:

1. Local malware that compromises the client machine.
2. A man-in-the-middle-attack (MITM), where the client is served malicious JavaScript by and attacker.
3. A compromised server that serves altered JavaScript. (If the server is compromised, all data in the data base is protected by AES256 encryption.)

To be extra cautious, data can be encrypted prior to sharing and the keys can be shared via a separate method. You are also free to view any of the the page source to verify the claims made.