Privacy Policy

Everything you put into your vault — passwords, account details, assets, documents, and final wishes — is encrypted on your own device before it ever reaches our servers. We hold only encrypted blobs and have no key to open them. This is what “zero-knowledge” means: even if we wanted to, and even if we were compelled to, we could not read your vault contents.

ShareMyVault (“ShareMyVault,” “we,” “us,” or “our”) provides an encrypted vault for storing sensitive personal, financial, and digital information. For any privacy question, or to exercise the rights described below, contact us at yashdedhia1214@gmail.com.

The contents of your vault are end-to-end encrypted using keys derived from your password and 24-word recovery phrase. Those keys never leave your device and are never sent to us. As a result, we have no ability to read, recover, decrypt, hand over, or reset:

• Your vault password or your 24-word recovery phrase.
• Any passwords, account credentials, or financial details you store.
• Documents, asset records, beneficiary information, or end-of-life wishes.
• Any other content you save inside your vault.

If you lose both your password and your recovery phrase, your data is permanently unrecoverable. We cannot restore it, because we never had the keys.

To operate the service, we process a limited set of data:

• Account information — your email address, used to create your account, authenticate you, and send essential service communications.
• Encrypted vault data — stored only as ciphertext, alongside non-sensitive metadata (such as an item’s type) needed to display your vault.
• Security and audit logs — limited, append-only records of key events (such as sign-ins and vault changes) to help protect your account.
• Technical data — standard information such as IP address, browser type, and timestamps, processed to deliver and secure the service.
• Preferences — your acceptance of our terms and your marketing-communications choice, recorded when you create your account.

• To create and maintain your account and authenticate you.
• To store and sync your encrypted vault across your sessions.
• To secure the service, detect abuse, and investigate security incidents.
• To send essential service messages (for example, security and account notices).
• To comply with legal obligations.

We do not sell your personal information, and we do not use your vault contents for advertising or profiling — we cannot, because they are encrypted.

We use Google Analytics to understand, in aggregate, how visitors use our website — for example, which pages are read and roughly where visitors come from. Google Analytics sets cookies and processes technical data such as your IP address and browser information on our behalf. It never sees the contents of your vault, which exist only as ciphertext.

On our marketplace pages we count clicks on professional listings (which listing, which action, and when). These counts are anonymous by design: they include no account identifier, no IP address, and no cookies.

When you create an account, you choose whether to receive marketing emails from us (such as product updates and tips). This is entirely optional, is never pre-selected, and does not affect the service you receive. You can withdraw your consent at any time using the unsubscribe link in any marketing email or by contacting us. Essential service messages — security notices, account and billing emails, and invitations you ask us to send — are not marketing and are sent regardless of this choice.

If you redeem a referral, invite, or discount code, we record the redemption (which code, your account, and — for paid plans — the amount paid) so we can apply your benefit and, where a code belongs to a referrer, calculate their commission. Payments themselves are processed by Stripe; we never see or store your card details.

We rely on trusted infrastructure providers to operate ShareMyVault, including hosting and authentication services (for example, our database and authentication provider). These providers process data on our behalf under contractual confidentiality and security obligations, and only ever receive encrypted vault contents — never your keys.

We retain your account information and encrypted vault data for as long as your account is active. You may delete your account at any time; when you do, we delete your encrypted vault data and account information, subject to limited retention required for legal, security, or backup purposes. Because we cannot decrypt your data, any residual backups contain only unreadable ciphertext.

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Because your vault contents are encrypted and only you can read them, you already hold direct access to that data inside the app. To exercise rights over the account information we hold, contact us at yashdedhia1214@gmail.com.

Vault contents are encrypted with AES-256-GCM using keys derived from your password (via Argon2id) and your recovery phrase, all within your browser. Access to stored data is governed by row-level security scoped to your account. No system is perfectly secure, but our architecture is designed so that a breach of our servers would expose only encrypted data and no keys.

ShareMyVault is not directed to children under 16, and we do not knowingly collect personal information from them.

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of ShareMyVault after an update means you accept the revised policy.

Questions about your privacy? Email yashdedhia1214@gmail.com.