Privacy Policy

Last updated: January 2025

At SecretLinker, we are committed to protecting your privacy and ensuring the security of your sensitive information. This Privacy Policy explains how our one time secret sharing platform handles your data when you use our services.

Our Privacy Commitment

SecretLinker is built on the principle of zero-knowledge security. We cannot and do not read, store, or access the content of your one time secret messages. Your privacy is not just a policy for us—it's built into the core architecture of our platform.

Information We Collect

Information You Provide

When you use our one time secret website, you provide:

• Secret Content: The sensitive information you want to share (encrypted before storage)
• Configuration Settings: Expiration time, access limits, and optional password protection

Information We Don't Collect

We deliberately do NOT collect:

• Personal identification information
• Email addresses or contact information
• User accounts or registration data
• IP addresses or location data
• Browser fingerprints or tracking cookies
• Access logs or usage analytics

How We Handle Your Data

Encryption

All one time secret content is encrypted before it reaches our servers. We use industry-standard encryption methods to ensure that even if someone gained unauthorized access to our systems, your data would remain unreadable.

Automatic Deletion

Your secrets are automatically and permanently deleted when:

• The secret is viewed for the first time (or reaches the access limit)
• The expiration time is reached
• The maximum storage time is exceeded

No Permanent Storage

We do not create backups, copies, or archives of your one time secret links. Once deleted, your data is gone forever and cannot be recovered by anyone, including our administrators.

Data Security

Technical Safeguards

We implement multiple layers of security to protect your one time secret share:

• Encryption in Transit: All data is transmitted over secure HTTPS connections
• Encryption at Rest: Secrets are encrypted before storage in our database
• Secure Infrastructure: Our servers are hosted in secure, monitored data centers
• Regular Security Updates: We maintain up-to-date security patches and monitoring

Access Controls

Access to our systems is strictly limited and monitored. Our team follows the principle of least privilege, and no one can access the encrypted content of your secrets.

Third-Party Services

No Third-Party Analytics

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking services. Your usage of our one time secret online platform is completely private.

Content Delivery

We use reputable content delivery networks (CDNs) for serving static assets like fonts and icons. These services do not have access to your secret content.

Cookies and Local Storage

SecretLinker uses minimal local storage only for:

• Theme Preference: Remembering your dark/light mode choice
• CSRF Protection: Preventing cross-site request forgery attacks

We do not use tracking cookies or store any personal information locally.

Data Retention

We retain your encrypted secrets only for the duration you specify:

• Minimum: Until first access (immediate deletion)
• Maximum: 7 days (then automatic deletion)
• Default: 24 hours if not accessed

There are no exceptions to this policy. We cannot extend retention periods or recover deleted secrets.

Legal Compliance

Law Enforcement Requests

Even if we receive legal requests for information, we cannot provide access to your secrets because:

• Secrets are encrypted with keys we don't possess
• Secrets are automatically deleted after viewing
• We don't store user identification information
• We don't maintain access logs

Jurisdiction

Our one time secret self hosted solution allows organizations to maintain complete control over their data jurisdiction and compliance requirements.

Your Rights

Since we don't collect personal information, traditional data protection rights (like access, correction, or deletion requests) don't apply. However, you have complete control over your secrets:

• Immediate Deletion: Secrets are deleted after first access
• Expiration Control: You set when secrets expire
• Access Control: You control who can access your secrets

Children's Privacy

SecretLinker does not knowingly collect information from children under 13. Since we don't collect personal information from any users, our service is inherently compliant with children's privacy regulations.

International Users

SecretLinker can be used globally. Since we don't collect personal data or maintain user profiles, international data transfer regulations don't apply to our core service.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated date. Since we don't collect contact information, we cannot notify users directly of changes.

Open Source Transparency

SecretLinker is open source, which means our privacy practices can be independently verified. You can review our code to confirm that we implement the privacy protections described in this policy.

Self-Hosted Option

For organizations requiring complete data control, our one time secret self hosted solution allows you to:

• Host SecretLinker on your own infrastructure
• Maintain complete control over data location
• Implement custom security policies
• Ensure compliance with specific regulations

Contact Information

If you have questions about this Privacy Policy or our privacy practices, you can:

• Review our open source code for technical details
• Read our FAQ for common privacy questions
• Check our blog for security and privacy articles

Summary

SecretLinker is designed with privacy by default:

• ✅ Zero-knowledge architecture
• ✅ Automatic data deletion
• ✅ No user tracking
• ✅ No personal data collection
• ✅ Open source transparency
• ✅ Self-hosted option available