Deutsch
English
🔐 Encipher.Me

Login

Access to your secure area

🔑 Forgot password?

Don't have an account yet? Register

🔒 Privacy Policy

Transparent privacy practices for maximum privacy

🧠 Zero-Knowledge Philosophy

Our Principles: Encipher.Me was developed according to the Zero-Knowledge principle - we technically cannot decrypt your messages, even if we wanted to. Your privacy is protected by architecture, not just promises.

1. Data Controller

Data Controller under GDPR:

IT-Service Matthias Tichý Einzelunternehmen
Lindenufer 39
13597 Berlin
Deutschland

Contact:
E-Mail: support@encipher.me
Website: Contact Form

2. What Data Do We Collect?

🔐 Encrypted Messages

What: Encrypted data blocks of your messages

How long: Maximum 30 days or until configured access limit

Purpose: Providing encryption services

Special note: Zero-Knowledge - we cannot decrypt this data

👤 Registered Users (optional)

What: Email address, encrypted password, usage statistics

How long: Until account deletion

Purpose: Account management and extended features

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

🍪 Technical Cookies

What: Session cookies, CSRF protection, theme settings

How long: Session end or up to 30 days

Purpose: Security and functionality of the website

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

🛡️ Security Data (all users)

What: IP addresses, browser information (User-Agent), timestamps of security events, failed access attempts

How long: IP bans up to 24 hours (depending on violation), security logs up to 30 days

Purpose: Protection against brute-force attacks, bot detection, spam protection, abuse prevention

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in IT security and abuse protection)

📍 Note: This data is automatically stored when suspicious activities are detected (e.g. repeated invalid requests). IP bans serve to protect all users.

📊 Performance and SEO Data (all users)

What: Referer URL (where you came from), Browser type, Language, Screen resolution, Page load times, Memory usage, Number of database queries

How long: Performance logs up to 30 days, automatic cleanup of older data

Purpose: Improving website performance, troubleshooting, Search Engine Optimization (SEO), analyzing traffic sources to improve service

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in optimization and improvement of the service)

ℹ️ Note: This data is processed anonymously and is used exclusively for technical optimization. NO tracking cookies or external analytics services are used.

👤 Additional Data for Registered Users

What: Session IDs, login times, 2FA settings

How long: Active sessions up to 1 hour, account data until deletion

Purpose: Account security, session management, security dashboard

Access: Registered users can view their security logs in the internal area.

3. What Do We NOT Collect?

  • No Tracking Cookies - No analytics or advertising
  • No Message Content - Zero-Knowledge architecture
  • No Metadata - Who, when, how often accesses remains unknown

4. Zero-Knowledge Technology

🔑 Client-Side Encryption

All encryption operations take place in your browser. Encryption keys are never transmitted to our servers.

🔗 URL Fragment Technology

Decryption keys are transmitted in the URL fragment (#). Browsers never send these fragments to servers.

🚫 Server-Side Blindness

Our servers only receive encrypted data blocks. Even in case of a complete server hack, your messages remain protected.

5. Your Rights Under GDPR

You have the following rights:

  • Art. 15 GDPR: Information about processed data
  • Art. 16 GDPR: Rectification of incorrect data
  • Art. 17 GDPR: Erasure ("Right to be forgotten")
  • Art. 18 GDPR: Restriction of processing
  • Art. 20 GDPR: Data portability
  • Art. 21 GDPR: Objection to processing
  • Art. 77 GDPR: Complaint to supervisory authority

🔒 Zero-Knowledge Notice: Since we cannot decrypt your messages, providing information about specific message content is technically impossible. We can only provide metadata (number of messages, creation times).

🚫 Important Notice about IP Bans: In case of repeated security violations (e.g. brute-force attacks), your IP address will be automatically banned. Contact us via the contact form from another IP address if you were incorrectly banned.

6. Data Security

🔐 Encryption

AES-256-GCM encryption, TLS 1.3 for all transmissions, secure hash procedures for passwords.

🛡️ Security Measures

CSRF protection, rate limiting, secure session management, regular security updates.

🗑️ Automatic Deletion

All data is automatically deleted after expiration - no backups, no recovery possible.

7. Cookies in Detail

Cookie Purpose Duration
PHPSESSID Session management for login Session end
csrf_token Protection against CSRF attacks Session end
theme Light/dark mode setting 30 days (localStorage)
cookieConsent Stores cookie consent 1 year (localStorage)

8. Contact and Complaints

Data Protection Officer:

E-Mail: support@encipher.me
Contact: Contact Form

Supervisory Authority:

You have the right to complain to the competent supervisory authority:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn
Phone: +49 (0)228-997799-0
Website: www.bfdi.bund.de

9. Changes to this Privacy Policy

This privacy policy may be updated as needed. Changes will be published on this page and take effect immediately.

Last updated: 10.10.2025

Privacy Questions?

We're happy to help with questions about your data and our privacy practices.

📧 Privacy Contact 📄 Terms of Service