🔒 Privacy Policy

Our Principles: Encipher.Me was developed according to the Zero-Knowledge principle - we technically cannot decrypt your messages, even if we wanted to. Your privacy is protected by architecture, not just by promises.

Responsible party under GDPR:

[Your Company/Name]
[Street and House Number]
[ZIP City]
Germany

Contact:
E-Mail: privacy@encipher.me
Website: Contact Form

🔐 Encrypted Messages

What: Encrypted data blocks of your messages

How long: Maximum 30 days or until configured access limit

Purpose: Providing encryption services

Special note: Zero-Knowledge - we cannot decrypt this data

👤 Registered Users (optional)

What: Email address, encrypted password, usage statistics

How long: Until account deletion

Purpose: Account management and extended features

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)

🍪 Technical Cookies

What: Session cookies, CSRF protection, theme settings

How long: Session end or up to 30 days

Purpose: Security and functionality of the website

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

🛡️ Security Data for Registered Users

What: IP addresses, browser information (User-Agent), session IDs, login times

How long: Active sessions up to 1 hour, security logs up to 30 days

Purpose: Account security, session management, fraud detection, security dashboard

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in account security)

📍 Note: This data is stored exclusively for security purposes and is viewable in your account's security dashboard.

• ❌ No tracking cookies - No analytics or advertising
• ❌ No message content - Zero-Knowledge architecture
• ❌ No metadata - Who, when, how often accesses remains unknown

🔑 Client-Side Encryption

All encryption operations take place in your browser. Encryption keys are never transmitted to our servers.

🔗 URL Fragment Technology

Decryption keys are transmitted in the URL fragment (#). Browsers never send these fragments to servers.

🚫 Server-Side Blindness

Our servers only receive encrypted data blocks. Even in the event of a complete server hack, your messages remain protected.

You have the following rights:

• Art. 15 GDPR: Information about processed data
• Art. 16 GDPR: Rectification of incorrect data
• Art. 17 GDPR: Deletion ("right to be forgotten")
• Art. 18 GDPR: Restriction of processing
• Art. 20 GDPR: Data portability
• Art. 21 GDPR: Objection to processing
• Art. 77 GDPR: Complaint to supervisory authority

🔒 Zero-Knowledge Notice: Since we cannot decrypt your messages, providing information about specific message content is technically impossible. We can only provide metadata (number of messages, creation times).

🔐 Encryption

AES-256-GCM encryption, TLS 1.3 for all transmissions, secure hash procedures for passwords.

🛡️ Security Measures

CSRF protection, rate limiting, secure session management, regular security updates.

🗑️ Automatic Deletion

All data is automatically deleted after expiration - no backups, no recovery possible.

Cookie	Purpose	Duration
PHPSESSID	Session management for login	Session end
csrf_token	Protection against CSRF attacks	Session end
theme	Light/dark mode setting	30 days (localStorage)
cookieConsent	Stores cookie consent	1 year (localStorage)

Data Protection Officer:

E-Mail: privacy@encipher.me
Contact: Contact Form

Supervisory Authority:

You have the right to complain to the competent supervisory authority:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn
Phone: +49 (0)228-997799-0
Website: www.bfdi.bund.de

This privacy policy may be updated as needed. Changes will be published on this page and take effect immediately.

Last updated: 25.08.2025

📧 Privacy Contact 📄 Terms of Service