Legal

Privacy Policy

Last updated: 4 June 2026 · Effective on launch

SealedVault is a zero-knowledge password manager. The defining fact of this policy is what we cannot see: your master password, your encryption keys, and the contents of your vaults never reach our servers in a form we can read. This document explains the limited data we do process, why, and your rights over it.

1. Who we are

SealedVault ("we", "us", "our") is operated by InterconX. For multi-tenant deployments, your Managed Service Provider (MSP) acts as the data controller for the credentials it manages on your behalf; we act as the data processor for that content. For your personal vault and account, we are the controller. Contact: [email protected].

2. What we cannot access

By cryptographic design, the following never leave your device in readable form and are never available to us:

  • Your master password. Authentication uses SRP-6a, so we verify you without ever receiving it.
  • Your derived encryption keys (master key, vault keys, per-item keys).
  • The plaintext of any vault item — logins, notes, cards, identities and the like.

We store only ciphertext, public keys, and SRP verifiers. A server breach exposes no readable secrets and no password to crack.

3. Data we do process

  • Account identifiers: your email address (canonical, used to identify you globally), display name, and tenant memberships.
  • Encrypted vault blobs: opaque ciphertext we store and sync but cannot decrypt.
  • Public cryptographic material: your X25519 and Ed25519 public keys, used so others can seal secrets to you and verify your signatures.
  • Operational metadata: timestamps, device identifiers, IP addresses at sign-in, and tamper-evident audit-log events (who did what, when) for security and offboarding.
  • Billing data: for paid tenants, subscription and seat counts. Card details are handled directly by Stripe and never touch our servers (PCI SAQ-A scope).
  • Domain hints: a per-tenant HMAC of the normalised domain, so autofill can match items without revealing which sites you store.

4. Why we process it (lawful bases)

We process the above to provide the service you (or your MSP) have contracted for (performance of a contract), to keep the service secure and audit-able (legitimate interests and, where applicable, legal obligation), and to bill paid plans. We do not process special-category data and do not profile you for advertising.

5. What we never do

  • We do not sell your data. Ever.
  • We do not run advertising or share data with ad networks.
  • We do not add silent decryption backdoors. A launch-blocking test verifies that even our own operators cannot chain endpoints to decrypt a vault item.

6. Sharing & sub-processors

We use a small set of vetted sub-processors strictly to operate the service — cloud hosting and storage, transactional email, and Stripe for payments. Each is bound by data-processing terms. Within a multi-tenant deployment, your MSP and its authorised administrators may manage memberships and, where you have opted into recovery, re-seal your vault under the recovery-admin protections described in our documentation.

7. International transfers

Data may be processed in the jurisdiction where our infrastructure is hosted. Where data leaves your region, we rely on appropriate safeguards such as Standard Contractual Clauses. Because vault contents are end-to-end encrypted, cross-border transfer of that content exposes only ciphertext.

8. Retention

We retain account and encrypted vault data for as long as your account is active. Audit-log events are retained for a multi-year compliance period and exported to write-once storage. On account deletion we remove your account data and encrypted blobs within a reasonable period, subject to legal retention obligations.

9. Your rights

Under the GDPR, CCPA and similar laws you may request access, correction, deletion, portability, and restriction of processing, and you may object to certain processing. Because we cannot decrypt your vault, a data-access request returns the ciphertext and metadata we hold, plus a plaintext export you generate yourself from within an unlocked client. To exercise any right, contact [email protected]. You may also lodge a complaint with your local supervisory authority.

10. Security

Encryption uses conservative libsodium primitives: Argon2id key derivation, XChaCha20-Poly1305 authenticated encryption, X25519 sealed boxes for sharing, Ed25519 signatures, and SRP-6a authentication. Transport is TLS 1.3 only with HSTS preload and DNS CAA; mobile clients pin certificates and bind keys to the Secure Enclave (iOS) or StrongBox keystore (Android). See our security architecture for detail.

11. Children

SealedVault is a business tool not directed at children under 16, and we do not knowingly collect their data.

12. Changes

We will post any material change here and update the "last updated" date. Continued use after a change constitutes acceptance.

← Back to home  ·  Terms of Use