Privacy Policy
Last updated: 2026-05-29
What we collect
Your RSA public key and its fingerprint are stored on the SecureCrypt chain and are publicly readable. Your email address is never stored on the chain in plaintext. The chain holds only its one-way SHA-256 hash (email_hash), which we use as a private lookup key, plus a copy of your email encrypted to your own key so that only your device can recover it after a reinstall. SecureCrypt operates no decryption key of any kind: we cannot reverse the hash, open the encrypted copy, or read your file contents, which are encrypted on your device before they ever reach us. Payment information is handled entirely by Paddle; we receive only a subscription-status event tied to your email_hash.
When you share a file
Sharing never reveals either party's identity to us. The file name, the password, and each participant's email are placed in envelopes encrypted to a single participant's key — one only the recipient can open, one only you can open. The chain stores only these envelopes and the one-way hashes of the participants; it never sees a plaintext email or file name, and neither do we.
What we do not collect
We do not collect browsing behaviour, crash reports without consent, or any analytics. Error reporting (GlitchTip) is opt-in via the app settings and contains no file data.
Data retention
Blockchain records are permanent by design - that is the audit guarantee. Encrypted files in R2 are deleted when you delete them from the app. Your local encryption keys never leave your device.
Contact
Questions: privacy@securecrypt.app
SecureCrypt