Back to Home

Privacy Policy

Effective April 28, 2026

What we collect

Account creation: your email address (for magic-link authentication). We do not collect passwords.

API usage: each API call is logged with the operation type, API key identifier, logical user ID, and a request ID. Fact plaintext is never included in audit logs.

Billing: payment processing is handled by Stripe. We store your Stripe customer ID — not your card details.

How your data is stored

Server-sealed facts: encrypted at rest with AES-256-GCM. The encryption key is held in the application process and never exposed to the database layer. Facts are decrypted in memory only when you call prove, share, or generate a search summary.

Client-sealed (E2EE) facts: stored as opaque ciphertext blobs. The server never receives or derives plaintext, and never calls an embedding model on the fact. Decryption requires your own key, which never leaves your control.

API keys: stored as SHA-256 hashes. The raw key is shown once at creation and never persisted.

Third-party services

Depending on how the operator configures the deployment:

  • Supabase — authentication and PostgreSQL database hosting.
  • Stripe — payment processing for paid plans.
  • OpenAI or OpenRouter (optional) — embedding generation and yes/no answer derivation for prove, share, and search operations on server-sealed facts only. When configured, fact plaintext and queries may be sent to these providers. This can be disabled entirely with ZKSHARE_DISABLE_EXTERNAL_LLM=true.
  • Upstash (optional) — Redis for rate limiting.

Client-sealed facts are never sent to any third-party LLM. For maximum privacy, operators can disable external LLMs and require client-supplied embeddings.

Cookies

We use Supabase Auth session cookies for dashboard sign-in. We do not use tracking cookies or third-party analytics cookies. Vercel Analytics (when enabled in production) collects anonymized page-view data with no personally identifiable information.

Data retention

Facts and audit logs are retained for as long as your account is active. You can delete individual facts by overwriting them (upsert with the same key) or by contacting the operator. API keys can be revoked at any time from the dashboard.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact the operator through the GitHub repository.

Changes

We may update this Privacy Policy from time to time. Changes take effect when posted. Continued use of the Services after changes constitutes acceptance.

Contact

Questions about this policy? Open an issue on the GitHub repository or contact the repository owner. For security issues, see SECURITY.md.