Privacy Policy

Ciphera collects the minimum data necessary to operate the service: • Encrypted ciphertext — the output of client-side encryption. We never receive or store your plaintext secrets. • Encrypted file blobs — uploaded to cloud storage in encrypted form only. • Metadata — expiry settings (view counts, time limits), file name, MIME type, file size, whether a password hash is set, and creation timestamp. • Hashed IP addresses — we hash IP addresses with a server-side secret before storing them for abuse detection. Raw IP addresses are never stored. • View counts — the number of times a secret link has been accessed. We do not collect names, emails (unless you use auto-send), browsing history, or device fingerprints.

If you use the auto-send feature, you provide email addresses for recipients. These are stored alongside the secret record solely to enable email delivery via our transactional email service. They are deleted with the secret when it burns or expires.

The encryption key for every secret exists only in the URL fragment — a part of the URL that browsers never transmit to servers. We receive only ciphertext we have no key for. Even with full access to our database, we cannot read your secrets. This is not a policy — it is a technical fact of the architecture.

Secret data (ciphertext, files, metadata) is retained only until the secret expires or is burned, at which point it is permanently and immediately deleted. Hashed IP addresses used for abuse detection are retained for up to 30 days. No long-term user data is retained.

Ciphera uses third-party infrastructure providers for database hosting, encrypted file storage, rate limiting, and transactional email delivery (auto-send feature only). Each provider receives only the minimum data required for their function — primarily encrypted data they cannot decrypt. None of our infrastructure providers can access your plaintext secrets.

Ciphera does not use tracking cookies, analytics cookies, advertising cookies, or any third-party tracking scripts. There are no ads on this platform. There is no user tracking. The platform may use a session cookie for rate limiting purposes only.

Because we store no personal accounts and no plaintext content, most traditional data subject rights (access, correction, portability) do not apply in the conventional sense — there is no user profile to access or correct. If you have a specific concern, contact us via the About page.

We may update this policy as the product evolves. Material changes will be reflected with an updated date at the top of this page.

For any privacy-related questions, contact: STEVEDEV DIGITAL SERVICES Nigeria Website: #