Privacy policy
Last updated: June 12, 2026
Data controller
The data controller is Alexandre Lamata, publisher of the service, Cagnes-sur-Mer (France). For any request regarding your data: [email protected].
The content of secrets is never accessible to the publisher: it is end-to-end encrypted in your browser and erased on expiry. This policy therefore only covers metadata.
Data processed & purposes
- Account holders: email address, name, sign-in log (dates, IP addresses) — to provide the account service and ensure its security.
- For each push: metadata (type, dates, view counter) and audit log (IP addresses and browsers of views) — for security traceability and service operation.
- Secret content: end-to-end encrypted, never accessible to the publisher, permanently erased on expiry.
Legal bases (GDPR, art. 6)
- Account management: performance of the contract (art. 6(1)(b)).
- Logs and IP addresses: legitimate interest (security, abuse prevention, art. 6(1)(f)), and a legal obligation on the host to retain connection data.
Retention periods
- Sign-in logs: 12 months.
- Audit-log IP addresses: 12 months.
- Account data: until the account is deleted by the user, then erased.
- Encrypted content: erased on push expiry (view count or delay reached).
Recipients & transfers
No data is sold or shared with third parties for commercial purposes. No transfer outside the European Union of service data (infrastructure in France). The technical network intermediary (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA) only handles encrypted traffic and has no access to any cleartext content.
Your rights
Under the GDPR, you have the rights of access, rectification, erasure, objection, restriction and portability. Exercise them at [email protected].
You also have the right to lodge a complaint with the CNIL (the French supervisory authority).