Privacy Policy

Last updated: January 24, 2026

TL;DR

Your files are encrypted before upload. We cannot access them. We collect minimal data (email, payment status). No tracking. No ads. We cannot recover files if you lose your link - that's the security feature.

1. Data Controller

ControllerAndy AKHATAR
BusinessSecury.io (Sole Proprietor)
LocationFrance
Contactprivacy@secury.io

2. Zero-Knowledge Architecture

Secury.io is built on a zero-knowledge architecture. This is not just a policy - it's a technical guarantee.

How It Works

Files are encrypted in YOUR browser before upload
Decryption key exists ONLY in your shareable link
We use OPAQUE protocol for authentication - your password never touches our servers

What This Means

We CANNOT read, view, or access your files
We CANNOT recover files if you lose your link
We CANNOT reset your password without proper verification
Even under legal compulsion, we can only provide encrypted data that is useless without your key

3. Data We Collect

Account Information

Email addressAccount creation & communication
Authentication credentialsHashed (zero-knowledge)

Payment Information

Processed entirely by Stripe. We never store:

Credit card numbers
CVV or security codes
Bank account details

We only receive: payment confirmation and subscription status.

Technical Data

IP addressSecurity & abuse prevention
Browser typeCompatibility
Device infoService optimization
Usage logsUploads/downloads (NOT content)

Encrypted Files

We store encrypted file blobs. Due to zero-knowledge architecture, we can only see:

File size (encrypted)
Expiration settings
Download count
File content (impossible to access)

4. Data We DON'T Collect

File Contents

Zero-knowledge = we literally cannot see them

Analytics & Tracking

No Google Analytics, Mixpanel, or similar

Advertising Data

No ads, no ad networks, no retargeting

Behavioral Profiles

We don't build profiles or sell data

Your Password

OPAQUE protocol means it never leaves your device

5. How We Use Your Data

Provide and maintain the service
Process subscription payments
Send transactional emails (verification, notifications)
Prevent fraud and abuse
Comply with legal obligations

6. Data Retention

Account dataUntil deletion + 3 years (legal)
Encrypted filesYour expiration setting (1h - 7 days)
Technical logsMaximum 12 months
Payment recordsAs required by tax law

7. Third-Party Services

Service Providers

Stripe (USA)Payment processing
Cloudflare (USA)Hosting, CDN, security
Resend (USA)Transactional emails

All providers comply with GDPR through Standard Contractual Clauses (SCCs). We do NOT sell or share your data for marketing.

8. Your Rights (GDPR)

If you are in the European Union, you have the following rights:

Right of access - Request a copy of your data
Right to rectification - Correct inaccurate data
Right to erasure - Delete your personal data
Right to portability - Receive data in machine-readable format
Right to object - Object to processing
Right to restrict - Limit how we use your data

To exercise these rights, contact privacy@secury.io.

Supervisory Authority

You may lodge a complaint with the CNIL (French Data Protection Authority) or your local data protection authority.

www.cnil.fr

9. Cookies

We use only essential cookies required for the service to function. No tracking, advertising, or analytics cookies.

For details, see our Cookie Policy.

10. Security Measures

End-to-end encryption - Files encrypted before leaving your device
Zero-knowledge auth - OPAQUE protocol, password never transmitted
HTTPS everywhere - All connections encrypted in transit
Security headers - CSP, HSTS, and protective headers

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use after changes constitutes acceptance.

12. Contact Us

Privacy Questionsprivacy@secury.io
Data Requestsprivacy@secury.io

See also: Terms of Service · Cookie Policy · Legal Notice