|

1. Our Principle: Zero-Knowledge

SaladVault is a Zero-Knowledge application. This means we are technically incapable of reading your data. All encryption and decryption happens on your device. Our servers only see encrypted blobs and anonymous identifiers.

2. What We DO NOT Collect

• Your master password - never transmitted, never stored, erased from memory after use (Zeroize)
• Your email in plain text - only a HMAC-SHA256 hash (Blind Index) reaches our server
• Your vault entries (passwords, usernames, URLs, notes) - encrypted client-side before storage
• Your device key (Ingredient Secret) - never leaves your device
• Browsing history, keystrokes, clipboard contents, or screen captures

3. What We Collect (Paid Plans Only)

• Blind Index: an anonymous, irreversible identifier derived from your email via HMAC-SHA256. Used to identify your account without knowing your email.
• Encrypted vault blob: your vault data encrypted with XChaCha20-Poly1305. We cannot decrypt it.
• Authentication hash: derived from your password via Argon2id. We cannot reverse it to obtain your password.
• Stripe customer ID: for payment processing. We do not store credit card numbers.
• Timestamps: account creation date and last activity date (for Dead Man's Switch).
• Dead Man's Switch recipient email: stored in plain text only if you enable this feature, as it is required to send the recovery email.

4. Local-Only Users (Free Plan)

If you use the free Jardinier plan, no data ever leaves your device. We collect absolutely nothing. Your vault is stored in a local SQLite database on your machine.

5. Third-Party Services

• Stripe: payment processing for paid plans. Stripe's privacy policy applies to payment data.
• OVH (France): server hosting. All servers are located in France.
• We do not use any analytics, tracking, advertising, or telemetry services. No Google Analytics, no Facebook Pixel, no cookies.

6. Data Storage and Security

• All server data is stored on OVH infrastructure in France.
• Database access is restricted and encrypted at rest.
• All API communications use TLS 1.3.
• Even in the event of a complete server breach, your vault data remains encrypted and unusable without your master password AND your device key.

7. Data Retention

Your encrypted vault data is retained as long as your account exists. Upon account deletion, all server-side data (encrypted blobs, blind index, tokens) is permanently deleted. Local data on your device is yours to manage.

8. Your Rights (GDPR)

• Right of access: you can export all your data at any time via the application.
• Right to erasure: you can delete your account and all server-side data.
• Right to portability: export in CSV or encrypted JSON format.

Note: due to our Zero-Knowledge architecture, we cannot identify which data belongs to you without your authentication. We cannot fulfill data access requests based solely on an email address, because we don't store email addresses.

9. Law Enforcement

If compelled by French law to provide user data, we can only provide encrypted blobs and anonymous identifiers. We cannot provide decrypted vault contents, plaintext emails, or master passwords, because we do not have them. Our Warrant Canary is published on our website.

10. Children

SaladVault is not directed at children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page. Since we collect minimal data, changes are expected to be rare.

12. Contact

For privacy-related questions, contact us via our GitHub repository: github.com/salad-vault