Privacy Policy

Effective Date: December 2025

            Summary: TextSafe uses zero-knowledge encryption. We cannot read, access, or decrypt your stored content. Your data is encrypted in your browser before it ever reaches our servers.
        

1. Introduction

TextSafe ("we", "our", "us") operates text-safe.com and the TextSafe browser extension. This Privacy Policy explains how we collect, use, and protect information when you use our service.

By using TextSafe, you agree to the collection and use of information in accordance with this policy.

2. Zero-Knowledge Architecture

TextSafe is built on a zero-knowledge encryption model. This means:

All encryption and decryption occurs locally in your browser using AES-256-GCM
Your passcode and security color never leave your device
We only receive and store encrypted ciphertext that we cannot decrypt
Even under legal compulsion, we cannot provide your plaintext data because we do not possess the decryption keys

3. Information We Collect

3.1 Data You Store

Encrypted Content: The encrypted version of your text, which we cannot read
Storage Identifier: A SHA-256 hash derived from your passcode and color combination. This hash cannot be reversed to reveal your credentials
Expiration Timestamp: The date and time when your data will be automatically deleted

3.2 Technical Data

IP Addresses: Temporarily processed for rate limiting and abuse prevention. Stored for a maximum of 24 hours, then permanently deleted
Request Logs: Basic server logs for security monitoring. These do not contain your encrypted content and are retained for up to 7 days

3.3 Data We Do NOT Collect

Your plaintext content
Your passcode
Your security color selection
Personal identification information
Email addresses (unless you contact us)
Tracking cookies or advertising identifiers
Browser fingerprints

4. How We Use Information

The limited information we collect is used solely for:

Providing the encrypted storage service
Preventing abuse through rate limiting
Maintaining service security and stability
Generating anonymous usage statistics (total saves, retrieves)

5. Data Retention and Deletion

Your Encrypted Data: Automatically and permanently deleted after your selected retention period (1, 4, or 7 days)
Rate Limiting Data: Automatically deleted after 24 hours
Server Logs: Retained for up to 7 days for security purposes

Deletion is permanent. We do not maintain backups of deleted data and cannot recover it.

6. Data Sharing and Third Parties

We do not sell, rent, or share your data with third parties for marketing or any other purpose.

Your encrypted data may be stored on cloud infrastructure provided by our hosting provider (Render). However, because the data is encrypted before transmission, neither we nor our infrastructure providers can access the plaintext content.

7. Cookies and Local Storage

TextSafe does not use tracking cookies or third-party analytics.

We use browser local storage only for:

Remembering your session state within a single browser tab
Storing user preferences (such as collapsed UI elements)
Rate limiting tracking on the client side

This data remains on your device and is not transmitted to our servers.

8. Security Measures

We implement industry-standard security practices:

All connections use HTTPS/TLS encryption
Content Security Policy (CSP) headers to prevent XSS attacks
Rate limiting to prevent brute-force attacks
No plaintext credentials are ever transmitted or stored
Regular security reviews of our codebase

9. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your data:

Access: Due to our zero-knowledge design, we cannot identify which data belongs to you without your passcode
Deletion: Your data is automatically deleted after the retention period. You can also simply not retrieve it and let it expire
Data Portability: You can copy your content at any time while it remains accessible

10. International Users

TextSafe is operated from servers that may be located in various jurisdictions. By using the service, you consent to the transfer of your encrypted data to these servers. Because the data is encrypted before transmission, the actual content remains protected regardless of server location.

11. Children's Privacy

TextSafe is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has used our service, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance of the new policy.

13. Contact Us

For privacy-related questions or concerns:

Email: textsafecontact@gmail.com

We aim to respond to all inquiries within 48 hours.