Privacy Policy

LockBox is a secure, end-to-end encrypted secret sharing service. LockBox allows you to securely share secrets with other people, without having to worry about your data being compromised.

This privacy policy explains how we collect, use, and protect your personal information when you use our website, app, and services (collectively, the "Services"). By using the Services, you agree to this privacy policy. If you do not agree to this privacy policy, you may not use the Services.

1. What information do we collect?

We collect the following types of information when you use the Services:

  • Encrypted data: When you upload, store, share, or delete encrypted data ("Content") using the Services, we store the encrypted data on our server. We do not access, monitor, review, or decrypt your Content unless required by law or with your consent. You are solely responsible for your Content and the consequences of sharing it with others. You retain ownership and control of your Content.
  • Automatically collected information: When you use the Services, we automatically collect certain information about your device and usage, such as your IP address, location, browser, browser language, operating system, device identifiers, and cookies. We use this information to provide and improve the Services, to analyze how users interact with the Services, and to prevent fraud and abuse.
  • Social media information: If you link your LockBox account with a social media account, we also collect information social media networks give us. Depending on the social media network, this can include your username, name, email address, friends list, and more. We use this information to personalize your experience and to allow you to share your Content with your social media contacts.

2. How do we use your information?

We use your information for the following purposes:

  • To provide and maintain the Services;
  • To improve and enhance the Services;
  • To communicate with you about the Services;
  • To protect the security and integrity of the Services;
  • To comply with legal obligations and requests;
  • To enforce our Terms of Service and this privacy policy;
  • To protect our rights and interests and those of our users;
  • To fulfill any other purpose for which you provide your consent.

3. How do we share your information?

We do not sell, rent, or disclose your personal information to any third parties, except as described below:

  • Service providers: We may share your information with third-party service providers that help us provide and improve the Services. These include:
    • Vercel Inc., which hosts our website and app. You can find their privacy policy here:
    • Upstash, which stores your encrypted data. You can find their privacy policy here:
    • SimpleAnalytics, which provides basic analytics of accesses. You can find their privacy policy here:
    • hCaptcha, which provides human verification and prevents spam. You can find their privacy policy here:
    We only share your information with these service providers to the extent necessary to perform their services on our behalf. We do not authorize them to use or disclose your information for any other purposes.
  • Legal compliance: We may share your information with law enforcement, government authorities, courts, or other third parties when we believe it is necessary or appropriate to:
    • Comply with applicable laws or regulations;
    • Respond to lawful requests or legal process;
    • Protect our rights and property and those of our users;
    • Prevent or investigate fraud, abuse, or illegal activity;
    • Protect the personal safety of us, our users, or the public.
  • Business transfers: We may share your information with a third party in connection with a merger, acquisition, reorganization, or sale of some or all of our assets. In such event, we will notify you and take steps to ensure that your information is treated in accordance with this privacy policy.
  • Consent: We may share your information with any other third parties with your consent or direction.

4. How do we protect your information?

We take reasonable measures to protect your information from unauthorized access, use, alteration, or disclosure. These include using encryption, firewalls, and secure servers. However, no method of transmission or storage is completely secure. Therefore, we cannot guarantee the absolute security of your information. You are responsible for safeguarding your password and any other credentials used to access your account. You should not share your password or credentials with anyone. You should notify us immediately of any unauthorized use of your account.

5. How long do we keep your information?

We keep your information for as long as necessary to provide and improve the Services, to comply with our legal obligations, and to resolve any disputes. We do not guarantee that your data will be kept for the requested amount of time and it may be removed sooner. When we no longer need your information, we will delete it from our systems and servers or anonymize it so that it cannot be linked back to you.

6. How do we handle international transfers?

The Services are hosted and operated in Germany. If you are located outside of Germany, you acknowledge and agree that your information may be transferred to and processed in Germany or other countries where our service providers are located. These countries may have different or less protective data protection laws than your own country. By using the Services, you consent to such transfers and processing.

7. How do we respect your rights?

Depending on your location and applicable laws, you may have certain rights regarding your information. These may include:

  • The right to access, update, or delete your information;
  • The right to object to or restrict the processing of your information;
  • The right to opt out of marketing communications;
  • The right to withdraw your consent at any time;
  • The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, you can contact us at [email protected]. We will respond to your request within a reasonable time and in accordance with applicable laws. We may ask you to verify your identity before fulfilling your request. We may also charge a reasonable fee or refuse to comply with your request if it is excessive, repetitive, or unfounded.

8. How do we handle children's privacy?

The Services are not intended for or directed to children under the age of 13. We do not knowingly collect or solicit any personal information from children under the age of 13. If we become aware that we have collected personal information from a child under the age of 13, we will delete it as soon as possible. If you believe that we have collected personal information from a child under the age of 13, please contact us at [email protected].

9. How do we update this privacy policy?

We may update this privacy policy from time to time to reflect changes in our practices, the Services, or the applicable laws. We will notify you of any material changes by posting the updated privacy policy on our website or app or by sending you an email or other notification. The date at the top of this privacy policy indicates when it was last updated. Your continued use of the Services after the updated privacy policy becomes effective constitutes your acceptance of the updated privacy policy.

10. How do you contact us?

If you have any questions, comments, or feedback about this privacy policy or the Services, please contact us at [email protected].