Privacy Policy

• Account & identity information: such as email, login method, basic account profile.
• Project configuration data: such as recipient information, trigger schedules, decryption hints and notes.
• Encrypted clue files: we only store encrypted file copies you upload; we do not store decryption passwords or answers.
• Operation & security logs: such as key access records, operation audit records, and anomaly detection information.
• Subscription & payment status: such as subscription status, plan, and expiration time.

• Provide core features: account login, project management, trigger confirmation, and delivery process.
• Ensure system security: identify abnormal activity, block abuse, and conduct audit trails.
• Fulfill service obligations: process subscription benefits, run notification processes, and handle user support requests.
• Improve product experience: analyze feature stability and usability; we do not sell user data.

We process your information based on legitimate grounds including contract performance (providing services you requested), legal obligations, and platform security maintenance.

When your authorization is needed, we will provide clear prompts before collection; you can adjust authorization in settings or the corresponding entry.

• Shared with infrastructure and service providers: only to the extent necessary for providing services, requiring them to comply with confidentiality and security obligations.
• When required by laws, regulations, or regulatory requirements, necessary information is disclosed through legal procedures.
• In company reorganization, merger, or asset transaction scenarios, necessary data migration and notification are conducted in accordance with law.
• We will not sell your personal information to third parties.

To ensure service availability, data may be processed or backed up in data centers across different regions.

For cross-region transfers, we adopt contractual constraints, access controls, and encryption measures to protect data security.

• We only retain information for the period necessary to achieve service purposes.
• After you delete your account, related data will be deleted or anonymized according to system processes, unless otherwise required by law.
• Security and audit logs are cleaned according to policy after meeting security analysis and compliance requirements.

• Data isolation: different users' and projects' data are logically isolated.
• Least privilege: critical operations use short-term authorization and access verification.
• Audit trail: critical access and high-risk operations are traceable.
• Zero-knowledge boundary: the platform does not store your decryption password and cannot directly decrypt file contents.

• Access & correction: you can view and update personal information in account settings.
• Deletion & withdrawal: you can initiate account deletion to terminate subsequent service use.
• Processing restriction & objection: you can submit related requests within applicable law.
• You can contact us through the in-app support entry; we will process within a reasonable period.

We use necessary cookies or equivalent technologies to maintain login status, session security, and basic feature operation.

We may also use local storage to save interface state (e.g., sidebar expansion) and local drafts to improve the experience.

If optional analytics cookies are introduced later, we will provide separate instructions and management options.

If you do not have full civil capacity, please use this service under guardian consent and guidance.

If we discover use without required guardian consent, we may restrict or terminate the relevant account.

We will update this policy based on product iterations, laws and regulations, or operational requirements, and mark the most recent update date on the page.

If updates involve significant changes, we will remind you through appropriate means.

For questions about this policy, please contact us through the in-app help center or account support entry.