Shhh Click

Privacy Policy

Last updated: 8/23/2025

Our Commitment to Privacy

Shhh Click is built on zero-knowledge principles. We are committed to protecting your privacy and ensuring that your files remain secure and private. This policy explains how we handle your information.

What We DO NOT Collect or Store

  • Your files or file contents - All encryption happens in your browser
  • Your passphrases - These never leave your device
  • Encryption keys - Generated and used entirely client-side
  • File metadata - Filenames and sizes are only stored temporarily for delivery
  • User accounts - No registration or persistent user profiles
  • • We do not use third‑party advertising or cross‑site tracking cookies. We use first‑party analytics (PostHog) to measure usage; DNT and opt‑out are honored.

What We Temporarily Store

  • Encrypted file data - Stored in Cloudflare R2 until the selected expiry (24h Free; up to 30d Pro) or first successful access for single-use links
  • Delivery metadata - Recipient email (if you choose to send via email)
  • Cryptographic parameters - Salt and nonce values (never keys)
  • Access token - Opaque identifier used to look up transfer metadata
  • Transfer status - Opens count and max opens to enforce single-use or limits

All temporary data is automatically deleted when a link is consumed (single-use) or when the configured expiry is reached (24 hours by default for Free).

How We Use Information

  • Email delivery - We send notifications to recipients and optional receipts to senders
  • Service operation - Managing file transfers, expiry, and cleanup
  • Security - Rate limiting and abuse prevention
  • Service improvement - Anonymous usage metrics (no personal data)

Data Protection Measures

  • Encryption in transit - All communications use HTTPS/TLS
  • Encrypted storage - Files are encrypted before reaching our servers
  • Access controls - Strict server access controls and monitoring
  • Automatic deletion - Files and metadata are automatically purged
  • No key access - We cannot decrypt your files even if we wanted to

Third-Party Services

We use these third-party services to operate Shhh Click:

  • Vercel - Application hosting and edge functions
  • Cloudflare R2 - Encrypted file storage with automatic deletion
  • Upstash Redis - Temporary metadata storage via Vercel KV
  • Resend - Transactional email delivery
  • PostHog - First‑party product analytics to measure usage; honors Do Not Track and opt‑out preferences
  • Vercel Web Analytics - Privacy‑centric pageview analytics (cookieless)
  • Microsoft Clarity - Session replay/heatmaps (only if enabled)

These services may have access to encrypted data and delivery metadata, but cannot access your files' contents or encryption keys.

Session Recording (when enabled)

We may enable privacy‑preserving session recording to understand usage flows and improve the product. When enabled, sensitive inputs are masked by default. You can opt out at any time by rejecting Analytics in the cookie preferences banner or by enabling your browser's Do Not Track (DNT) setting.

Your Rights

  • Revocation - Delete your files early using the revoke link
  • Data minimization - We only collect what's necessary for service operation
  • Transparency - This privacy policy explains all data handling
  • No tracking - We don't build profiles or track your behavior

Legal Basis and Compliance

We process personal data on the basis of legitimate interest for providing secure file transfer services. Our zero-knowledge architecture means we cannot access file contents even under legal compulsion.

We comply with applicable data protection laws including GDPR and CCPA through our privacy-by-design approach.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last modified" date.

Contact Us

If you have any questions about this privacy policy or our data practices, contact:

Gopher Tech LLC

30 N Gould St Ste R, 6100

Sheridan, WY 82801

United States

Email: privacy@shhh.click