Privacy Policy

Zero-Knowledge Architecture

Ironlox is designed with a zero-knowledge architecture. All encryption and decryption of your vault data happens on your device. Your master password, encryption keys, and plaintext vault contents never leave your device.

What We Store

• Your email address (for account identification and communication)
• An encrypted version of your vault (AES-256-GCM, encrypted on your device before transmission)
• A server-side hashed authentication token (derived from your master password with a different salt)
• Login event metadata (IP hash, timestamp, user agent) for security auditing and abuse prevention
• Subscription status (free or premium) and billing history through Stripe

What We Never See

• Your master password
• Your encryption keys
• Plaintext vault contents (passwords, credit cards, notes, identities)
• Your authentication hash in plaintext form
• Your browsing activity or which sites you use

Analytics and Tracking

We do not use any third-party analytics, tracking cookies, or advertising technologies. Server-side operational metrics (request counts, error rates, D1 query volume) are collected via Cloudflare Analytics Engine for service reliability only. These metrics never contain personal information.

Data Retention and Deletion

Your vault data and account information are retained for the lifetime of your account. When you initiate account deletion, your data enters a 7-day grace period (during which you may cancel deletion). After the grace period, all data is permanently and irreversibly purged from D1, R2, and all backups.

Third-Party Services

We use Stripe for payment processing. Your payment information is handled directly by Stripe and never touches our servers. We use Cloudflare for infrastructure (Workers, D1, R2, KV). We do not share your data with any other third parties.

Legal Disclosures

We will only disclose user information if required by a valid legal process (court order, subpoena, or warrant). However, due to our zero-knowledge architecture, the only data we can disclose is your email address, subscription status, and an encrypted vault blob that we cannot decrypt. We will notify affected users before disclosure unless prohibited by law.