← Back to home

Privacy Policy

Last updated: February 2026

The Short Version

We can't read your data. We don't want to. Your vault is encrypted on your device before it ever reaches our servers, and only someone with your passphrase (or a read-only code you've created) can decrypt it.

What We Collect

Your encrypted vault data: When you create a vault, we store the encrypted contents on our servers. This data is encrypted using your passphrase before it leaves your browser. We cannot read, access, or decrypt this information.

Passphrase hashes: We store one-way hashes of your main passphrase and any read-only codes you create. These hashes allow us to verify which type of access is being used, but they cannot be reversed to reveal your actual passphrase.

Read-only key data: When you create a read-only access code, we store wrapped encryption keys that allow holders of that code to decrypt your vault. These are useless without the corresponding read-only code.

Write key data: When you create a write access code, we store wrapped encryption keys and signing keys that allow holders of that code to decrypt and modify your vault. These are useless without the corresponding write code.

Signing public key: We store your vault's Ed25519 signing public key (unencrypted) for cryptographic verification of write operations. This key cannot be used to decrypt your data or sign updates without the corresponding private key.

Technical information: Like most websites, our servers may log basic technical information such as IP addresses and request timestamps for security and debugging purposes. We do not use this information to track or identify you.

What we don't collect: We don't collect names, emails, phone numbers, or any other personal information. There are no accounts, no user profiles, no tracking cookies, and no analytics that follow you around the web. We do not store signing private keys in unencrypted form — they are always wrapped with encryption keys derived from passphrases.

How Your Data is Protected

Your vault is encrypted using XChaCha20-Poly1305 authenticated encryption with a key derived from your passphrase using Argon2id (a memory-hard key derivation function). The encryption happens entirely in your browser — we never see your passphrase, and we never see your unencrypted data.

This means that if you lose your passphrase, we cannot help you recover your data. There is no "forgot password" option because we genuinely cannot access your information.

Read-Only and Write Access & Sharing

You can create read-only or write access codes to share your vault with others. These codes are cryptographically separate from your main passphrase — they use their own encryption keys — so you can revoke them without changing your main access.

Read-only codes allow viewing but not editing. When you share a read-only code, the recipient can view your vault contents. They cannot modify data, create or revoke other codes, or delete the vault.

Write codes allow both viewing and editing. When you share a write code, the recipient can view and modify your vault contents. They cannot create or revoke other codes, or delete the vault. Write access is cryptographically enforced using Ed25519 digital signatures — even if someone bypasses client-side checks, the server will reject unauthorized write attempts.

You control who has access and can revoke any code at any time. Both read-only and write codes can be set to expire automatically (1 hour, 1 day, 1 week, 1 month, or never).

Activity History

Your vault maintains a history of all access and changes. This log records when the vault was opened, what data was modified, when read-only or write codes were created or revoked, and when someone accessed the vault with a shared code (including which key was used).

IP Address Logging: Each history entry includes the IP address of the device that performed the action. This information is stored encrypted within your vault, not on our servers in readable form. The IP address helps you identify where access to your vault originated from and can be useful for detecting unauthorized access.

Important: The activity history (including IP addresses) is stored encrypted inside your vault. Only people with access to your vault (main passphrase or read-only code) can see this history. We cannot see who accessed your vault, when, or from where.

Rate Limiting

To protect the service and prevent abuse, we implement rate limiting on API requests. This means we temporarily track request counts by IP address, but this data is not stored long-term or used for any other purpose.

Data Retention

Your encrypted vault remains on our servers until you delete it. We may remove vaults that have not been accessed for an extended period (typically more than 2 years) to manage storage costs, but we will make reasonable efforts to notify users before doing so if we implement such a policy.

Third Parties

We do not sell, rent, or share your data with third parties. Your encrypted vault data is stored on secure servers, but since it's encrypted, even our hosting providers cannot read its contents.

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

  • Contract performance: We process your encrypted vault data to provide you with the service you requested — a secure place to store important information.
  • Legitimate interests: We process limited technical data (IP addresses for rate limiting, server logs) to protect the security and integrity of our service and prevent abuse.

We do not rely on consent as a legal basis because our service requires minimal data processing to function, and we do not engage in marketing, profiling, or any processing that would require explicit consent.

Cookies & Tracking

We do not use tracking cookies. We do not use analytics services, advertising networks, or any third-party tracking technologies. There are no cookies that follow you around the web or build a profile of your browsing habits.

The only data stored in your browser is your vault's encryption key (derived from your passphrase) during an active session. This is stored temporarily in memory and is cleared when you close the browser tab or navigate away.

International Data Transfers

Our servers are located in the United States. If you access our service from outside the United States, your encrypted data will be transferred to and stored on servers in the US.

Because your data is end-to-end encrypted before it leaves your device, the actual contents of your vault are protected regardless of where the encrypted data is physically stored. We cannot read your data, and neither can anyone who might access our servers.

For transfers from the European Economic Area (EEA), we rely on Standard Contractual Clauses with our hosting providers and the inherent protection provided by encryption — your personal information remains encrypted and inaccessible to us and our service providers at all times.

Your Privacy Rights

Regardless of where you live, you have the following rights with respect to your data:

  • Access: You can access all your vault data at any time using your passphrase.
  • Portability: You can export your complete vault data in JSON format for backup or transfer purposes.
  • Correction: You can edit any information in your vault at any time.
  • Deletion: You can permanently delete your vault and all associated data at any time.

Because we cannot read your encrypted data and have no way to identify which vault belongs to any particular person, most privacy rights can only be exercised by you directly through the service using your passphrase.

For European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access: You can request confirmation of whether we process your personal data. Since your vault is encrypted and we cannot identify you, you exercise this right by accessing your vault with your passphrase.
  • Right to rectification: You can correct inaccurate data by editing your vault.
  • Right to erasure ("right to be forgotten"): You can delete your vault at any time. We will permanently remove all associated encrypted data from our servers.
  • Right to data portability: You can export your vault data in a structured, machine-readable format (JSON).
  • Right to object: Given that we only process data necessary to provide the service and do not engage in profiling or direct marketing, there is no processing to object to.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Important limitation: Because we cannot decrypt your vault or identify which vault belongs to you without your passphrase, we cannot respond to GDPR requests that require us to locate "your" data. If you lose your passphrase, we have no way to verify that any particular encrypted vault is yours, and therefore cannot assist with access, portability, or deletion requests for that vault.

For California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to know: You have the right to know what personal information we collect. We collect only encrypted vault data, passphrase hashes, and limited technical logs as described in this policy.
  • Right to delete: You can delete your vault and all associated data at any time through the service.
  • Right to opt-out of sale: We do not sell your personal information. We have never sold personal information and have no plans to do so.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of information collected: Encrypted vault contents (which we cannot read), cryptographic hashes of passphrases, and server logs containing IP addresses and timestamps.

Categories of information disclosed or sold: None. We do not disclose or sell personal information to third parties.

Data Protection Contact

For privacy-related inquiries, requests to exercise your rights, or complaints about our data practices, please contact us at:

Email: privacy@whensomethinghappens.com
General inquiries: wsh-admin@proton.me

We will respond to verified requests within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA).

Changes to This Policy

If we make significant changes to this privacy policy, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact

If you have questions about this privacy policy or how we handle your data, please reach out to us at wsh-admin@proton.me.