SecureShare Privacy Policy
Last Updated: June 11, 2025
🔒 Zero-Knowledge Privacy Commitment
SecureShare operates on a zero-knowledge principle: We cannot access, read,
or decrypt your files or filenames. Your privacy is protected by design, not just by policy.
1. INTRODUCTION
SuperHeavy Industries LLC, doing business as SecureShare ("we," "us," or "our") is committed
to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and
safeguard your information when you use our zero-knowledge, end-to-end encrypted file sharing
service (the "Service").
This Privacy Policy should be read in conjunction with our
Terms of Service.
2. INFORMATION WE COLLECT
2.1 Information We Cannot Access (Zero-Knowledge)
Due to our zero-knowledge architecture, we CANNOT access:
-
File contents - All files are encrypted on your device before
transmission
- Filenames - Even file names are encrypted and unreadable to us
-
Encryption keys - Keys are generated and stored only on your device
-
Shared content metadata - We don't know what types of files you're
sharing
2.2 Technical Information We May Collect
| Data Type |
What We Collect |
Purpose |
Retention |
| Connection Data |
IP addresses (temporarily), browser type, operating system |
Security, fraud prevention, service operation |
30 days maximum |
| Usage Statistics |
File transfer success/failure rates, file sizes (rounded) |
Service improvement, performance monitoring |
90 days |
| Error Logs |
Technical error information (no file content) |
Bug fixes, service reliability |
30 days |
2.3 Information We Do NOT Collect
We explicitly do NOT collect:
- Personal identification information (names, emails, phone numbers)
- Account creation data (SecureShare works without accounts)
- Payment information (service is free)
- Location tracking or GPS data
- Social media profiles or contacts
- Behavioral tracking across other websites
- Marketing or advertising data
3. HOW WE USE INFORMATION
3.1 Legitimate Purposes
We use the limited technical information we collect only for:
- Service Operation: Providing file transfer functionality
- Security: Protecting against abuse, malware, and attacks
- Performance: Monitoring and improving service reliability
- Legal Compliance: Meeting applicable legal requirements
- Technical Support: Diagnosing and fixing technical issues
3.2 Data Minimization
We follow strict data minimization principles:
- Collect only the minimum data necessary for service operation
- Automatically delete data when no longer needed
- Use aggregated, anonymized data whenever possible
- Never sell, rent, or trade any user data
4. INFORMATION SHARING AND DISCLOSURE
4.1 General Policy
We do not sell, trade, or rent your information to third parties. We may only share limited
technical data in these specific circumstances:
4.2 Service Providers
We may share minimal technical data with trusted service providers who:
- Help us operate and maintain the service (hosting, CDN, security)
- Are contractually bound to protect your privacy
- Cannot access encrypted file contents or filenames
- Only receive aggregated, anonymized data when possible
4.3 Legal Requirements
Important Limitation: Even if legally required, we cannot provide:
- File contents (we don't have access due to encryption)
- Filenames (encrypted and unreadable to us)
- User identities (we don't collect personal information)
- Communication content (end-to-end encrypted)
We may only be able to provide limited technical data such as connection logs or error
reports.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user data may be transferred, but
the zero-knowledge architecture and privacy protections would remain in place.
5. DATA SECURITY
5.1 Encryption Standards
- AES-256-GCM: Military-grade encryption for all files
- Client-side encryption: Files encrypted before leaving your device
- Secure key generation: Cryptographically secure random keys
- Zero-knowledge design: We cannot decrypt your data
5.2 Infrastructure Security
- Secure data centers with physical and network security
- Regular security audits and penetration testing
- Encrypted data transmission (TLS/SSL)
- Automated security monitoring and threat detection
5.3 Data Breach Procedures
In the unlikely event of a data breach:
- Your files remain protected by encryption (we cannot decrypt them)
- We will report to relevant authorities as required by law
6. YOUR PRIVACY RIGHTS
6.1 European Union (GDPR) Rights
If you are in the EU, you have the right to:
-
Access: Request information about data we hold (limited due to
zero-knowledge)
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Portability: Receive your data in a structured format
- Object: Object to certain data processing
- Withdraw consent: Withdraw consent at any time
6.2 California (CCPA/CPRA) Rights
California residents have the right to:
- Know: Learn what personal information we collect and how it's used
-
Delete: Request deletion of personal information (limited due to
zero-knowledge)
-
Opt-out: Opt-out of sale of personal information (we don't sell data)
- Non-discrimination: Equal service regardless of privacy choices
-
Correct: Request correction of inaccurate personal information (limited due
to zero-knowledge)
6.3 Exercising Your Rights
Important Note: Due to our zero-knowledge architecture, we may have very
limited data to provide or delete beyond technical logs.
7. INTERNATIONAL DATA TRANSFERS
7.1 Data Processing Locations
SecureShare may process data in:
- United States (primary infrastructure)
7.2 Transfer Safeguards
For international transfers, we ensure:
- Adequate level of data protection
- Standard contractual clauses when required
- Compliance with applicable transfer regulations
- Zero-knowledge architecture protects data regardless of location
8. CHILDREN'S PRIVACY
SecureShare does not knowingly collect personal information from children under 13 (or 16 in
the EU). If you believe a child has provided us with personal information, please contact us
immediately.
9. COOKIES AND TRACKING
9.1 Essential Cookies Only
SecureShare uses minimal, essential cookies for:
- Service functionality (session management)
- Security (preventing abuse)
- Performance (basic error tracking)
9.2 No Tracking or Advertising
We do NOT use:
- Advertising or marketing cookies
- Cross-site tracking
- Analytics that identify individual users
- Social media tracking pixels
- Behavioral profiling tools
10. THIRD-PARTY SERVICES
10.1 Service Dependencies
SecureShare may use third-party services for:
- Cloud Infrastructure: Hosting and content delivery
- Security Services: DDoS protection and security monitoring
- WebRTC Infrastructure: STUN/TURN servers for P2P connections
10.2 Third-Party Privacy
These services:
- Cannot access your encrypted files or filenames
- May receive minimal technical data (IP addresses, connection info)
- Are selected based on their privacy and security standards
- Are contractually bound to protect any data they receive
11. DATA RETENTION
11.1 File Storage
-
Server Storage: Encrypted files automatically deleted after [X] days of
inactivity
- P2P Transfers: No files stored on our servers
-
Temporary Data: Session data deleted immediately after transfer completion
11.2 Technical Data
- Connection Logs: 30 days maximum
- Error Logs: 30 days maximum
- Usage Statistics: 90 days (anonymized/aggregated)
- Security Logs: 1 year for serious security incidents
12. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect:
- Changes in privacy laws or regulations
- Improvements to our privacy practices
- New features or services
- User feedback and recommendations
We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Providing notice through the Service when possible
13. CONTACT INFORMATION
14. SUPERVISORY AUTHORITY
EU users have the right to lodge a complaint with their local supervisory authority if they
believe we have violated GDPR. You can find your local authority at:
https://edpb.europa.eu/about-edpb/board/members_en