Privacy Policy
Last updated: March 16, 2026
1. Information We Collect
When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). When you use the Service, we collect usage data including dependency analysis results, project metadata, and activity logs. We do not collect or store the plaintext values of your secrets or environment variables — all secret values are encrypted before storage.
2. How We Use Your Information
We use your information to: (a) provide and maintain the Service; (b) authenticate your identity; (c) send transactional emails such as verification and password reset; (d) generate aggregated, anonymized usage statistics; (e) detect and prevent abuse. We do not sell your personal information to third parties.
3. Data Storage and Security
All data is stored in PostgreSQL databases with encryption at rest. Secret values and environment variables are encrypted using AES-256-GCM with unique initialization vectors per entry. Encryption keys are managed separately from the database. Decrypted values are never written to logs or persisted outside of encrypted storage. All data transmission uses TLS 1.2 or higher.
4. One-Time Sharing Links
When you create a one-time sharing link, the shared content is encrypted and stored temporarily. After the first access, the content is permanently deleted from our systems. Expired links are purged automatically.
5. Cookies
We use httpOnly cookies to manage authentication sessions (access and refresh tokens). We do not use tracking cookies or third-party advertising cookies.
6. Third-Party Services
We use Stripe, Inc. as our payment processor. When you subscribe to a paid plan, your payment information (such as credit card number and billing address) is transmitted directly to Stripe and is subject to Stripe's Privacy Policy (https://stripe.com/privacy). We do not store your full credit card details. We may also use third-party services for email delivery, error monitoring, and infrastructure hosting. These providers are contractually bound to protect your data. We do not share your secrets or environment variable values with any third party.
7. Data Retention
Your data is retained for as long as your account is active. When you delete your account, your personal information, projects, secrets, and environment variables are permanently deleted within 30 days. Audit logs may be retained for up to 1 year depending on your subscription tier for compliance purposes.
8. Your Rights
You have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your account and associated data; (d) export your data in a standard format; (e) withdraw consent for optional data processing. To exercise these rights, contact us at privacy@depvault.com.
9. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact
If you have questions about this Privacy Policy, contact us at privacy@depvault.com or by mail at: Sukhrobbek Ilyosbekov, 132 Marginal Way, Apt 218, Portland, ME 04101.
12. Governing Law
This Privacy Policy and any disputes arising from it shall be governed by and construed in accordance with the laws of the State of Maine, United States, without regard to its conflict of law provisions.