EnvRelay is designed around zero-knowledge principles. Secrets are encrypted in your browser before they sync with our infrastructure. This notice explains what limited personal data we process to operate the service, how we safeguard it, and the choices available to you.
Plaintext environment values never leave your browser. We store ciphertext plus operational metadata only.
1. Data We Process
Account details: identifiers supplied by your authentication provider (name, email, profile image).
Operational metadata: project names, variant labels, timestamps, audit trails, view counters, and hashed identifiers required to deliver features like share tracking.
Technical logs: IP address, user agent, and error diagnostics collected to secure the platform and troubleshoot issues.
2. Data We Do Not Process
Plaintext values stored in your environment variants or share payloads.
Master keys, share keys, or passphrases generated client-side.
Advertising identifiers or behavioural tracking beacons.
3. How We Use Your Data
Authenticate you and authorise access to vault resources you own.
Provide encrypted sync, share issuance, and audit history features.
Communicate about product updates, security notices, or support responses.
Monitor for abuse, investigate security incidents, and maintain system reliability.
4. Sharing & Disclosure
We share personal data only with service providers that help us operate EnvRelay, such as hosting, database, and analytics partners. These providers are contractually required to safeguard your information and may access it solely to perform their contracted services. We may also disclose information if required by law or to protect the rights, property, or safety of our users and infrastructure.
5. Storage & Retention
Encrypted environment payloads remain stored until you delete the project or request account deletion.
Operational logs are retained for approximately 30 days unless a longer period is required to investigate abuse.
Backups are encrypted and rotated on a scheduled cadence to support disaster recovery.
6. Your Choices
You can delete projects, variants, and share links within the app to remove associated encrypted payloads and metadata.
Contact us to request account deletion or to obtain a copy of your personal data.
You may opt out of non-essential communications by using the unsubscribe link included in those messages.
7. International Transfers
EnvRelay may store and process data in the United States or other regions where our infrastructure providers operate. We implement safeguards appropriate to the transfer, such as standard contractual clauses and encryption in transit and at rest.
8. Children's Privacy
The service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can remove it.
9. Updates to This Notice
We may revise this notice to reflect changes in our practices or legal requirements. We will post updates here and, when appropriate, notify you within the product or by email. Continued use after a change becomes effective constitutes acceptance of the updated notice.
10. Contact
For privacy questions or requests, email contact@canwebe.in. We typically respond within a few business days.