FyVault
Legal

Privacy Policy

Last updated: April 2026

1. Introduction

FyVault ("we", "our", "us") is operated by Fybyte. This Privacy Policy explains how we collect, use, and protect your information when you use our secrets management platform.

2. Zero-Knowledge Architecture

FyVault is designed with a zero-knowledge architecture. Secrets are encrypted on your device before being transmitted to our servers. We never have access to your plaintext secrets. Encryption keys are derived from your organization's master key, which we do not store.

3. Information We Collect

We collect the following information to provide our service:

  • Account data: Email address, name, and organization name when you register.
  • Device metadata: Device fingerprints (hardware identifiers) used for access control. We do not collect personal files or browsing data.
  • Audit logs: Records of secret access events (who, what, when, where) for security and compliance.
  • Usage data: Aggregated, anonymized usage statistics to improve the platform.

4. How We Use Your Information

  • To provide and maintain the FyVault service.
  • To authenticate devices and enforce access policies.
  • To generate audit trails as required by your organization.
  • To send service-related communications (security alerts, updates).
  • To improve the platform based on aggregated usage patterns.

5. Data Retention

Account data is retained for the duration of your account. Audit logs are retained according to your plan (7 days for Free, 90 days for Pro, custom for Enterprise). Encrypted secret data is deleted within 30 days of being removed from your vault.

6. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM). Secrets are encrypted client-side before reaching our servers. We undergo regular security audits and penetration testing.

7. Third Parties

We do not sell your data. We use a minimal set of infrastructure providers (cloud hosting, email delivery) who process data under strict data processing agreements.

8. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by contacting privacy@fybyte.com. You can export your data or delete your account from the Settings page.

9. Contact

For privacy-related questions, contact us at privacy@fybyte.com.