Blog Docs Download Status Looking Glass Contact sales
CLAVITORBlack-box credential issuance
Network Security Pricing
Developers
Developer overviewCLI, SDKs, webhooks Browser extensionAutofill, passkeys, generator Mobile appsNative iOS and Android Claude CodeScoped tokens CodexOpenAI integration OpenClawMCP resolver ImportFrom any password manager
Resources
Blog Docs Download Status Looking Glass Contact sales
Solutions
Consumer SMB Enterprise MSP
Language
🇮🇩 Bahasa Indonesia 🇩🇰 Dansk 🇩🇪 Deutsch 🇺🇸 English 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇳🇴 Norsk 🇵🇱 Polski 🇧🇷 Português 🇫🇮 Suomi 🇸🇪 Svenska 🇻🇳 Tiếng Việt 🇹🇷 Türkçe 🇷🇺 Русский 🇺🇦 Українська 🇮🇳 हिन्दी 🇹🇭 ไทย 🇨🇳 中文 🇯🇵 日本語 🇰🇷 한국어
Sign in Use for free — 10 entries

Legal

Privacy Policy

No analytics. No tracking. No data sales.

Last updated: February 2026

The short version

  • Your vault is protected by three encryption layers: Vault Encryption (at rest), Credential Encryption (per-field), and Identity Encryption (client-side). All data is encrypted in transit (TLS).
  • Identity fields are encrypted client-side with WebAuthn PRF. We cannot decrypt them. Ever.
  • No analytics. No tracking pixels. No third-party scripts.
  • We don't sell, share, or rent your data. To anyone. For any reason.
  • You can delete your account and all data at any time.

What this policy covers

This privacy policy applies to the Clavitor service at clavitor.ai.

Data we store

When you use hosted Clavitor, we store:

  • Account information: email address and authentication credentials
  • Credential fields: encrypted at rest with AES-256-GCM using your vault key
  • Identity fields: encrypted client-side with WebAuthn PRF before reaching our servers — stored as ciphertext we cannot decrypt
  • Metadata: entry creation and modification timestamps, entry titles

Data we don't store

  • IP address logs (not stored beyond immediate request processing)
  • Usage analytics or telemetry
  • Browser fingerprints
  • Cookies beyond session authentication

Identity Encryption guarantee

Fields protected by Identity Encryption are encrypted in your browser using a key derived from your WebAuthn authenticator — fingerprint, face, YubiKey, or any FIDO2 device — via the PRF extension. The encryption key never leaves your device. Our servers store only the resulting ciphertext. We cannot decrypt Identity fields, and no future policy change, acquisition, or legal order can change this — the mathematical reality is that we don't have the key.

Data residency

When you create a hosted vault, you choose a region. Your data stays in that region. We don't replicate across regions unless you explicitly request it.

Third parties

We use infrastructure providers (cloud hosting, DNS) to run the service. These providers process encrypted data in transit but do not have access to your vault contents. We do not use any analytics services, advertising networks, or data brokers.

Law enforcement

If compelled by valid legal process, we can only provide: your email address, account creation date, and encrypted vault data. Credential fields are encrypted with your vault key (which we do not store). Identity fields are encrypted client-side. In practice, we have very little useful information to provide. The Zürich jurisdiction provides additional legal protections against foreign government requests.

Account deletion & cancellation

You may cancel your subscription or delete your account at any time. Cancellation takes effect at the start of your next billing period; until that date, your service continues normally.

Deletion upon cancellation. When cancellation takes effect, your vaults are immediately and permanently deleted from our active systems. This deletion is instant and irreversible.

Compliance retention. To satisfy legal and regulatory requirements, we retain encrypted backups for a maximum of 30 days after deletion. These backups exist solely for compliance purposes and are not available for restoration. You cannot request your data from these backups. After 30 days, even these copies are permanently destroyed.

Your warning. We will email you 7 days before your cancellation takes effect, reminding you to export your vault data if you have not already done so. This is your final opportunity to preserve your information.

Immediate termination for cause. In cases of abuse, illegal activity, or security threats, we may terminate immediately without the 7-day warning. The same deletion and backup policies apply.

14-day regret period for annual renewals. As described in our Terms of Service Section 6, annual subscriptions that auto-renew carry a 14-day post-renewal cancellation window. If you did not intend to renew, cancel within 14 days of the renewal charge for a full refund.

Price for life. Your subscription rate will never increase as long as your subscription remains active. This commitment applies to the currency and tier at which you originally subscribed. See Terms of Service Section 5 for full details.

Changes to this policy

We'll notify registered users by email before making material changes to this policy. The current version is always available at this URL.

Contact

Questions about this policy? Email privacy@clavitor.ai.