Privacy Policy

• Your vault is protected by three encryption layers: Vault Encryption (at rest), Credential Encryption (per-field), and Identity Encryption (client-side). All data is encrypted in transit (TLS).
• Identity fields are encrypted client-side with a key derived from your device (via WebAuthn PRF). We cannot decrypt them. Ever.
• No analytics. No tracking pixels. No third-party scripts.
• We don't sell, share, or rent your data. To anyone. For any reason.
• You can delete your account and all data at any time.

This privacy policy applies to the Clavitor service at clavitor.ai.

When you use Clavitor, we store:

• Account information: email address and authentication credentials
• Credential fields: encrypted at rest with AES-256-GCM using your vault key
• Identity fields: encrypted client-side with a key derived from your device (via WebAuthn PRF) before reaching our servers — stored as ciphertext we cannot decrypt
• Metadata: entry creation and modification timestamps, entry titles

• IP address logs (not stored beyond immediate request processing)
• Usage analytics or telemetry
• Browser fingerprints
• Cookies beyond session authentication

Fields protected by Identity Encryption are encrypted in your browser using a key derived from your fingerprint, face, or security key (YubiKey or any FIDO2 device) via the WebAuthn PRF extension. The encryption key never leaves your device. Our servers store only the resulting ciphertext. We cannot decrypt Identity fields, and no future policy change, acquisition, or legal order can change this — the mathematical reality is that we don't have the key.

When you create a vault, you choose a region. Your data stays in that region. We don't replicate across regions unless you explicitly request it.

We use infrastructure providers (cloud hosting, DNS) to run the service. These providers process encrypted data in transit but do not have access to your vault contents. We do not use any analytics services, advertising networks, or data brokers.

If compelled by valid legal process, we can only provide: your email address, account creation date, and encrypted vault data. Credential fields are encrypted with your vault key (which we do not store). Identity fields are encrypted client-side. In practice, we have very little useful information to provide. The Zurich jurisdiction provides additional legal protections against foreign government requests.

Cancel anytime from your account settings. Annual plans continue through the end of your paid year, monthly plans through the current billing cycle. We remind you 14 days before renewal.

After cancellation. Your vaults become read-only for 30 days — you can still view, copy, and export everything. Reactivate within this window and you're back to normal. After 30 days, vault data is permanently deleted. Compliance backups are destroyed 30 days after that. You can request immediate deletion at any time.

Refunds. After any charge, you have 14 days to cancel for a full refund. Self-service, instant, no questions asked. See Terms of Service for full details.

We'll notify registered users by email before making material changes to this policy. The current version is always available at this URL.

Questions about this policy? Email privacy@clavitor.ai.