Privacy Policy

SecureWarp is a zero knowledge encrypted cloud storage service based in Minnesota, United States. You can reach us at hello@securewarp.com.

Every file, folder name, and share is encrypted in your browser before it reaches our servers. We store only ciphertext and do not hold the keys to decrypt it. Your password never leaves your device.

If you lose both your password and your 24 word recovery phrase, your data is permanently inaccessible. We cannot reset your password or recover your files. This is by design.

We collect the minimum data required to run the service:

• Account info: email address, optional display name
• Encrypted files: stored as ciphertext we cannot read
• Metadata: file sizes, timestamps, sharing relationships
• Technical data: IP address (temporarily, for rate limiting), session cookies (for authentication)

We use cookieless, aggregated analytics that do not build per user profiles. We use error monitoring with all personal data stripped before transmission.

We do not collect plaintext file contents, filenames, passwords, or recovery phrases.

• Provide and maintain the service
• Authenticate your identity and manage sessions
• Send transactional email (no marketing without your consent)
• Prevent abuse and enforce rate limits

We do not sell your personal data. We do not share it with advertisers or data brokers.

We use a small number of service providers to operate the platform (hosting, database, email delivery, error monitoring). Each processes data only as necessary to deliver their service to us and is not authorized to use it for their own purposes. Your file contents remain encrypted and unreadable to all parties, including us and our providers.

Account data is retained until you delete your account. Encrypted files are deleted when you delete them, empty trash, or delete your account. IP addresses for rate limiting are retained briefly (typically one hour) then purged automatically.

You can delete your account and all associated data at any time from Settings. Deletion is permanent and irreversible.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data. You may also have the right to opt out of the sale of personal data or targeted advertising. We do not sell personal data or engage in targeted advertising.

Because your files are end to end encrypted, we cannot access or produce the plaintext content of your files in response to any request. We can provide the account metadata we hold (email, timestamps, sharing relationships).

To exercise your rights, contact us at hello@securewarp.com.

Our servers are located in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. Because file contents are encrypted before they leave your device, the plaintext never crosses any border.

We use strong encryption and modern authentication protocols to protect your data. No system is perfectly secure. We are committed to notifying affected users within 48 hours of discovering a data breach, consistent with Minnesota law.

SecureWarp is not directed at children under 13. We do not knowingly collect data from children under 13. If we become aware of such data, we will delete the account promptly.

If we make material changes to this policy, we will notify you at least 15 days in advance via email or an in app notice. Continued use after the effective date constitutes acceptance.

Questions or data rights requests: hello@securewarp.com.