Privacy Policy

Effective Date: August 14, 2025

Your privacy is not just a policy for us; it is the core principle of our architecture. This document explains what information we collect and why, but more importantly, what information we are cryptographically unable to access.

The Zero-Knowledge Guarantee

The most important aspect of our privacy policy is our Zero-Knowledge architecture. This means that any content you upload to the Hereditas platform (documents, notes, passwords, etc.) is encrypted on your device before it is sent to our servers. We only store the encrypted data. Your master password, which is used to generate the encryption key, is never transmitted to us. Therefore, we have zero knowledge of the content of your data. We cannot see it, access it, or share it, even if compelled to do so.

1. Information We Collect

To provide our services, we collect a minimal amount of information:

  • Account Information: To create an account, we require a contact email address. This is used for billing, account management, and important service notifications.
  • Billing Information: For paying customers, we use a third-party payment processor (e.g., Stripe). We do not store your full credit card details on our servers. We only store the necessary information for subscription management, such as the subscription plan and payment status.
  • Usage Metadata: We collect non-personally identifiable, aggregated data about how our service is used. This includes information like the total amount of encrypted data stored (but not the content), the date of your last login, and which features are used most frequently. This helps us improve our service and infrastructure.
  • Website Analytics: Like most websites, we use analytics tools (e.g., Google Analytics) to understand visitor traffic to our public-facing website (hereditas.digital). This includes information like your IP address, browser type, and pages visited. This data is used to improve our marketing and communication and is separate from the data stored within our secure platform.

2. How We Use Your Information

  • To provide, maintain, and improve our services.
  • To process payments and manage your subscription.
  • To communicate with you about your account, security updates, and other essential service-related matters.
  • To respond to your support requests. We will never ask for your master password.

3. Information We Do Not Collect

  • Your Master Password: We will never ask for it and never store it.
  • Your Unencrypted Data: We are architecturally incapable of accessing the content you store in your vault.

4. Data Security

We implement industry-leading security measures to protect the minimal data we do store. All communications are encrypted using TLS, and our infrastructure is protected by robust security protocols. For more details, please see our Security Architecture page.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share information with third-party service providers only as necessary to provide our service (e.g., payment processors, cloud infrastructure providers). These providers are bound by their own strict privacy and security obligations.

We will only disclose your information if required by law, and we will always attempt to notify you before doing so, unless legally prohibited. Note that due to our zero-knowledge architecture, we cannot provide the content of your data to any third party.

6. Your Rights

You have the right to access, update, or delete your account information at any time. You can export your encrypted data vault at any time. If you choose to delete your account, all your data, including all encrypted content, will be permanently and irretrievably deleted from our servers.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email. Your continued use of the service after such changes constitutes your acceptance of the new policy.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at legal@hereditas.digital.