Privacy Policy

Last updated: 6/19/2026

1. Introduction

Shhh ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our zero-knowledge password manager and secrets vault.

2. Zero-Knowledge Architecture

Our core principle is zero-knowledge encryption. This means all of your secrets, passwords, and sensitive data are encrypted on your device before they are ever sent to our servers. We do not have the decryption keys and therefore cannot read, access, or share your stored secrets under any circumstances.

3. Data We Collect

To provide the service, we collect the minimum amount of data necessary:

• Authentication Data: When you sign in with Google OAuth, we receive your email address, name, and profile picture to create and identify your account.
• Encrypted Vault Data: We store the encrypted blobs of your secrets. We cannot read the contents of these blobs.
• Security Settings: Preferences such as your chosen 2FA method status.

4. How We Use Your Data

Your email is used strictly for authentication and account recovery purposes. Your encrypted vault data is stored solely for the purpose of synchronizing it across your devices. We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Deletion

You have the right to request the deletion of your data at any time. You can delete your entire account and all associated encrypted vault data directly from the settings page within the app. Upon deletion, your data is permanently removed from our active servers.

6. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.