Privacy Policy

Last updated: 31 March 2026

The short version

We collect as little as possible. We don't track you. We don't sell data. The browser demo never sends your data anywhere.

What we collect

Browser demo

Nothing. All encryption and decryption runs in your browser. No data is sent to our servers. No cookies. No analytics. No tracking pixels.

API

When you register for an API key, we store:

• Your email address
• Your API key (for authentication)
• A name, if you provide one
• Monthly request counts (for usage metering)

We do not store or log:

• Your passwords
• Your plaintext messages
• Your ciphertext
• Your control files
• Request bodies or payloads
• IP addresses (beyond what's in standard server logs, rotated daily)

Stripe

Paid subscriptions are processed by Stripe. We do not see or store your payment card details. Stripe collects billing information under their own privacy policy.

Data storage

API registration data is stored in a local database on our server. It is not shared with third parties, not used for marketing, and not sold.

Data deletion

Email hello@deny.sh to request deletion of your account and associated data. We will process requests within 7 days.

Cookies

We don't use cookies. No cookie banner needed.

Analytics

We don't use analytics. No Google Analytics, no Mixpanel, no tracking scripts.

Third parties

The only third-party service is Stripe for payment processing. Google Fonts is loaded for typography. No other external services are used.

Your rights (UK GDPR)

You have the right to access, correct, or delete your personal data. You have the right to object to processing. Contact hello@deny.sh for any data requests.

Data controller

Alexander Levin, United Kingdom. Contact: hello@deny.sh.

Changes

We may update this policy. Changes will be posted on this page with an updated date.