Privacy Policy

Last updated: 4 April 2026

The short version

We collect as little as possible. We don't track you. We don't sell data. We don't use cookies or analytics. The browser tools never send your data anywhere. The API stores only what's needed to authenticate you and count usage.

1. Data controller

The data controller for your personal data is:

Treehouse in Valhalla Ltd
Company No. 15770209
Registered in England and Wales
Email: hello@deny.sh

2. Lawful basis for processing

We process personal data on the following legal bases under UK GDPR:

• Contract performance (Article 6(1)(b)): processing your email and API key is necessary to provide the Service you signed up for
• Legitimate interests (Article 6(1)(f)): usage metering, rate limiting, abuse prevention, and service security. We have balanced these interests against your rights and believe they do not override your fundamental rights and freedoms.

3. What we collect

Browser tools: nothing

All encryption, decryption, steganography, Shamir splitting, and seed phrase protection runs entirely in your browser. No data is sent to our servers. No telemetry. No fingerprinting. Zero knowledge.

API registration

When you register for an API key, we store:

• Your email address
• A hash of your API key (for authentication)
• A display name, if you provide one
• Monthly request counts (for usage metering and billing)
• Your subscription tier

Vault

If you use the vault feature, we store your encrypted data blobs exactly as you submit them. Data is encrypted client-side before upload. We store the encrypted payload, IV, and salt. We cannot read or decrypt your vault contents.

Dead man's switch

If you configure a dead man's switch, we store:

• Your encrypted payload, IV, and salt (encrypted client-side, we cannot read it)
• Recipient email addresses and optional names (in plaintext, necessary for delivery)
• Check-in schedule configuration and check-in timestamps
• Switch status and trigger history

Payment (Stripe)

Paid subscriptions are processed by Stripe. We do not see, receive, or store your payment card details. Stripe collects and processes billing information under their own privacy policy. We receive only: confirmation of payment, subscription status, and your Stripe customer ID.

Server logs

Our web server generates standard access logs containing IP addresses, request paths, status codes, and timestamps. These logs are rotated and deleted daily. We do not correlate log data with user accounts.

4. What we do NOT collect

• Your passwords or encryption keys, ever
• Your plaintext messages or decrypted content
• Your control files or ciphertext (API processes these in memory, not stored)
• Cookies: we use none
• Analytics or tracking data: no Google Analytics, no Mixpanel, no tracking pixels, no fingerprinting
• Browsing behaviour or click tracking
• Device identifiers or advertising IDs

5. Third-party processors (sub-processors)

We use the following third-party services to operate deny.sh. Where you access deny.sh through our API, vault, or website, the following processors may handle your data on our behalf under UK GDPR Article 28:

Cloudflare, Inc. (network edge, WAF, DDoS protection)

All HTTP traffic to deny.sh and the deny.sh API passes through Cloudflare's global edge network. Cloudflare terminates TLS at the edge, applies WAF rules, and forwards requests to our origin server. Cloudflare therefore processes IP addresses, request headers, request paths, and metadata for the purpose of DDoS protection and routing. Region: global edge with traffic typically served from the nearest UK/EU point of presence. Transfer mechanism: UK GDPR adequacy decision for the United States (Data Privacy Framework) and Cloudflare's standard data-processing terms.

Amazon Web Services, Inc. (managed vault hosting, paid tiers)

The managed vault for paid Business and Enterprise plans is hosted on Amazon Web Services infrastructure. AWS therefore processes encrypted vault payloads at rest and in transit. Vault payloads are encrypted client-side before they leave your browser; AWS never receives plaintext data. Region: eu-west-2 (London) by default for UK and EU customers, with optional multi-region replication on Business+ plans (see vault-managed for current regions). Transfer mechanism: UK GDPR adequacy decision for the United States and AWS Data Processing Addendum.

Stripe, Inc. (payments)

Stripe processes all payment transactions. They may store billing information, card details, and transaction records under their own privacy policy. We do not see, receive, or store your payment card details. Stripe is certified under the UK-US and EU-US Data Privacy Framework.

Resend, Inc. (transactional email)

We use Resend to send transactional emails, including dead man's switch notifications and account-related communications. Resend processes recipient email addresses and email content for the purpose of delivery.

We self-host all web fonts (Inter, JetBrains Mono) from our own infrastructure, so font loading does not introduce a third-party processor. We do not use Google Fonts, any advertising network, social media tracker, or analytics platform.

6. Data retention

• API keys and account data: retained for as long as your account is active. Deleted within 7 days of an account deletion request, with a deletion certificate available on request.
• Usage logs: aggregated monthly counts retained for billing purposes. Detailed request logs deleted after 90 days.
• Vault data: retained until you delete it, or until your account is deleted.
• Dead man's switch data: retained until you delete the switch, the switch triggers and data is delivered, or your account is deleted.
• Server access logs: rotated and deleted daily.
• Stripe billing data: retained by Stripe under their retention policy. We retain only subscription status and Stripe customer IDs.

7. Data security

We implement appropriate technical and organisational measures to protect your personal data:

• All data in transit is protected by TLS (HTTPS)
• Vault and dead man's switch payloads are encrypted client-side before reaching our servers
• API keys are stored as cryptographic hashes, not in plaintext
• Rate limiting and access controls protect against abuse
• Server access is restricted and monitored
• We do not store sensitive data (passwords, plaintext, control files) at any point

8. International transfers

Our primary API and website infrastructure is located in London, United Kingdom. The following sub-processors may process data outside the UK:

• Cloudflare: routes traffic through its global edge network. Most UK and EU requests terminate at a UK or EU point of presence; some metadata may be processed in the US. Transfer is covered by the UK-US Data Privacy Framework adequacy regulations and Cloudflare's standard data-processing terms.
• Amazon Web Services: managed-vault payloads are stored in eu-west-2 (London) by default. Customers on Business+ plans may opt into additional regions (see vault-managed). Where data is replicated outside the UK, transfers rely on UK-US Data Privacy Framework adequacy regulations or the UK International Data Transfer Addendum to the EU SCCs.
• Stripe: may process payment data in the US and other jurisdictions. Transfers covered by the UK-US Data Privacy Framework and Stripe's Standard Contractual Clauses.
• Resend: may process email data in the US. Transfers covered by the UK-US Data Privacy Framework adequacy regulations.

Where personal data is transferred outside the UK, we rely on the safeguards listed above to satisfy UK GDPR Articles 44-49. A copy of any standard contractual terms is available on request to privacy@deny.sh.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate personal data
• Right to erasure: request deletion of your personal data (subject to any legal retention obligations)
• Right to restriction: request that we limit how we process your data in certain circumstances
• Right to data portability: receive your personal data in a structured, commonly used, machine-readable format
• Right to object: object to processing based on legitimate interests

To exercise any of these rights, email hello@deny.sh. We will respond within 30 days. There is no fee for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Note on encrypted data: if you request erasure, we can delete your account, vault contents, and dead man's switch configurations. However, we cannot selectively delete or modify data that has already been encrypted and delivered to dead man's switch recipients.

10. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

• We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required
• We will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms
• We will document all breaches, including those not requiring notification, as required by UK GDPR

11. Children

The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

12. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will provide notice to registered users by email where possible. We encourage you to review this policy periodically.

13. Contact and complaints

For any questions or requests regarding this privacy policy or your personal data, contact us at hello@deny.sh.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk/make-a-complaint
Helpline: 0303 123 1113