johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavitor.ai/templates/privacy.tmpl

80 lines
6.0 KiB
Cheetah
Raw Blame History

{{define "privacy"}}
<div class="hero container">
<p class="label mb-3">Legal</p>
<h1 class="mb-4">Privacy Policy</h1>
<p class="lead mb-4">No analytics. No tracking. No data sales.</p>
<p class="mb-4 text-sm text-tertiary">Last updated: February 2026</p>
</div>
<hr class="divider">
<div class="section container">
<div class="prose prose-width">
<h2>The short version</h2>
<ul>
<li>Your vault is protected by three encryption layers: Vault Encryption (at rest), Credential Encryption (per-field), and Identity Encryption (client-side). All data is encrypted in transit (TLS).</li>
<li>Identity fields are encrypted client-side with WebAuthn PRF. We cannot decrypt them. Ever.</li>
<li>No analytics. No tracking pixels. No third-party scripts.</li>
<li>We don't sell, share, or rent your data. To anyone. For any reason.</li>
<li>You can delete your account and all data at any time.</li>
</ul>
<h2>What this policy covers</h2>
<p>This privacy policy applies to the hosted Clavitor service at clavitor.ai. If you self-host Clavitor, your data never touches our servers and this policy doesn't apply to you — your privacy is entirely in your own hands.</p>
<h2>Data we store</h2>
<p>When you use hosted Clavitor, we store:</p>
<ul>
<li><strong>Account information:</strong> email address and authentication credentials</li>
<li><strong>Credential fields:</strong> encrypted at rest with AES-256-GCM using your vault key</li>
<li><strong>Identity fields:</strong> encrypted client-side with WebAuthn PRF before reaching our servers — stored as ciphertext we cannot decrypt</li>
<li><strong>Metadata:</strong> entry creation and modification timestamps, entry titles</li>
</ul>
<h2>Data we don't store</h2>
<ul>
<li>IP address logs (not stored beyond immediate request processing)</li>
<li>Usage analytics or telemetry</li>
<li>Browser fingerprints</li>
<li>Cookies beyond session authentication</li>
</ul>
<h2>Identity Encryption guarantee</h2>
<p>Fields protected by Identity Encryption are encrypted in your browser using a key derived from your WebAuthn authenticator — fingerprint, face, YubiKey, or any FIDO2 device — via the PRF extension. The encryption key never leaves your device. Our servers store only the resulting ciphertext. We cannot decrypt Identity fields, and no future policy change, acquisition, or legal order can change this — the mathematical reality is that we don't have the key.</p>
<h2>Data residency</h2>
<p>When you create a hosted vault, you choose a region. Your data stays in that region. We don't replicate across regions unless you explicitly request it.</p>
<h2>Third parties</h2>
<p>We use infrastructure providers (cloud hosting, DNS) to run the service. These providers process encrypted data in transit but do not have access to your vault contents. We do not use any analytics services, advertising networks, or data brokers.</p>
<h2>Law enforcement</h2>
<p>If compelled by valid legal process, we can only provide: your email address, account creation date, and encrypted vault data. Credential fields are encrypted with your vault key (which we do not store). Identity fields are encrypted client-side. In practice, we have very little useful information to provide. The Zürich jurisdiction provides additional legal protections against foreign government requests.</p>
<h2>Account deletion & cancellation</h2>
<p>You may cancel your subscription or delete your account at any time. Cancellation takes effect at the start of your next billing period; until that date, your service continues normally.</p>
<p><strong>Deletion upon cancellation.</strong> When cancellation takes effect, your vaults are <em>immediately and permanently deleted</em> from our active systems. This deletion is instant and irreversible.</p>
<p><strong>Compliance retention.</strong> To satisfy legal and regulatory requirements, we retain encrypted backups for a maximum of 30 days after deletion. These backups exist solely for compliance purposes and are <em>not available for restoration</em>. You cannot request your data from these backups. After 30 days, even these copies are permanently destroyed.</p>
<p><strong>Your warning.</strong> We will email you 7 days before your cancellation takes effect, reminding you to export your vault data if you have not already done so. This is your final opportunity to preserve your information.</p>
<p><strong>Immediate termination for cause.</strong> In cases of abuse, illegal activity, or security threats, we may terminate immediately without the 7-day warning. The same deletion and backup policies apply.</p>
<p><strong>14-day regret period for annual renewals.</strong> As described in our Terms of Service Section 6, annual subscriptions that auto-renew carry a 14-day post-renewal cancellation window. If you did not intend to renew, cancel within 14 days of the renewal charge for a full refund.</p>
<p><strong>Price for life.</strong> Your subscription rate will never increase as long as your subscription remains active. This commitment applies to the currency and tier at which you originally subscribed. See Terms of Service Section 5 for full details.</p>
<p><strong>Self-hosted exception.</strong> This policy applies only to hosted (paid) service. Self-hosted Community Edition users manage their own data retention and deletion.</p>
<h2>Changes to this policy</h2>
<p>We'll notify registered users by email before making material changes to this policy. The current version is always available at this URL.</p>
<h2>Contact</h2>
<p>Questions about this policy? Email <a href="mailto:privacy@clavitor.ai">privacy@clavitor.ai</a>.</p>
</div>
</div>
{{end}}
Reference in New Issue View Git Blame Copy Permalink