johan
/
vault1984-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vault1984-web/privacy.html

194 lines
12 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Policy — Vault1984</title>
<meta name="description" content="Vault1984 privacy policy. No analytics, no tracking, no data sales.">
<script src="https://cdn.tailwindcss.com"></script>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
<script>
tailwind.config = {
theme: {
extend: {
colors: {
navy: { DEFAULT: '#0A1628', light: '#111f38', lighter: '#1a2d4f' },
accent: '#22C55E',
'accent-hover': '#16A34A',
danger: '#EF4444',
},
fontFamily: {
sans: ['Inter', 'system-ui', 'sans-serif'],
mono: ['JetBrains Mono', 'monospace'],
},
}
}
}
</script>
<style>
body { background-color: #0A1628; }
</style>
</head>
<body class="font-sans text-gray-300 antialiased">
<!-- Nav -->
<nav class="fixed top-0 w-full z-50 bg-navy/80 backdrop-blur-md border-b border-white/5">
<div class="max-w-6xl mx-auto px-6 h-16 flex items-center justify-between">
<a href="/" class="font-mono font-semibold text-xl text-white tracking-tight">vault<span class="text-accent">1984</span></a>
<div class="hidden md:flex items-center gap-6 text-sm">
<a href="#" class="text-gray-400 hover:text-white transition-colors">GitHub</a>
<a href="/install.html" class="text-gray-400 hover:text-white transition-colors">Self-host</a>
<a href="#" class="border border-gray-600 text-gray-300 hover:border-gray-400 hover:text-white px-4 py-1.5 rounded-lg transition-colors text-sm">Sign in</a>
<a href="/pricing.html" class="bg-accent hover:bg-accent-hover text-black font-medium px-4 py-1.5 rounded-lg transition-colors text-sm">Get hosted &mdash; $12/yr</a>
</div>
<button id="mobile-menu-btn" class="md:hidden text-gray-400">
<svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16"/></svg>
</button>
</div>
<div id="mobile-menu" class="hidden md:hidden border-t border-white/5 bg-navy/95 backdrop-blur-md">
<div class="px-6 py-4 space-y-3">
<a href="#" class="block text-gray-400 hover:text-white">GitHub</a>
<a href="/install.html" class="block text-gray-400 hover:text-white">Self-host</a>
<a href="#" class="block text-gray-400 hover:text-white">Sign in</a>
<a href="/pricing.html" class="block bg-accent hover:bg-accent-hover text-black font-medium px-4 py-2 rounded-lg text-center">Get hosted &mdash; $12/yr</a>
</div>
</div>
</nav>
<!-- Content -->
<section class="pt-32 pb-20 px-6">
<div class="max-w-3xl mx-auto">
<h1 class="text-4xl md:text-5xl font-bold text-white mb-4">Privacy Policy</h1>
<p class="text-gray-500 text-sm mb-12">Last updated: February 2026</p>
<div class="space-y-10 text-gray-400 text-sm leading-relaxed">
<div>
<h2 class="text-xl font-semibold text-white mb-3">The short version</h2>
<ul class="space-y-2">
<li class="flex items-start gap-3">
<svg class="w-4 h-4 text-accent flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/></svg>
Your vault data is encrypted at rest (L1) and in transit (TLS).
</li>
<li class="flex items-start gap-3">
<svg class="w-4 h-4 text-accent flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/></svg>
L2 data is encrypted client-side with WebAuthn PRF. We cannot decrypt it. Ever.
</li>
<li class="flex items-start gap-3">
<svg class="w-4 h-4 text-accent flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/></svg>
No analytics. No tracking pixels. No third-party scripts.
</li>
<li class="flex items-start gap-3">
<svg class="w-4 h-4 text-accent flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/></svg>
We don't sell, share, or rent your data. To anyone. For any reason.
</li>
<li class="flex items-start gap-3">
<svg class="w-4 h-4 text-accent flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/></svg>
You can delete your account and all data at any time.
</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">What this policy covers</h2>
<p>This privacy policy applies to the hosted Vault1984 service at vault1984.com. If you self-host Vault1984, your data never touches our servers and this policy doesn't apply to you — your privacy is entirely in your own hands.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Data we store</h2>
<p class="mb-3">When you use hosted Vault1984, we store:</p>
<ul class="list-disc list-inside space-y-1 ml-1">
<li><strong class="text-gray-300">Account information:</strong> email address and authentication credentials</li>
<li><strong class="text-gray-300">L1 vault data:</strong> encrypted at rest with AES-256-GCM using your vault key</li>
<li><strong class="text-gray-300">L2 vault data:</strong> encrypted client-side with WebAuthn PRF before reaching our servers — stored as ciphertext we cannot decrypt</li>
<li><strong class="text-gray-300">Metadata:</strong> entry creation and modification timestamps, entry titles (L1)</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Data we don't store</h2>
<ul class="list-disc list-inside space-y-1 ml-1">
<li>IP address logs (not stored beyond immediate request processing)</li>
<li>Usage analytics or telemetry</li>
<li>Browser fingerprints</li>
<li>Cookies beyond session authentication</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">L2 encryption guarantee</h2>
<p>Fields marked as L2 are encrypted in your browser using a key derived from your WebAuthn authenticator (Touch ID, Windows Hello, or a hardware security key) via the PRF extension. The encryption key never leaves your device. Our servers store only the resulting ciphertext. We cannot decrypt L2 fields, and no future policy change, acquisition, or legal order can change this — the mathematical reality is that we don't have the key.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Data residency</h2>
<p>When you create a hosted vault, you choose a region. All infrastructure is Hostkey TIER III.</p>
<ul class="list-disc list-inside space-y-1 ml-1 mt-2">
<li><strong class="text-gray-300">US East (New York)</strong> — data stored in the United States</li>
<li><strong class="text-gray-300">EU West (Amsterdam)</strong> — data stored in the European Union</li>
<li><strong class="text-gray-300">EU Central (Frankfurt)</strong> — data stored in the European Union</li>
<li><strong class="text-gray-300">EU North (Helsinki)</strong> — data stored in the European Union (coming soon)</li>
</ul>
<p class="mt-2">EU data stays on EU servers. US data stays on US servers. We don't replicate across regions unless you explicitly request it.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Third parties</h2>
<p>We use infrastructure providers (cloud hosting, DNS) to run the service. These providers process encrypted data in transit but do not have access to your vault contents. We do not use any analytics services, advertising networks, or data brokers.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Law enforcement</h2>
<p>If compelled by valid legal process, we can only provide: your email address, account creation date, and encrypted vault data. L1 data is encrypted with your vault key (which we do not store). L2 data is encrypted client-side. In practice, we have very little useful information to provide.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Account deletion</h2>
<p>You can delete your account and all associated data at any time from the web interface. Deletion is immediate and irreversible. Backups containing your data are rotated out within 30 days.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Changes to this policy</h2>
<p>We'll notify registered users by email before making material changes to this policy. The current version is always available at this URL.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-white mb-3">Contact</h2>
<p>Questions about this policy? Email privacy@vault1984.com.</p>
</div>
</div>
</div>
</section>
<!-- Footer -->
<footer class="border-t border-white/5 py-12 px-6">
<div class="max-w-6xl mx-auto flex flex-col md:flex-row items-center justify-between gap-6">
<div class="flex items-center gap-6">
<a href="/" class="font-mono font-semibold text-lg text-white tracking-tight">vault<span class="text-accent">1984</span></a>
<div class="flex items-center gap-4 text-sm text-gray-500">
<a href="#" class="hover:text-gray-300 transition-colors">GitHub</a>
<a href="#" class="hover:text-gray-300 transition-colors">Discord</a>
<a href="#" class="hover:text-gray-300 transition-colors">X</a>
</div>
</div>
<div class="flex items-center gap-6 text-sm text-gray-500">
<a href="/privacy.html" class="hover:text-gray-300 transition-colors">Privacy</a>
<a href="/terms.html" class="hover:text-gray-300 transition-colors">Terms</a>
<span>MIT License</span>
</div>
</div>
<div class="max-w-6xl mx-auto mt-8 text-center text-xs text-gray-600">
Built for humans with AI assistants.
</div>
</footer>
<script>
document.getElementById('mobile-menu-btn').addEventListener('click', function() {
document.getElementById('mobile-menu').classList.toggle('hidden');
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink