Ethercrypt Privacy Policy

1. Introduction

Ethercrypt is an open-source, zero-knowledge password manager and TOTP authenticator application. This Privacy Policy explains how information is processed when using Ethercrypt.

This policy applies to all users of the application.

2. Core Design Principles

• Ethercrypt is designed as a zero-knowledge application.
• Master passwords are never stored or transmitted.
• Vault data is encrypted locally on the user’s device before storage.
• The developer cannot access or decrypt user vault data.
• No central backend, user account system, or server-side storage is operated.

If the master password is lost, encrypted data cannot be recovered.

3. Information Processed

3.1 Vault Data (User-Controlled)

• Passwords and login credentials
• Notes
• TOTP secrets
• Other user-defined secure entries

This data is processed locally on the user’s device and may optionally be stored in encrypted form using third-party storage providers selected by the user.

3.2 Local Application Data

• Application settings
• Encryption configuration
• Local metadata required for functionality

3.3 Third-Party Storage Providers (Optional)

• Google Cloud Firestore / Firebase
• Google Drive
• Microsoft OneDrive
• Dropbox

When enabled by the user, encrypted data is transmitted directly between the user’s device and the selected provider. These providers act independently and are governed by their own privacy policies.

3.4 Data Not Collected

• No analytics or telemetry
• No advertising identifiers
• No marketing or profiling
• No identity-linked crash reporting
• No server-side collection of user data

4. Data Controller & Developer Access

The developer does not operate servers, user accounts, or any centralized infrastructure for storing or processing user vault data.

All encryption and decryption occur locally on the user’s device. The developer has no technical ability to access, view, or recover user vault data.

For GDPR purposes, the user generally acts as the primary controller of their own vault data, while the developer does not receive or process personal data through backend systems.

5. Purpose of Processing

• Encrypting and storing vault data locally
• Decrypting vault data on the user’s device
• Generating TOTP authentication codes
• Managing local application settings
• Synchronizing encrypted data with user-selected storage providers

6. Data Sharing

Ethercrypt does not sell, rent, or monetize user data.

• Data is only transmitted when the user enables third-party storage providers
• Data is only processed locally on the user’s device otherwise
• No data is shared with the developer or any backend system

7. Data Retention

• Data remains on the user’s device
• Optional storage occurs only on user-selected third-party providers
• Data can be removed by deleting it locally or uninstalling the application

The developer does not retain any user vault data on any infrastructure.

8. User Rights

Under applicable laws (including the GDPR), users may have rights such as:

• Access to personal data
• Correction or deletion
• Data portability
• Restriction or objection to processing

Because Ethercrypt does not operate a backend or store user vault data, these rights can generally be exercised directly by the user on their device or through the relevant third-party storage provider.

9. Security

• All encryption occurs locally on the user’s device
• Master password is never transmitted or stored
• No system can guarantee absolute security

10. Children’s Privacy

Ethercrypt is not intended for use by individuals below the minimum age required by applicable law in their jurisdiction.

No personal data is knowingly collected by the developer.

11. Open Source

Ethercrypt is open-source software distributed under the MIT License.

Source code is available at: GitHub

12. Changes to This Policy

This Privacy Policy may be updated from time to time. Updates will be published in the application or repository.

13. Contact