Privacy Policy

1. Introduction

Bapla Digital ("we", "us", "our") operates the Bapla Secrets platform ("Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Zero-knowledge architecture

Bapla Secrets is built on a zero-knowledge architecture. All secrets are encrypted client-side in your browser before transmission. The encryption key is placed in the URL fragment and is never sent to our servers. We store only ciphertext and cannot read, access, or disclose the content of your secrets under any circumstances.

3. Information we collect

• Account data: Email address and password (hashed) when you create an account.
• Workspace data: Workspace name, member email addresses.
• Secret metadata: Encrypted ciphertext, IV, salt, expiry settings, creation date, view count. Never plaintext content.
• Usage data: Standard server access logs (IP address, timestamps, HTTP status codes) for security and debugging.
• Billing data: Handled entirely by Stripe. We do not store payment card details.

4. How we use your information

We use the information collected to provide and improve the Service, send transactional emails, process billing, and detect and prevent abuse. We do not sell personal data to third parties.

5. Data retention

Secret content is deleted automatically upon expiry or after reaching the maximum view count. Account data is retained for the duration of your subscription. You may request deletion of your account and all associated data at any time by contacting us.

6. GDPR rights

If you are located in the European Economic Area, you have rights including: access to your data, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, contact us at privacy@bapla.io.

7. Contact

Questions about this Privacy Policy? Contact Bapla Digital at privacy@bapla.io.