Skip to main content

Privacy Policy

Last Updated: February 1, 2026

Our Privacy Commitment

RacterVault is built on zero-knowledge architecture. We cannot access your files, passwords, or encryption keys—even if we wanted to. This isn't just a promise; it's cryptographically impossible.

1. Introduction

RacterVault, LLC ("we," "our," or "us") operates ractervault.com and provides quantum-ready encrypted cloud storage services. This Privacy Policy explains how we collect, use, and protect your information.

Key Principle: We use zero-knowledge encryption, meaning your data is encrypted on your device before it reaches our servers. We never have access to your plaintext data or encryption keys.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name (optional), password hash (not your actual password)
  • Payment Information: Processed by third-party payment processors (Stripe, cryptocurrency payment processors). We do not store credit card numbers.
  • Support Communications: When you contact support, we retain your messages and our responses

2.2 Information We Cannot Access (Zero-Knowledge)

  • Your Files: Encrypted on your device before upload. We only store encrypted blobs.
  • File Names: Encrypted metadata. We cannot see what your files are called.
  • Folder Structure: Encrypted. We don't know how you organize your files.
  • Master Password: Never sent to our servers. Only a derived authentication hash is stored.
  • Encryption Keys: Generated and stored on your device. We never receive them.

2.3 Automatically Collected Information

  • Log Data: IP address, browser type, access times, pages viewed
  • Device Information: Operating system, device type, unique device identifiers
  • Usage Data: Storage used, number of files (not file contents), feature usage
  • Cookies: Session cookies for authentication, preference cookies (optional)

3. How We Use Your Information

3.1 Service Provision

  • Authenticate your account (using password hash, not password)
  • Store your encrypted files
  • Process payments and manage subscriptions
  • Provide customer support
  • Send service-related notifications (account changes, security alerts)

3.2 Service Improvement

  • Analyze usage patterns (aggregated, anonymized data)
  • Improve security and performance
  • Develop new features
  • Prevent fraud and abuse

3.3 Legal Compliance

  • Comply with legal obligations
  • Respond to lawful requests (we can only provide encrypted data)
  • Enforce our Terms of Service
  • Protect our rights and property

4. Information Sharing

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

4.2 Service Providers

We share limited information with trusted service providers:

  • Payment Processors: Stripe (credit cards), BTCPay (cryptocurrency)
  • Infrastructure: Data center providers in Iceland
  • Email Service: Transactional email provider (account notifications)
  • Analytics: Privacy-respecting analytics (Plausible, self-hosted)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law:

  • In response to valid legal process (subpoena, court order)
  • To protect our rights, property, or safety
  • To prevent fraud or abuse

Important: Due to zero-knowledge encryption, we can only provide encrypted data and metadata. We cannot decrypt your files.

4.4 Business Transfers

If RacterVault is acquired or merged, your information may be transferred. We will notify you and ensure the new entity honors this Privacy Policy.

5. Data Storage and Security

5.1 Data Location

  • Primary Storage: Iceland (outside 14-Eyes surveillance alliance)
  • Backups: Encrypted backups in geographically distributed locations
  • Jurisdiction: Icelandic data protection laws apply

5.2 Security Measures

  • Encryption in Transit: TLS 1.3 for all connections
  • Encryption at Rest: Your files are already encrypted before upload
  • Zero-Knowledge Architecture: We cannot access your data
  • Access Controls: Strict employee access policies
  • Security Audits: Regular third-party security assessments
  • Incident Response: 24/7 security monitoring

5.3 Data Retention

  • Active Accounts: Data retained as long as account is active
  • Deleted Accounts: Data permanently deleted within 30 days
  • Backups: Deleted data removed from backups within 90 days
  • Logs: Retained for 1 year for security and compliance

6. Your Rights (GDPR & Icelandic DPA)

6.1 Access and Portability

  • Right to Access: Request a copy of your personal data
  • Right to Portability: Export your encrypted files anytime

6.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Delete your account and all associated data

6.3 Control and Objection

  • Right to Object: Object to processing of your data
  • Right to Restriction: Limit how we process your data
  • Right to Withdraw Consent: Withdraw consent for optional processing

6.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@ractervault.com. We will respond within 30 days.

7. Cookies and Tracking

7.1 Essential Cookies

  • Session Cookies: Required for authentication (cannot be disabled)
  • Security Cookies: CSRF protection, rate limiting

7.2 Optional Cookies

  • Preference Cookies: Remember your settings (theme, language)
  • Analytics Cookies: Privacy-respecting analytics (no tracking across sites)

7.3 Third-Party Cookies

We do not use third-party advertising or tracking cookies. Our analytics are self-hosted and privacy-respecting.

8. Children's Privacy

RacterVault is not intended for children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately.

9. International Data Transfers

Your data is stored in Iceland. If you access RacterVault from outside Iceland, your information will be transferred to Iceland. We ensure adequate protection through:

  • GDPR compliance
  • Standard contractual clauses
  • Zero-knowledge encryption (data encrypted before transfer)

10. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via:

  • Email notification
  • In-app notification
  • Prominent notice on our website

Continued use after changes constitutes acceptance. If you disagree, you may delete your account.

11. Contact Us

For privacy-related questions or concerns:

12. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with:

Summary: What Makes Us Different

  • We cannot access your files - Zero-knowledge encryption means it's cryptographically impossible
  • We don't sell your data - Our business model is subscriptions, not surveillance
  • Icelandic jurisdiction - Strong privacy laws, outside surveillance alliances
  • Transparent operations - Open-source roadmap, public security audits, warrant canary