Most services say they protect your privacy. CipherOnce is built so that protecting your privacy isn't a choice we make — it's a constraint we can't override. Here's exactly what we log, what we don't, and why that matters.
"We don't log your data" is a promise that requires trust. Our approach is different: we have designed our system so that logging your secret content is technically impossible, not merely against policy.
By the time your secret reaches our servers, it has already been encrypted by your browser. We receive a string of bytes that looks like random data. We don't have the decryption key. We cannot log what we cannot read.
We don't choose not to log your secrets. We architecturally cannot.
We store (encrypted only)
We never store
Data breach immunity: Attackers who compromise our database find only AES-256 ciphertext. Without the keys — which we don't store — it is cryptographically worthless.
Legal request resistance: We cannot be compelled to produce content we do not possess. A subpoena or court order requesting 'the plaintext of secret X' simply cannot be fulfilled.
No advertising surface: We have zero insight into what you are sharing. We could not build an advertising profile of your usage if we tried.
Ephemeral by default: All secrets have a hard expiry. After that point, even the encrypted record is permanently deleted — not soft-deleted, not archived.
