Cl0ud Crypt

Privacy Policy

Last Updated:

Back to Home

Introduction

Cl0ud Crypt ("we", or "us", ) operates the Cl0ud Crypt browser extension (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

We use your data solely to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definitions

  • Service: The Cl0ud Crypt browser extension and related services
  • Personal Data: Information about a living individual who can be identified
  • Usage Data: Automatically collected data about Service use
  • Cookies: Small files stored on your device

Data Collection & Use

Information We Collect

Usage Data

  • Browser type and version
  • Extension activation timestamps
  • Aggregate file processing metrics
  • Feature usage statistics

Error Data

  • Crash reports (optional)
  • Stack traces
  • Browser environment details
  • No file contents or personal data

What We Never Collect

Cryptographic Data

  • Encryption passwords
  • Derived encryption keys
  • Key derivation parameters

File Data

  • File contents (before/during/after encryption)
  • File names or metadata beyond what's required for cloud upload
  • Directory structures

Cloud Data

  • Cloud service credentials
  • Existing cloud storage contents
  • Account information beyond OAuth requirements

Purpose of Data Collection

Service Improvement

Identify performance bottlenecks and optimize encryption processes

Error Resolution

Diagnose and fix technical issues reported by users

Compliance

Meet Chrome Web Store reporting requirements

Security Architecture

End-to-End Encryption Process

File Selection

User selects files through browser's native file picker

Key Derivation

PBKDF2-HMAC-SHA256 with 210,000 iterations

Encryption

AES-256-GCM with 96-bit IV and 128-bit auth tag

Secure Transfer

TLS 1.3 encrypted upload to cloud provider

Technical Safeguards

Memory Protection

  • Sensitive data wiped from memory after use
  • Web Workers for isolated cryptographic operations
  • Zero knowledge architecture

Storage Handling

  • Temporary files encrypted with separate session keys
  • Automatic 24-hour expiration for cached data
  • Secure deletion practices

Code Security

  • Regular third-party security audits
  • WebAssembly-optimized cryptographic routines
  • Content Security Policy enforced

Third-Party Services

Cloud Storage Providers

Google Drive

  • Permissions: files.create, files.update
  • Data Accessed: Only new encrypted files
  • OAuth Scopes: https://www.googleapis.com/auth/drive.file

Dropbox

  • Permissions: files.content.write
  • Data Accessed: Only files you explicitly upload
  • OAuth Scopes: files.content.write

Analytics Services

Chrome Web Store

  • Install/uninstall metrics
  • Aggregate usage statistics
  • No personal identification

Sentry (Optional)

  • Error diagnostics
  • Browser environment details
  • Disabled by default

What We Don't Access

  • Existing Cloud Files: We cannot read, modify, or delete any files already in your cloud storage
  • Account Information: Beyond basic OAuth requirements (email for authentication)
  • Metadata: We don't collect file creation dates, locations, or other non-essential metadata

Your Rights & Controls

Data Subject Rights

Right to Access

Request all data we've collected about your usage

Right to Erasure

Have your usage data permanently deleted

Right to Portability

Receive your data in a machine-readable format

Operational Controls

Disable Analytics

Turn off all data collection in extension settings

Revoke Access

Remove cloud storage permissions anytime

Complete Removal

Uninstall to delete all local data

Legal Information

Data Protection

We comply with global data protection regulations including:

  • GDPR: For European Union users
  • CCPA: For California residents
  • PIPEDA: For Canadian users

Limitations of Liability

Important: Cl0ud Crypt is provided "as-is" without warranties of any kind. We shall not be liable for:

  • Data loss due to user error (e.g., forgotten passwords)
  • Actions or policies of cloud storage providers
  • Security breaches resulting from compromised user devices
  • Legal requests for data access we cannot provide (as we don't store decryptable data)

Policy Changes

We may update this policy and will notify users via:

  • Extension update notifications
  • Email (for registered users)
  • Updated timestamp on this page

Continued use after changes constitutes acceptance.

Contact Our Data Protection Officer

For privacy concerns or data requests: security@cl0udcrypt

We respond to all requests within 72 hours.