Privacy Policy

Overview

RabbitLock runs in your browser. Encryption and decryption happen on your device, not on our servers. We do not take custody of your keys. This policy explains what data we do and do not collect when you use the website and app.

Data we do not collect

• File contents, secrets, or decrypted data.
• Encryption keys or recovery file contents.
• Biometric data. Passkey and biometric checks stay on your device.

Data we process

We only process the minimum data needed to operate the service and secure access when enabled.

• Basic request logs from our hosting provider, such as IP address, user agent, timestamps, and requested URLs.
• Access control metadata if your deployment uses single sign-on or Cloudflare Access (for example, your authenticated email).

Data stored locally

RabbitLock stores limited data in your browser to support the app. This includes passkey metadata, recovery progress state, and session identifiers. You can clear this data at any time through your browser settings.

Service providers

We rely on infrastructure providers such as Cloudflare to host the website and deliver content. These providers may process request logs according to their own privacy policies.

Your choices

• Clear site data to remove local storage and session state.
• Use a private browsing session if you prefer no persistence.
• Disable passkeys or recovery files if you do not want local storage.

Changes to this policy

We may update this policy as the product evolves. We will update the last updated date when changes are made.

Privacy contact

Rabbitlock Inc. is a Wyoming, USA corporation. For privacy requests, contact privacy@rabbitlock.com.