Our Privacy Commitment: Oursly.io is built on zero-knowledge architecture. We cannot read your data, even if we wanted to. Your privacy is not a policy—it's our architecture.
1. Information We Collect
Account Information:
- Email address (for account recovery only)
- Username (public identifier)
- Account creation date
What We DON'T Collect:
- Message content (end-to-end encrypted)
- File contents (zero-knowledge encrypted)
- Search queries (private by design)
- IP addresses in logs
- Browsing behavior
- Third-party tracking cookies
2. How We Use Your Data
- Account Management: Authenticate you and maintain your account
- Service Delivery: Route encrypted messages, store encrypted files
- Billing: Process payments (handled by Stripe—we never see card details)
- Support: Respond to your help requests
3. Data Storage & Security
Encryption:
- End-to-end encryption (E2EE) for all messages
- Zero-knowledge encryption for file storage
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
Storage Location: Cloudflare R2 (EU region for GDPR compliance)
4. Third-Party Services
- Stripe: Payment processing (PCI-DSS compliant)
- Cloudflare: Infrastructure & DDoS protection
- Matrix Protocol: Federated chat infrastructure
5. Your Rights (GDPR/CCPA)
- Access: Export all your data anytime
- Deletion: Delete your account and all associated data
- Portability: Download your data in standard formats
- Correction: Update your account information
- Opt-Out: No tracking to opt out of—we don't track you
6. Data Retention
- Active Accounts: Data retained as long as account is active
- Deleted Accounts: All data permanently deleted within 30 days
- Backups: Encrypted backups retained for 90 days (disaster recovery)
7. Cookies
We use only essential cookies:
- Session Cookie: Keep you logged in (expires when you close browser)
- Preference Cookie: Remember your theme/language settings
No tracking cookies. No advertising cookies. No third-party cookies.
8. Children's Privacy
Oursly.io is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us immediately at privacy@oursly.io.
9. International Transfers
Your data is stored in EU data centers (Cloudflare R2 EU region). If you access Oursly from outside the EU, your encrypted data may be routed through Cloudflare's global network for performance.
10. Changes to This Policy
We'll notify you of material changes via:
- Email (30 days before changes take effect)
- In-app notification
- Updated "Last Modified" date above
11. Contact Us
Data Protection Officer: privacy@oursly.io
Address: [YOUR COMPANY ADDRESS - TBD]
EU Representative: [EU REP CONTACT - TBD if needed for GDPR]