Deutsch
English
Encipher.Me

Login

Access to your secure area

🔑 Forgot password?

Don't have an account yet? Register

Privacy Policy

Transparent privacy practices for maximum privacy

Zero-Knowledge Philosophy

Our Principles: Encipher.Me was developed according to the Zero-Knowledge principle - we technically cannot decrypt your messages, even if we wanted to. Your privacy is protected by architecture, not just promises.

1. Data Controller

Data Controller under GDPR:

IT-Service Matthias Tichý Einzelunternehmen
Lindenufer 39
13597 Berlin
Deutschland

Contact:
E-Mail: support@encipher.me
Website: Contact Form

2. What Data Do We Collect?

Encrypted Messages

What: Encrypted data blocks of your messages

How long: Maximum 30 days or until configured access limit

Purpose: Providing encryption services

Special note: Zero-Knowledge - we cannot decrypt this data

Registered Users (optional)

What: Email address, encrypted password, usage statistics

How long: Until account deletion

Purpose: Account management and extended features

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Technical Cookies

What: Session cookies, CSRF protection, theme settings

How long: Session end or up to 30 days

Purpose: Security and functionality of the website

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Security Data (all users)

What: IP addresses, browser information (User-Agent), timestamps of security events, failed access attempts

How long: IP bans up to 24 hours (depending on violation), security logs up to 30 days

Purpose: Protection against brute-force attacks, bot detection, spam protection, abuse prevention

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in IT security and abuse protection)

Note: This data is automatically stored when suspicious activities are detected (e.g. repeated invalid requests). IP bans serve to protect all users.

Performance and SEO Data (all users)

What: Referer URL (where you came from), Browser type, Language, Screen resolution, Page load times, Memory usage, Number of database queries

How long: Performance logs up to 30 days, automatic cleanup of older data

Purpose: Improving website performance, troubleshooting, Search Engine Optimization (SEO), analyzing traffic sources to improve service

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in optimization and improvement of the service)

Note: This data is processed anonymously and is used exclusively for technical optimization. NO tracking cookies or external analytics services are used.

Additional Data for Registered Users

What: Session IDs, login times, 2FA settings

How long: Active sessions up to 1 hour, account data until deletion

Purpose: Account security, session management, security dashboard

Access: Registered users can view their security logs in the internal area.

3. What Do We NOT Collect?

  • No Tracking Cookies - No analytics or advertising
  • No Message Content - Zero-Knowledge architecture
  • No Metadata - Who, when, how often accesses remains unknown

4. Zero-Knowledge Technology

Client-Side Encryption

All encryption operations take place in your browser. Encryption keys are never transmitted to our servers.

URL Fragment Technology

Decryption keys are transmitted in the URL fragment (#). Browsers never send these fragments to servers.

Server-Side Blindness

Our servers only receive encrypted data blocks. Even in case of a complete server hack, your messages remain protected.

5. Your Rights Under GDPR

You have the following rights:

  • Art. 15 GDPR: Information about processed data
  • Art. 16 GDPR: Rectification of incorrect data
  • Art. 17 GDPR: Erasure ("Right to be forgotten")
  • Art. 18 GDPR: Restriction of processing
  • Art. 20 GDPR: Data portability
  • Art. 21 GDPR: Objection to processing
  • Art. 77 GDPR: Complaint to supervisory authority

Zero-Knowledge Notice: Since we cannot decrypt your messages, providing information about specific message content is technically impossible. We can only provide metadata (number of messages, creation times).

Important Notice about IP Bans: In case of repeated security violations (e.g. brute-force attacks), your IP address will be automatically banned. Contact us via the contact form from another IP address if you were incorrectly banned.

6. Data Security

Encryption

AES-256-GCM encryption, TLS 1.3 for all transmissions, secure hash procedures for passwords.

Security Measures

CSRF protection, rate limiting, secure session management, regular security updates.

Automatic Deletion

All data is automatically deleted after expiration - no backups, no recovery possible.

7. Cookies in Detail

Cookie Purpose Duration
PHPSESSID Session management for login Session end
csrf_token Protection against CSRF attacks Session end
theme Light/dark mode setting 30 days (localStorage)
cookieConsent Stores cookie consent 1 year (localStorage)

8. Contact and Complaints

Data Protection Officer:

E-Mail: support@encipher.me
Contact: Contact Form

Supervisory Authority:

You have the right to complain to the competent supervisory authority:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn
Phone: +49 (0)228-997799-0
Website: www.bfdi.bund.de

9. Changes to this Privacy Policy

This privacy policy may be updated as needed. Changes will be published on this page and take effect immediately.

Last updated: 03.02.2026

Privacy Questions?

We're happy to help with questions about your data and our privacy practices.

Privacy Contact Terms of Service