Legal Framework

Privacy Policy

Architectural Overview

EnvGuard ("the Service") is built upon the absolute principle of Privacy by Design. We treat your architectural metadata and environment variables as high-security assets. This document outlines how we ingest, store, and cryptographically protect the data generated during your interaction with our tools.

"Our mission is to provide secure infrastructure governance without compromising development speed. We operate as a zero-knowledge transport layer, mathematically blind to your secrets."

Automated Data Collection

Our operational requirements are minimal. We collect only what is strictly necessary to route your encrypted ciphertexts and ensure system uptime. We do not collect, process, or store plain-text environment variables.

Cryptographic Payloads

We securely store the AES-256-GCM ciphertext, initialization vectors (IVs), and expiry timestamps required for data retrieval.

System Telemetry

We utilize standard Vercel edge function logs, including request timestamps and HTTP status codes, solely for error resolution and infrastructure health monitoring.

Security & Encryption Protocols

Protocol Specification Audit Status
AES-256-GCM (Payload Encryption) Enforced
PBKDF2 (2FA Key Derivation) Enforced
URL Fragment Isolation (Key Transport) Enforced

EnvGuard employs a strict Zero-Knowledge Architecture. The master decryption key generated by your local browser is appended to the generated URL exclusively as a hash fragment (e.g., #key=...). According to Internet Engineering Task Force (IETF) specifications, browsers do not transmit URI hash fragments to origin servers, ensuring your raw keys physically cannot reach our database network.

Data Retention Policy

We adhere to a strict data minimization protocol. Data is retained only for the exact duration requested by the sender upon payload creation.

  • Burn After Reading: If enabled, ciphertexts are permanently hard-deleted from the PostgreSQL database within milliseconds of a successful decryption retrieval request.
  • Time-To-Live (TTL): Automated background database triggers continually sweep and perform hard-deletes on all records exactly when their user-defined expiration timestamp is reached.

Analytics & Third-Party Tracking

To understand how our website is utilized and to improve the overall developer experience, EnvGuard deploys Google Analytics (gtag.js). This service collects standard, anonymized usage telemetry.

  • Page views, session duration, and general aggregated bounce rates.
  • Anonymized geographic (country/city level) and device-type metrics.
  • Referral sources to track how users navigate to the EnvGuard platform.

Cryptographic Separation Guarantee

Google Analytics is strictly confined to tracking basic website traffic on our marketing and application shell pages. Under absolutely no circumstances does any tracking script have access to the data you paste into the `.env` text area, the cryptographic keys generated by the Web Crypto API, or the ciphertext transmitted to our backend. Your secure payload remains mathematically inaccessible to all third-party analytics providers.

User Rights & Contact

Because EnvGuard operates on a zero-knowledge basis without user accounts, we do not store Personally Identifiable Information (PII) tied to your identity, making traditional data retrieval requests (GDPR/CCPA) inapplicable to encrypted payloads. If you possess a live link and its password, you hold the sole authority to access or destroy it.

For security disclosures, infrastructure inquiries, or questions regarding this Privacy Policy, please review the open-source repository or contact the project architect at github.com/dippanbhusal.