Privacy Policy
How TimeLock handles your information — including the vault contents we store but cannot read.
Last updated: July 2026
The short version
Your vault contents are encrypted in your browser before they reach us. We store ciphertext we cannot decrypt — no employee, administrator, or process on our side can read your secrets, their names, or your files. What we can see is the account and billing information you give us and the operational metadata needed to run the service.
Information we collect
- Account & billing data — your email address, account name, plan, and payment records.
- Encrypted vault data — the ciphertext of your items and files, wrapped (encrypted) keys, and a one-way verification hash for your master-password unlock. None of this is readable by us.
- Schedule rules — the time windows you attach to items (e.g. "weekdays 09:00–17:00"). The server must read these to enforce them; the item's content remains ciphertext.
- Audit metadata — an append-only log of events like unlock, share, and schedule change: event type, item reference, and timestamp. Never plaintext content.
- Usage information — standard log data such as IP addresses and request timestamps.
What we cannot access
Your master password never leaves your browser, and we store no key derived from it that could decrypt your data. There is no decrypt path for support staff or platform administrators — no endpoint on our servers returns plaintext vault content to anyone. This also means we cannot recover your data if you lose both your master password and your Recovery Key; the design and its limits are published on our security page.
How we use what we do have
- To deliver the service: storing your encrypted data, enforcing schedule windows, relaying shared items, and sending account emails (login codes, billing notices, schedule notifications).
- To provide accountability: your account's audit log, with retention according to your plan.
- To operate billing and respond to support requests.
- To monitor platform health and prevent abuse.
Data retention & deletion
Audit-log retention depends on your plan and is disclosed on the pricing page. Items you trash are recoverable until you empty the trash. If a trial ends without converting, your vault becomes read-only — your data stays intact and exportable. On account deletion, your ciphertext, encrypted files, and wrapped keys are purged; billing records are kept as required by law.
Sharing
We do not sell your data. We share it only with the infrastructure providers required to run the service (hosting, email delivery, payment processing), each bound to process it solely on our behalf — and they, like us, only ever hold your vault data as ciphertext.
Contact
Questions about this policy? Contact us.