Privacy, Terms & Cookies
vault.ssdata.no · SS Data AS
🔐 Privacy Policy
Data Controller
The data controller for this service is SS Data AS. Contact: hei@moldeleie.no
What we collect
| Data | Form stored | Why | Retention |
|---|---|---|---|
| IP address | SHA-256 hash Not reversible |
Rate limiting, abuse prevention | Max 30 days |
| Country code | e.g. NO | Geographic statistics | Deleted with secret |
| Event timestamps | Unix milliseconds | Audit log, statistics | 30 days, then auto-purged |
| Browser user agent | Plain text in log | Audit log | 30 days, then auto-purged |
| Secret content | AES-256-GCM encrypted | Core service function | Max 7 days, or until read |
What we do NOT collect
- Names, email addresses, or account information
- Tracking or analytics cookies
- Payment information
- Device fingerprints
- The content of secrets in readable form — ever
Legal basis
Processing is based on GDPR Article 6(1)(b) (contract performance — providing the service you requested) and Article 6(1)(f) (legitimate interests — security monitoring and abuse prevention).
Your rights
Under GDPR you have the right to access, rectify, erase, or object to processing of your personal data. Because we store only pseudonymous IP hashes and no account information, we cannot identify you by name — but you can contact us at hei@moldeleie.no with any privacy requests.
You have the right to lodge a complaint with the Norwegian supervisory authority: Datatilsynet (datatilsynet.no).
Third-party transfers
We do not sell or share personal data with third parties. The only external contact is Let's Encrypt (for automatic HTTPS certificate renewal — domain name only, no personal data).
📋 Terms of Service
The service
Vault is a one-time secret sharing service operated by SS Data AS. It allows you to share sensitive information via a self-destructing link that can only be read once. The service is provided as-is during the current open beta period.
Your use
- You may use this service to share sensitive information securely
- You are responsible for what you share through the service
- You must not use the service to share content that is illegal under Norwegian law
- You must not attempt to circumvent rate limits or security controls
- Automated or bulk use without written agreement is not permitted
Availability
We aim to keep the service available but make no guarantees of uptime. The service is currently in open beta and may be changed, limited, or discontinued at any time.
Limitation of liability
We are not responsible for any loss or damage resulting from use of the service, including but not limited to: loss of data due to expiry, unintended access to shared secrets, or service unavailability. By using the service you accept this limitation.
Governing law
These terms are governed by Norwegian law. Disputes shall be resolved in Norwegian courts.
⚠️ Acceptable Use Policy
Vault may not be used to share any of the following:
- Content that is illegal under Norwegian or EU law
- Credentials used to access systems you do not own or have permission to access
- Content intended to harm, defraud, or deceive others
- Malware, exploit code, or other harmful software
- Content that violates the privacy or rights of others
We do not monitor the content of secrets — it is encrypted and we cannot read it. However, if we receive credible reports of serious misuse, we reserve the right to terminate access and cooperate with law enforcement where required by law.
🍪 Cookies
Cookies used
| Cookie | Purpose | Duration | Required |
|---|---|---|---|
| vault_session | Site access when password protection is enabled | Session | Strictly necessary |
| vault_admin | Admin dashboard authentication | Session | Strictly necessary |
| vault_bypass | Demo bypass — grants 8-hour extended access | 8 hours | Strictly necessary |
Most visitors receive no cookies
Consent
Last updated: · ← Back to Vault