Privacy Policy
fetchOnce is a zero-knowledge service. We cannot read, access, or recover the secret values you share through this platform. Encryption and decryption happen exclusively in your browser. The server stores only encrypted data it cannot decrypt.
What we store
When you create a secret, the server stores an encrypted blob (which it cannot read), a creation timestamp, and an expiration timestamp. Key names and values exist only inside the encrypted blob — the server cannot read them. This data is permanently deleted when the secret is revealed or when it expires, whichever comes first. We do not store IP addresses, user agents, or any other identifying information about creators or recipients.
Cookies and tracking
fetchOnce does not use cookies. We do not use analytics, tracking pixels, fingerprinting, or any other form of user tracking. There are no third-party scripts loaded on this site other than Google Fonts for typography. We do not share data with third parties because we have no data to share.
Server logs
The reverse proxy generates standard access logs containing IP addresses, request paths, and timestamps. These logs are used solely for operational monitoring and security. The encryption key for your secret is carried in the URL fragment, which is never sent to the server and never appears in any log. Secret values never appear in logs in any form.
Data retention
Secrets are deleted immediately upon reveal or upon expiration. There is no backup, no soft-delete, and no recovery mechanism. Once deleted, the encrypted data is gone permanently. Server access logs are retained for operational purposes only and are not correlated with secret content.
GDPR and CCPA
Because fetchOnce does not collect personal data, set cookies, or track users, most data protection obligations do not apply. If you believe we hold any personal data about you and wish to exercise your rights under GDPR or CCPA, contact us and we will respond promptly.