Privacy Policy

Overview

At PAAVS, privacy isn't just a policy – it's our core product. We use zero-knowledge encryption, meaning your emails are encrypted before they reach our servers. We cannot read your messages.

What We Collect

We collect only what's necessary to provide our service:

• Account Information: Email address, password hash (never the actual password)
• Billing Information: Payment details processed by Stripe (we never see your full card number)
• Usage Metrics: Storage used, emails sent/received (for billing purposes only)
• Technical Data: IP addresses, device info (for security and abuse prevention)

What We Don't Collect

• The content of your emails (they're encrypted)
• Your encryption keys (only you have them)
• Tracking data for advertising
• Data to sell to third parties

Zero-Knowledge Architecture

Your emails are encrypted using AES-256-GCM on your device before being transmitted to our servers. The encryption keys are derived from your password using PBKDF2 and are never transmitted or stored on our servers. This means we physically cannot decrypt your emails – only you can.

Data Retention

We retain your data only as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days. Backups are purged within 90 days.

Third-Party Services

We use minimal third-party services:

• Fly.io: Infrastructure hosting
• Stripe: Payment processing
• Cloudflare: DNS and DDoS protection

Your Rights

You have the right to:

• Access your personal data
• Export your data
• Delete your account and all associated data
• Correct inaccurate information

Contact

For privacy-related inquiries, contact us at [email protected].