Transparency Center
Trust is earned through openness. Here is exactly how we handle data, government requests, and security.
LiveWarrant Canary
As of 2026-02-21, EnvShareApp (Xplrosolutions OPC Pvt Ltd) has NOT received any:
- National Security Letters
- Gag Orders
- Search Warrants for user data
Hash: SHA256
As of 2026-02-21, we have received 0 government requests for user data.
-----BEGIN PGP SIGNATURE-----
c3f8e9a1b2d4...
-----END PGP SIGNATURE-----
This canary is updated monthly. If it disappears or is not updated, assume the worst.
Law Enforcement Policy
We comply with valid Indian laws and court orders. However, our Zero-Knowledge Architecture fundamentally limits what we can provide.
What We HAVE
- IP Addresses (logged for 24h for rate limiting)
- Access Logs (Time, User Agent)
- Encrypted Blobs (Ciphertext)
- Account Email (if signed up)
What We DO NOT Have
- Your Secrets (Plaintext)
- Encryption Keys (Client-side only)
- Decrypted File Contents
Even if compelled by a court, we cannot decrypt your data because we do not possess the keys. The keys are either in your URL fragment (which servers never see) or derived from your password (PBKDF2).
Security Architecture
1. Client-Side Encryption
All encryption happens in lib/crypto.js using the Web Crypto API (AES-GCM 256). Data sent to our API is already encrypted ciphertext.
2. Ephemeral Storage
Secrets are stored with a hard TTL (Time-To-Live). Once expired or viewed (if "Burn on Read" is active), a specialized cron job permanently wipes the data from our database and object storage.