Privacy Policy

⚠ Draft. Replace with a lawyer-reviewed policy before public launch.

Last updated: 17 May 2026

Who we are

SafeLane Ltd ("SafeLane", "we") provides an end-to-end encrypted password manager. We're a UK-based company. Contact us at hello@usesafelane.com.

What data we collect

Because of our end-to-end encryption design, the data we collect is intentionally minimal:

• Account email. To send you sign-in links and billing notifications.
• Encrypted vault contents. We store the ciphertext only. We cannot decrypt it.
• Subscription state. Mirrored from Stripe (trialing/active/past_due/cancelled).
• Audit log of sensitive events. Sign-ins, passphrase changes, account deletions — used to alert you if someone else accesses your account.
• IP address and user-agent at sign-in time. Same security purpose.

What we do NOT collect

• Your master passphrase. It never leaves your device.
• The plaintext of any vault item.
• Item names, URLs, usernames, or any field content.
• Behavioural / analytics tracking beyond aggregate signup counts.

Third parties

SafeLane uses the following sub-processors:

• Supabase (EU region) — hosts the encrypted blob database.
• Vercel — serves the website + APIs.
• Stripe — processes payments. Stripe holds your card details, not us.
• Resend — sends transactional emails.

Your rights (UK GDPR)

• Access — export your full vault any time via Settings → Export.
• Deletion — Settings → Danger Zone → Delete Account. We wipe all data within 24 hours.
• Rectification — change your email, master passphrase, or any vault item directly in the app.
• Complaint — to the UK ICO at ico.org.uk.

Data retention

Active accounts: data is retained for as long as the account exists. Cancelled accounts: 30-day grace period in case you change your mind, then permanent deletion. Deleted accounts: permanent immediately. Backups: rotated out within 30 days.

Cookies

We use a small number of essential cookies (session cookie for authentication). No analytics or advertising cookies.

Changes

We'll email you at least 14 days before any material change to this policy.