This policy explains what data SafeLane collects, why, where it lives, and your rights over it. We've tried to write it plainly. If anything here is unclear, email info@usesafelane.comand we'll fix it.
1. Who we are
SafeLane ("SafeLane", "we", "us") is a UK-based service operated from England. We are the controller of your personal data for the purposes of UK GDPR. Contact us at info@usesafelane.com.
2. What we collect
By design we collect as little as possible. We are an end-to-end encrypted password manager — we deliberately cannot read the contents of your vault, and we have built the system so that adding more telemetry would be costly to us as well as you. Concretely:
- Account email. You provide this at signup. We use it to send transactional email (sign-in links, billing confirmations, trial-ending reminders) and as your account identifier.
- Encrypted vault contents. We store the ciphertext of every item in your vault, along with the wrapped Data Encryption Key. We never see the plaintext, the item names, the URLs, the usernames, or any field contents. We could not produce them under legal compulsion because we do not hold the key.
- Key-derivation parameters. The salt, time, memory, and parallelism parameters used by Argon2id when your client derives keys from your master passphrase. These are not secrets; they exist so a fresh device can reproduce the derivation.
- Subscription state. Mirrored from Stripe: current plan, trial end date, billing status. We do not store your card details — Stripe holds those.
- Audit log of security-relevant events. Sign-ins, master-passphrase rotations, account deletions, plus the IP address and user-agent used at the time. The purpose is to let you (and us) detect unauthorised access.
- Server logs. Standard web-server logs (request path, status code, timing) retained on Vercel for up to 30 days. These include IP address.
3. What we do not collect
- Your master passphrase. It never leaves your device.
- The plaintext of any vault item, ever.
- Item names, URLs, usernames, notes, or 2FA secrets in cleartext.
- Behavioural analytics — no Google Analytics, no Segment, no Mixpanel, no Hotjar, no Meta Pixel. We don't want a profile of how you use the product.
- Cross-site advertising cookies or marketing fingerprints.
4. Legal bases for processing (UK GDPR)
- Performance of a contract — storing your encrypted vault and serving the application to you. We can't provide the service without this.
- Legitimate interests — keeping the audit log to protect your account from unauthorised access, retaining server logs to debug outages, processing payment state via Stripe.
- Legal obligation — keeping records HMRC requires us to keep (e.g. VAT invoices for 6 years).
5. Third parties (sub-processors)
SafeLane uses the following sub-processors. Each receives only the data necessary for its role:
- Supabase (EU region) — hosts the encrypted blob database and authentication system. Receives ciphertext, email addresses, KDF parameters.
- Vercel (US) — serves the website and API. Receives the same data that any visitor's HTTPS request would transmit. Logs are stored for up to 30 days.
- Stripe Payments UK Ltd. — processes payments. Holds your card details (we never see them). Stripe is the controller of card data; we are the controller of the link between your account and the Stripe customer ID.
- Resend — sends transactional email (welcome, trial-ending reminders, payment-failure notices). Receives your email address and the body of the message we send you.
- Namecheap — domain registrar. Does not receive user data; listed for transparency.
We will not add a new sub-processor without updating this list and, for changes that materially affect what data is shared, giving you at least 14 days' notice by email.
6. International transfers
Vercel and Stripe process some data outside the UK and EEA (mainly in the United States). These transfers are governed by Standard Contractual Clauses and the UK's International Data Transfer Addendum.
7. Retention
- Active accounts: data retained for as long as the account exists.
- Cancelled accounts: the vault data is retained for a 30-day grace period after cancellation in case you change your mind, then permanently deleted from primary storage.
- Deleted accounts (Settings → Delete account): primary storage is purged within 24 hours.
- Backups are rotated out within 30 days.
- Audit log entries are kept for 12 months from the event, then deleted.
- VAT and billing records retained for 6 years as required by HMRC.
8. Your rights
Under UK GDPR you may:
- Access your data — export your full vault at any time from Settings → Export. Email us for a copy of metadata not covered by the export.
- Erase your data — Settings → Danger zone → Delete account. We wipe primary storage within 24 hours.
- Correct your data — change your email, master passphrase, or any vault item directly in the app.
- Object to processing based on legitimate interests by emailing us.
- Complain to the UK Information Commissioner's Office at ico.org.uk if you think we've mishandled your data.
9. Browser extension
The SafeLane browser extension (Chrome / Edge / Brave) is governed by this same policy. It does not change what we collect on the server. Specifically:
- The master passphrase is entered into the extension popup, derives keys locally via Argon2id, and is then discarded. It never leaves your device.
- The extension stores the unwrapped Data Encryption Key in
chrome.storage.sessionwhile you are unlocked. This storage area is wiped when the browser closes, when you click the lock button, and automatically after 15 minutes of inactivity. - The extension talks only to
usesafelane.comand the SafeLane Supabase project. It does not send data to any third party, including analytics, error tracking, or advertising services. - The extension only reads or writes the page in the active tab, only when you click the SafeLane icon to invoke it. It does not run passively on every site.
- When you click an item to autofill, the username and password values are written to the active page's form fields. The website you are signing into can read those values — that is the point of autofill — but SafeLane itself does not receive what was filled.
- The extension records that an item was used (the last_accessed_at timestamp and a counter on the server-side row), but not where it was used or what was typed.
- Optional per-site features (off by default).The extension can show a small SafeLane chip next to password fields and offer to save credentials when you submit a login form, but only on websites you have explicitly enabled this for. Enabling a site triggers Chrome's own per-origin permission prompt; no host permission is requested at install time. On enabled sites, the extension reads the username and password values from a submitted login form so it can ask whether you want to save or update them in the vault. These values are held in memory only and discarded the moment you click Save or Discard. Nothing is sent to SafeLane servers except the standard encrypted vault item that you yourself confirm.
10. Cookies
We set one cookie: a session cookie that authenticates you to the application. It is essential for the site to function. We do not use analytics, advertising, or tracking cookies of any kind.
11. Security incidents
If we suffer a security incident that compromises the confidentiality, integrity, or availability of your data, we will notify you within 72 hours of becoming aware of it. Because of our end-to-end encryption design, even a complete server-side breach should not expose the contents of your vault — but we will tell you either way.
12. Children
SafeLane is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us data, email us and we will delete it.
13. Changes to this policy
We will email registered users at least 14 days before any material change to this policy. Minor edits (typos, clarifications) are made without notice; the "Last updated" date at the top will reflect the most recent change.
14. Contact
Email info@usesafelane.com for any privacy question, request, or complaint. We aim to respond within 5 working days. See also our transparency report.
This policy reflects our actual practices and is written to be enforceable, but it is not legal advice and may not anticipate every jurisdictional nuance. A formal legal review is scheduled before launch in markets outside the UK.