Privacy Policy
Last updated: April 17, 2026
Overview
Envshed is a secrets-management tool. We take the privacy of customer data and the secrets stored in our platform seriously. This page summarises the practices that govern that data until our full policy is published.
What we collect
Account information (name, email, organisation), billing information processed through Stripe, secrets and environment variables you store, audit logs of actions taken in the product, and standard operational telemetry (IP address, user agent, request metadata).
How we use it
To operate the product, authenticate users, process payments, send transactional email, investigate abuse, and improve reliability. We do not sell customer data and we do not use stored secrets for any purpose other than serving them back to authorised members of your organisation.
Security of your data
Secrets are encrypted at rest with AES-256-GCM using per-record IVs. Transport uses TLS 1.2 or higher. Access is gated by per-project role-based controls and fully audited. See the security page for the full posture.
Retention and deletion
We keep account and audit data for the life of the account plus a limited period required for legal and billing obligations. Deleting a secret removes it from the active store; encrypted backups are purged on rolling schedules.
Your rights
You can request access to, correction of, or deletion of your personal data by emailing privacy@envshed.com. We aim to respond within 30 days.
Contact: privacy@envshed.com