This policy explains how Neural Evo Secret Share protects your data, limits retention, and preserves anonymity when you create and view encrypted secrets.
Last updated: May 8, 2026
Secrets are encrypted in your browser before they are sent to our API. The decryption key is embedded only in the URL fragment and is not stored by the server.
We store encrypted secret payloads, initialization vectors, creation time, configured expiry time, and allowed or remaining view count in MongoDB. We do not store plaintext secret content.
Secrets can be configured to expire within 30 minutes, 6 hours, 1 day, 3 days, or 7 days. Regardless of configuration, a secret cannot live beyond 7 days.
Secrets are also removed after the final allowed view count is reached. Expired secrets are deleted automatically by database TTL and also cleaned up during access checks.
We apply origin and referer validation, request rate limiting, and one-time or fixed-view retrieval controls to reduce abuse and unauthorized access.
To support abuse prevention, we may process client network metadata such as IP headers. This is used for security controls and not for profiling secret content.
The service is designed to minimize exposure of secret data. However, full anonymity depends on your network, browser, and sharing practices. Use secure channels when sending secret links.
You are responsible for safeguarding generated links, selecting appropriate expiry and view limits, and sharing secrets only with intended recipients.
If you need legal or compliance-specific data processing terms, contact Neural Evo for enterprise agreements.
Email: contact@neuralevo.com
Never include secrets in browser history, screenshots, or insecure chat channels.