Privacy Policy

The short version

PushKey is a local-first encrypted vault. Your master password and unencrypted secrets never leave your device. The only data we receive is what you explicitly send us — an email if you sign up for cloud sync, billing info via Stripe, and encrypted ciphertext blobs if you opt into cloud backup.

What we collect

• Account email — for billing and license delivery
• Stripe customer ID + payment metadata — handled by Stripe; we never see your card number
• Encrypted vault blob (Pro+ only, opt-in) — AES-256-GCM ciphertext only; we cannot decrypt it
• License heartbeat — anonymized device count and tier check, every 24h
• Anonymous usage analytics — page views on push-key.com only; no personal data

What we don't collect

• Your master password (we have no way to recover it)
• The plaintext content of any API key in your vault
• Your salt or any key derivation material
• Telemetry from the desktop app or CLI by default

Data deletion

Email privacy@push-key.com to request deletion of your account and any cloud-synced encrypted blobs. We'll process within 30 days.

Contact

Questions: privacy@push-key.com