Trust, in plain language

What we can see, where your data lives, and who we work with. Everything here is summarized from our public security and privacy pages, and links to the detail.

What Privatt can and cannot see

It depends on the mode you choose, so here is the honest boundary for each.

Vault: customer-held key modes

In Your devices only and Two-key vault modes, we cannot see the contents of your files, your passphrase, or your recovery key. Files are encrypted on your device, and we store only ciphertext.

We do see the operational basics: your account email and plan, how much you store, when files change, and which storage backend you connect. If you lose both your passphrase and your recovery key in Your devices only mode, no one can restore your data, including us.

Vault: Managed by Privatt mode

This mode is a deliberate trade-off you choose knowingly: Privatt holds the key so you can sign in anywhere with nothing extra to remember, and so we can scan files for malware.

Because we hold the key, files in this mode are briefly handled as readable data on our servers. It is not zero-knowledge, and the product says so before you turn it on. In exchange, losing your password does not mean losing your files.

Secure Send

Messages are encrypted in your browser and decrypted only in the recipient's browser, in every account mode. The passphrase never reaches Privatt, so we cannot read a message or recover one for you.

We see that a message exists, when it was created and when it expires, how many times it has been successfully unlocked (attempts with a wrong or missing passphrase are not counted as views), and, if you ask us to email the link for you, the recipient's address while the message is live.

The full architecture, algorithms, and mode-by-mode breakdown live on the security page

Jurisdiction and Law 25

Privatt Inc. is based in Quebec, Canada, and operates under the laws of Quebec and Canada, including Quebec's private-sector privacy law as amended by Law 25 and, where it applies, PIPEDA.

We treat Law 25 as an operating commitment: we have designated a person in charge of the protection of personal information, we minimize what we collect, and we document how personal information is handled. That is how we run the company; it is not a certification, a legal opinion, or an endorsement by any regulator.

You can reach the person in charge of the protection of personal information at privacy@privatt.com. The canonical description of our data handling is the privacy policy.

Where your data lives

The services involved in running Privatt, and what each one handles.

Privatt-hosted application and storage
The application, its database, and files stored on Privatt-hosted storage run on OVHcloud infrastructure in the BHS (Beauharnois) data center located in Quebec, Canada.
Stripe (payments)
Subscription payments are processed by Stripe, Inc. in the United States. Your card number goes directly to Stripe; Privatt does not collect or store it. We keep only limited billing records, such as invoice history and a Stripe customer reference.
SendGrid / Twilio (transactional email)
Account and security notifications are delivered through SendGrid (Twilio Inc.) in the United States. The data involved is limited to what the email itself needs, such as your address and the notification content.
Your own Google Drive or OneDrive (optional)
If you connect them, your encrypted vault files are stored in your own account with those providers, wherever they keep it: residency follows your provider and your account. Privatt's access is limited to the folders our app is permitted to use.

This is a summary. The complete description of processing purposes, transfers, and retention is in the privacy policy.

How we check our own work

Privatt's application code goes through recurring internal engineering security reviews. The most recent full review (July 2026) combined automated scanning (static analysis and dependency audits) with a manual, OWASP-aligned review of the security-sensitive paths: authentication, authorization, payments and webhooks, file handling, and encryption boundaries.

At the reviewed revision, automated scans were clean and the manual review found no critical or high-severity issues. Findings from these reviews are tracked and fixed as part of normal engineering work.

To be clear about what this is and is not: these are internal engineering reviews of our own code. They are not a penetration test, not a certification, and not a third-party audit, and they describe the revision reviewed, not every future change.