The fine print. We make our policies as clear and readable as possible while still meeting our lawyer's requirements.

Privacy Policy

The privacy of your data is paramount to us. It's our entire business. We'll only ever access your account to help you with a problem or squash a software bug. We'll never access the content of an encryption key and/or secret unless you ask us to. We log all access to all accounts by IP address, so we can verify that no unauthorized access has happened for as long as the logs are kept.

Identity & Access

When you sign up for Dotenvx, we ask for your name and email address via "Login with GitHub". That's just so you can personalize your new account, and we can send you updates, or other essential information. We'll never sell your personal info to third parties, and we won't use your name in marketing statements without your permission, either.

When you write Dotenvx with a question or to ask for help, we'll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we'll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we'll ever share your info:

• To provide products or services you've requested, with your permission.
• To investigate, prevent, or take action regarding illegal activities, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
• If Dotenvx is acquired by or merged with another company we'll notify you well before any info about you and your organization is transferred and becomes subject to a different privacy policy.

Law Enforcement

Dotenvx won't hand your data over to law enforcement unless a court order says we have to. We reject requests from local and federal law enforcement when they seek data without a court order. And unless we're legally prevented from it, we'll always inform you when such requests are made.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Sensitive data (like your email address and all your encryption keys and secrets) is always encrypted while it's live in our database. It's encrypted not just at the database level. We go beyond that standard and additionally encrypt it at the programmatic level.

Deleted Data

When you cancel your account, we'll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it's active will also be purged within 30 days (in many cases much sooner. 30 days is about the time it takes all metadata of your data to fully clear from our cache and log history).

Changes & Questions

Dotenvx may update this policy from time to time - we'll notify you about significant changes by email or by placing a prominent notice on our site. You can access, change or delete your personal information any time by contacting our support team.

Questions about this privacy policy? Please get in touch and we'll be happy to answer them.