Privacy Policy | Shhh /title> <script src="https://cdn.tailwindcss.com"></script> <script> tailwind.config = { theme: { extend: { colors: { magenta: { 400: '#e879f9', 500: '#d946ef', 600: '#c026d3' } } } } } </script> </head> <body class="bg-zinc-950 text-zinc-300 min-h-screen flex flex-col selection:bg-magenta-500/30"> <nav class="border-b border-zinc-800/60 bg-zinc-950/80 backdrop-blur sticky top-0 z-50"> <div class="max-w-3xl mx-auto px-6 py-4"> <a href="/" class="text-xl font-bold tracking-tight hover:opacity-80 transition-opacity"> <span class="text-white">Shhh</span><span class="text-magenta-500 text-2xl leading-none">.</span> </a> </div> </nav> <main class="flex-grow max-w-3xl mx-auto w-full px-6 py-12 md:py-20"> <header class="mb-12 border-b border-zinc-800/60 pb-8"> <h1 class="text-3xl md:text-5xl font-extrabold text-white mb-4 tracking-tight">Privacy Policy</h1> <p class="text-magenta-400 font-mono text-sm">Effective Date: <span class="text-zinc-400">April 1, 2026</span></p> </header> <article class="space-y-10 text-base leading-relaxed"> <section> <h2 class="text-2xl font-bold text-white mb-4">1. Introduction</h2> <p>Pirca Labs S.A.S. ("we", "our", or "us") operates the "Shhh" Slack integration. We believe that privacy is a fundamental right. Our application is built on a strict <strong class="text-white">Zero-Knowledge architecture</strong>, meaning we cannot read, access, or recover the secret messages you send through our service.</p> </section> <section> <h2 class="text-2xl font-bold text-white mb-4">2. Data We Request (Principle of Least Privilege)</h2> <p class="mb-4">To provide our service within your Slack workspace, we request the absolute minimum permissions necessary. We do not have access to your channel history, direct messages history, files, or personal emails.</p> <ul class="space-y-3 list-disc list-outside ml-5 text-zinc-400"> <li><code class="text-magenta-400 bg-magenta-400/10 px-1.5 py-0.5 rounded text-sm font-mono">commands</code>: To enable the <span class="text-white">/shhh</span> slash command.</li> <li><code class="text-magenta-400 bg-magenta-400/10 px-1.5 py-0.5 rounded text-sm font-mono">chat:write</code>: Exclusively to post the interactive block containing the encrypted secret into a channel or direct message.</li> <li><code class="text-magenta-400 bg-magenta-400/10 px-1.5 py-0.5 rounded text-sm font-mono">users:read</code>: Solely to retrieve the Slack User ID and locale/language preferences for interface internationalization.</li> </ul> </section> <section> <h2 class="text-2xl font-bold text-white mb-4">3. Data Processing and Storage (Zero-Knowledge Architecture)</h2> <ul class="space-y-4 list-none text-zinc-400"> <li><strong class="text-white">Encryption in Transit:</strong> All payloads travel from Slack to our AWS infrastructure using TLS 1.3.</li> <li><strong class="text-white">Envelope Encryption:</strong> Secrets are encrypted in memory using <code class="text-magenta-400 text-sm font-mono">AES-256-GCM</code>. The data key used for encryption is itself encrypted via AWS KMS. We do not hold the master key.</li> <li><strong class="text-white">Ephemeral Storage:</strong> Encrypted payloads are stored temporarily in an AWS DynamoDB table. The moment a secret is revealed by the recipient, an atomic delete command (<code class="text-magenta-400 text-sm font-mono">DeleteItemCommand</code>) is executed.</li> <li><strong class="text-white">No Backups:</strong> Our databases have Point-in-Time Recovery (PITR) disabled. Once a message is read or expires via TTL, it is permanently and irreversibly destroyed.</li> </ul> </section> <section> <h2 class="text-2xl font-bold text-white mb-4">4. Third-Party Services & Tracking</h2> <p class="mb-4">We do not use tracking cookies, behavioral analytics (e.g., Google Analytics, Meta Pixel), or marketing trackers.</p> <ul class="space-y-4 list-none text-zinc-400"> <li><strong class="text-white">Infrastructure:</strong> Our servers are hosted securely on Amazon Web Services (AWS).</li> <li><strong class="text-white">Payments:</strong> We use Paddle.com as our Merchant of Record. We do not process or store credit card information. The only data linking a payment to your workspace is your Slack <code class="text-magenta-400 text-sm font-mono">team_id</code>, used exclusively to activate your Pro subscription quota.</li> <li><strong class="text-white">Logs:</strong> System logs are strictly anonymized for operational monitoring (e.g., tracking the event of a secret creation, but never the sender, recipient, or content).</li> </ul> </section> </article> </main> <footer class="border-t border-zinc-800/60 bg-zinc-950 py-8 mt-auto"> <div class="max-w-3xl mx-auto px-6 flex flex-col md:flex-row items-center justify-between gap-4"> <div class="text-zinc-500 text-sm font-mono"> © 2026 Pirca Labs S.A.S. </div> <div class="flex gap-6 text-sm text-zinc-500"> <a href="/terms" class="hover:text-magenta-400 transition-colors">Terms of Service</a> </div> </div> </footer> </body> </html>