Privacy Policy

1. Zero Knowledge Philosophy

SiloCat is built on a simple premise: The server knows nothing. We collect the absolute minimum metadata required to facilitate the transfer. Your IP address is used for abuse prevention (rate limiting) but is not permanently linked to your files in a readable format.

2. Encryption & Storage Architecture

Client-Side: Files are encrypted in your browser using ChaCha20-Poly1305. The keys are never sent to our servers.

Storage (WatchCat): Our internal service, WatchCat, places your encrypted chunks into secure vaults (Cloudflare R2 or Backblaze B2). To us, your data is just random noise/blobs. We cannot read it, mine it, or sell it.

3. Metadata & Logs

We store minimal encrypted metadata in our PostgreSQL database (e.g., file size, mime type, expiry). For **Shadow** (anonymous) uploads, this data evaporates after 7 days. For **Sanctum** (authenticated) uploads, it persists until you delete it. We do not use third-party tracking pixels or analytics.

4. Sharing & Access

Since the decryption key is part of the URL fragment (the part after the '#'), only people with the full link can decrypt the file. If you share the link, you share the key. We don't have it.

5. Contact Us

For privacy concerns or to check if WatchCat is purring correctly: [email protected].