Env

Security Policy

Last updated: May 2, 2025

Our Security Philosophy

At Env, security is not an afterthought—it's the foundation of our service. We built Env with the strongest security practices in mind to ensure your sensitive data remains protected.

Our core philosophy is simple: we can't expose what we don't have access to. This drives our zero-knowledge, end-to-end encryption approach.

End-to-End Encryption

All data shared through Env is encrypted in your browser using AES-256-GCM encryption before it ever reaches our servers. The encryption key is included in the URL fragment (the portion after the # symbol), which is never sent to our servers.

This means that even we cannot see your unencrypted data. Only someone with the full URL can decrypt and access the information.

Zero Knowledge Architecture

  • No Access to Keys: We never see or store encryption keys. These remain in the browser and are shared only through the URL fragment.
  • No Storage of Unencrypted Data: We only store encrypted content. We cannot access the original data even if compelled to do so.
  • No User Accounts: We don't require accounts, so there are no credentials to compromise.

Data Deletion

Security through minimal data retention:

  • One-Time Access: By default, once a recipient views the shared secrets, the data is immediately deleted from our servers.
  • Automatic Expiration: All shared data includes an expiration time. After this period, the data is automatically purged from our systems.
  • No Backups of Encrypted Data: We do not keep backups of the encrypted data, ensuring that when data is deleted, it's gone forever.

Additional Security Features

  • Optional Security Questions: For extra protection, you can add a security question that the recipient must answer correctly before accessing the shared secrets.
  • Customizable View Limits: Set how many times your shared data can be viewed before being automatically deleted.
  • Transport Layer Security: All communication with our servers occurs over HTTPS, adding an additional layer of security.

Security Best Practices

When using Env, we recommend the following security practices:

  • Share the URL using a separate secure communication channel from where you share the decryption key (if you choose to separate them)
  • Set reasonable expiration times for sensitive data
  • Use the security question feature for highly sensitive information
  • Verify that recipients have successfully accessed the data

Security Audits and Updates

We are committed to maintaining the highest security standards and regularly review our security practices. We stay informed about evolving security threats and continually enhance our security measures.

We believe in transparency. If we were to discover any security issues, we would promptly address them and notify affected users if necessary.

← Back to Home
Env

Support me by following on

Instagram
GitHub
Twitter
LinkedIn
Security PolicyPrivacy Policy
© 2025 Env. All rights reserved.