Skip to main contentSkip to navigation

Beta Testing: WormHole is currently in private beta. We're inviting a limited number of users to test for free.

Back to Home

WormHole Privacy Policy

Last Updated: December 4, 2024
Effective Date: December 4, 2024

Our Privacy Promise

We can't read your files. We don't sell your data. Period.

WormHole is built on zero-knowledge encryption. This means your files are encrypted on your device before they ever reach our servers. We literally cannot access, read, or decrypt your files—even if we wanted to.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address (required)
  • Display name (optional)
  • Profile picture (optional)
  • Payment information (processed by Stripe, not stored by us)

User-Generated Content:

  • Files you upload (encrypted, we cannot read them)
  • File metadata (names, sizes, types, upload dates)
  • Folder structure
  • Share link settings

1.2 Information We Automatically Collect

Usage Information:

  • Login times and IP addresses
  • Device type and browser
  • Features used
  • Error logs and crash reports
  • Performance metrics

Cookies & Tracking:

  • Session cookies (required for functionality)
  • Privacy-friendly analytics (self-hosted, no third-party tracking)
  • No advertising or tracking cookies

1.3 Information We Do NOT Collect

  • File contents (encrypted, we cannot see them)
  • File names in plaintext (encrypted on your device)
  • Encryption keys (derived from your password, never sent to us)
  • Browsing history outside WormHole
  • Social Security Numbers, government IDs, or financial account numbers

2. How We Use Your Information

2.1 To Provide the Service

  • Store your encrypted files
  • Enable file sharing
  • Process payments
  • Provide customer support
  • Send service notifications (outages, security alerts)

2.2 To Improve the Service

  • Analyze usage patterns (aggregate, not individual)
  • Fix bugs and improve performance
  • Develop new features
  • Conduct security audits

2.3 To Communicate With You

  • Send account-related emails (password resets, billing)
  • Send important service updates
  • Respond to support requests
  • Send marketing emails (you can opt out)

2.4 To Ensure Security

  • Detect and prevent fraud
  • Detect and prevent abuse
  • Investigate suspicious activity
  • Comply with legal obligations

2.5 What We Do NOT Do With Your Data

  • We do NOT sell your data to third parties
  • We do NOT share your data for advertising purposes
  • We do NOT use your file contents for any purpose (we can't see them)
  • We do NOT train AI models on your data
  • We do NOT scan your files for content (impossible due to encryption)

3. Zero-Knowledge Encryption Explained

3.1 How It Works

  1. You create a password
  2. Your password generates encryption keys (on your device)
  3. Files are encrypted with AES-256-GCM (on your device)
  4. Encrypted files are uploaded to our servers
  5. We store encrypted files (we cannot decrypt them)

3.2 What This Means

Good News:

  • Your files are extremely secure
  • Even if our servers are breached, attackers get encrypted blobs
  • Government requests for file contents cannot be fulfilled
  • WormHole employees cannot access your files

Important Limitation:

  • If you lose your password, your files are GONE FOREVER
  • We cannot reset your password without losing access to files
  • We cannot recover your files for you
  • We cannot help law enforcement access specific file contents

3.3 What We Can See (Metadata)

While file contents are encrypted, we can see:

  • File sizes
  • Upload/download times
  • Number of files
  • IP addresses used to access files
  • Sharing settings

This metadata is subject to legal requests and may be shared with law enforcement.

4. How We Share Your Information

4.1 Service Providers

We share data with trusted third parties to operate the Service:

Supabase (Infrastructure):

  • Hosts our database and file storage
  • Subject to their privacy policy
  • Data is encrypted before reaching them

Stripe (Payments):

  • Processes credit card payments
  • We never see or store full card numbers
  • Subject to Stripe's privacy policy

Analytics Providers:

  • Self-hosted analytics (privacy-first, no data shared with third parties)
  • Sentry (error reporting, anonymized)

Email Service:

  • SendGrid (transactional emails)
  • Only receives your email address

4.2 Legal Requirements

We may disclose information if required by law:

  • In response to subpoenas or court orders
  • To comply with legal processes
  • To protect our rights or property
  • To prevent harm or illegal activity

Important: Due to encryption, we can only provide metadata, not file contents.

4.3 Business Transfers

If WormHole is acquired or merged:

  • Your data may be transferred to the new owner
  • You will be notified of any ownership change
  • Your encrypted files remain encrypted
  • New owner must honor this Privacy Policy or give you 30 days to export data

4.4 Your Consent

We will never share your data for purposes not described in this policy without your explicit consent.

5. Data Security

5.1 Encryption

  • Files: AES-256-GCM encryption (military-grade)
  • Passwords: Argon2id hashing (industry best practice)
  • Connections: TLS 1.3 (encrypted in transit)
  • Database: Encrypted at rest

5.2 Access Controls

  • Least-privilege access for employees
  • Multi-factor authentication for admin access
  • Regular security audits
  • Automated threat detection

5.3 Breach Notification

If a data breach occurs:

  • We will notify affected users within 72 hours
  • We will disclose what data was compromised
  • Note: Encrypted files cannot be read even if breached

6. Data Retention

6.1 Active Accounts

  • Files retained indefinitely while account is active
  • Metadata retained for operational needs

6.2 Deleted Accounts

  • Data deleted 30 days after account deletion
  • Some logs retained up to 90 days for security
  • Backups may contain data for up to 30 additional days

6.3 Version History

  • Retained according to your plan limits
  • Free: 30 days
  • Pro/Team: Unlimited (until you delete the file)

7. Your Rights & Choices

7.1 Access Your Data

You can:

  • View all files and metadata in your account
  • Download your files at any time
  • Export your data in standard formats

7.2 Correct Your Data

You can:

  • Update your email and profile information
  • Change file names and organization
  • Modify share settings

7.3 Delete Your Data

You can:

  • Delete individual files
  • Delete folders
  • Delete your entire account (Settings → Delete Account)

Warning: Deletion is permanent after 30-day grace period.

7.4 Opt Out of Marketing

You can:

  • Unsubscribe from marketing emails (link in footer)
  • Disable analytics cookies (browser settings)
  • Contact us to opt out of data collection (where legally permitted)

7.5 Data Portability

You can export your data in common formats (ZIP archives).

8. International Data Transfers

8.1 Data Location

  • Data is stored in U.S. data centers (Supabase)
  • Servers located in multiple regions for redundancy
  • Data may be accessed from our offices globally (metadata only)

8.2 EU & GDPR

If you are in the EU/EEA:

  • You have additional rights under GDPR
  • We rely on your consent for data processing
  • You can withdraw consent at any time
  • You can request deletion (right to be forgotten)
  • You can object to processing

8.3 Data Transfer Safeguards

  • Standard Contractual Clauses (SCCs) with Supabase
  • Your files are encrypted (GDPR "encryption as safeguard")

9. Children's Privacy

  • WormHole is not intended for children under 13
  • We do not knowingly collect data from children under 13
  • If we learn a child under 13 has an account, we will delete it
  • Parents may contact us to request data deletion

Age Verification:

  • We may request proof of age if we suspect underage use

10. Third-Party Links & Services

10.1 External Links

WormHole may contain links to third-party websites. We are not responsible for their privacy practices.

10.2 Integrations

If you use integrations (third-party import tools, etc.):

  • You grant WormHole temporary access to import files
  • We only access what you authorize
  • Imported files are immediately encrypted

11. Cookies & Tracking

11.1 Essential Cookies

Required for the Service to function:

  • Session cookies (login state)
  • Security tokens (CSRF protection)
  • Preferences (dark mode, language)

11.2 Analytics Cookies

Used to improve the Service:

  • Self-hosted, privacy-friendly analytics (page views, features used)
  • No data shared with third parties
  • Can be disabled in browser settings

11.3 No Advertising Cookies

We do NOT use cookies for:

  • Targeted advertising
  • Cross-site tracking
  • Selling to data brokers

11.4 Cookie Control

You can:

  • Disable cookies in browser settings
  • Use privacy browser extensions
  • Opt out of analytics: [Link to opt-out]

12. California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

You can request:

  • What personal information we collect
  • How we use it
  • Who we share it with

12.2 Right to Delete

You can request deletion of your personal information (with exceptions for legal requirements).

12.3 Right to Opt Out

You have the right to opt out of "sale" of personal information. We do not sell your data.

12.4 No Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.5 How to Exercise Rights

Email privacy@whdrive.app with subject "CCPA Request"

13. Changes to This Privacy Policy

13.1 Notification of Changes

  • We may update this policy from time to time
  • Material changes will be emailed to users
  • Continued use after changes constitutes acceptance

13.2 Viewing Previous Versions

Previous versions of this policy are available upon request.

14. Contact Us

For privacy questions or to exercise your rights:

Email: privacy@whdrive.app
Support: support@whdrive.app
Data Protection Officer: dpo@whdrive.app (if required by law)
Address: 13740 10th Ave. South, Zimmerman, MN 55398

Response Time: We aim to respond within 7 business days.

15. Summary (TL;DR)

What we collect:

  • Your email, usage patterns, file metadata

What we DON'T collect:

  • File contents (we can't see them—they're encrypted)

What we do with your data:

  • Provide the service, improve it, send you emails

What we DON'T do:

  • Sell your data
  • Train AI on your files
  • Show you ads
  • Track you across the web

Your rights:

  • Access, correct, delete your data
  • Opt out of marketing
  • Export your files anytime

Important:

  • If you lose your password, your files are gone forever
  • We cannot recover them
  • Zero-knowledge encryption = extreme security + extreme responsibility

BY USING WORMHOLE, YOU CONSENT TO THIS PRIVACY POLICY.

This Privacy Policy was last updated on December 4, 2024.

Terms of Service →DMCA Policy →

Last updated: December 5, 2024