Trust & Transparency
Privacy Policy
seQRets does not collect, store, transmit, or sell your data. Period.
Effective date: May 1, 2026 · Last revised: June 12, 2026
Overview
In plain English: seQRets is a privacy-first product. We don't run a backend for your secrets. We don't have accounts. We don't track you. Your secrets never leave your device. This policy explains exactly what happens — and what doesn't — when you use seQRets, including the few optional, third-party network requests the app can make.
- •We never see your secrets, passwords, keyfiles, or Qards. All cryptography runs on your device.
- •No accounts, no identity verification, no in-app analytics, no advertising trackers.
- •Optional features (Bitcoin price ticker, the "Bob" assistant, donation link) contact third parties — described below.
- •Our hosting/CDN provider processes standard server logs (such as IP address) to deliver the site.
This Privacy Policy applies to the seQRets marketing website at seqrets.app, the web application at app.seqrets.app, and the seQRets desktop application (together, the "Services"). The Services are operated by Toothjockey LLC, a North Dakota limited liability company, the maker of seQRets. By using any of our Services, you acknowledge that you have read and understood this policy.
What We Don't Collect
In plain English: We don't track you. No analytics, no cookies for tracking, no fingerprinting. Nothing in the app phones home to us.
Toothjockey does not operate analytics services, tracking pixels, browser fingerprinting, error-reporting services, telemetry, or any form of behavioral monitoring within the seQRets application. We do not collect or receive your secrets, passwords, keyfiles, shares, Qards, IP-linked profiles, device identifiers, usage patterns, or personally identifiable information. There are no third-party scripts loaded for advertising, remarketing, or audience measurement on any of our Services. The standard server logs that our hosting/CDN provider creates to deliver the site (described under How the Services Are Delivered) are the principal exception, and they never contain your cryptographic material.
How the Services Are Delivered
Marketing Website (seqrets.app)
This website is a static site hosted on Cloudflare Pages. It does not run analytics and does not set tracking cookies. Toothjockey does not operate its own server logging. As part of edge delivery, Cloudflare may process standard server logs (such as IP address, request metadata, and user agent), which are retained by Cloudflare under its own Privacy Policy — Toothjockey does not receive or store them.
Web App (app.seqrets.app)
All cryptographic operations run entirely in your browser, inside an isolated Web Worker. The web app stores only a few items in your browser's local storage — for example your theme preference, an acknowledgment that you've seen the AI disclaimer, and your Gemini API key if you choose to provide one. None of this leaves your device or is transmitted to Toothjockey. The web app is served from GitHub Pages as its origin host, behind Cloudflare's edge network, which delivers the app and enforces its strict Content-Security-Policy; both providers may process standard server logs (such as IP address and user agent) as part of delivery, retained under their own policies. Toothjockey does not operate its own logging, does not receive these logs, and none of your cryptographic material is ever included in them.
Desktop App
The desktop application performs all cryptography locally in native Rust. It does not transmit telemetry or behavioral data. Configuration and preferences are stored locally on your machine, and your Gemini API key (if provided) is stored in your operating system's keychain. Secrets are processed in memory and zeroized after use. Outbound network requests are limited to optional features you initiate, such as the AI assistant.
Cookies & Local Storage
Our Services do not use cookies for tracking or advertising, and the marketing website sets no cookies at all. The web app uses browser local storage for the limited preferences described above, which are never transmitted externally and can be cleared at any time through your browser settings.
Optional Third-Party Requests
In plain English: The app can make a couple of optional requests — a Bitcoin price check and, if you turn it on, AI assistant queries. Both are opt-in and go directly to the third-party provider. We never see, relay, or store this traffic.
- 1.Bitcoin price ticker: An unauthenticated, read-only request to the Coinbase price API to display the current Bitcoin price. No user data, secret, or identifier is included in this request.
- 2."Bob" AI assistant (Google Gemini API) — off by default: The assistant is optional and disabled until you enable it by supplying your own Google Gemini API key. When enabled, the messages you type to Bob are sent directly from your device to Google's Gemini API using your key. Toothjockey never sees, stores, or relays these messages, and your API key is never transmitted to Toothjockey — it is stored locally (browser local storage on the web app; your OS keychain on the desktop app). Google's Gemini API Terms and Google Privacy Policy govern that processing.
Never type a secret, seed phrase, password, or share into Bob. Anything you send to the assistant leaves your device and goes to Google. Bob is for guidance and questions only — not for handling the very material seQRets is designed to protect.
The Bitcoin ticker and the AI assistant are optional. The desktop app makes no external requests other than those you initiate.
Donations
In plain English: If you click our optional Bitcoin donation link, you leave our site and go to a third party that has its own privacy policy.
We provide an optional Bitcoin donation link via coinos.io. Donating is entirely voluntary. If you choose to donate, you are taken to coinos.io, a third-party service that operates under its own privacy policy and terms. Any information you provide there is handled by coinos, not by Toothjockey. We do not require donations to use any feature of seQRets.
Third-Party Services
Depending on which optional features you use, the following third parties may be involved. Each operates under its own privacy policy and terms:
| Service | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Edge delivery for seqrets.app and app.seqrets.app | Standard server logs (IP, user agent) |
| GitHub Pages | Web app origin host (behind Cloudflare) | Standard server logs (IP, user agent) |
| Coinbase API | Bitcoin price display (optional) | None (unauthenticated read-only request) |
| Google Gemini API | "Bob" AI assistant (opt-in, your own key) | Your chat messages, sent directly with your API key |
| coinos.io | Optional Bitcoin donations | Whatever you provide on their site (we receive none of it) |
Your Privacy Rights
In plain English: Privacy laws like the GDPR and CCPA give you rights over personal data a company holds about you. Because the seQRets app holds essentially none, in most cases there's nothing for us to retrieve, correct, or delete — but here's how it works.
Depending on where you live, laws such as the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA/CPRA) may give you rights to access, correct, delete, or port personal data a business holds about you, to opt out of its "sale" or "sharing," and to be free from discrimination for exercising those rights. Toothjockey does not sell or share your personal information, and the seQRets application is designed so that we do not hold your secrets or maintain user accounts or profiles. As a result, in most cases we have no personal data to provide, correct, or delete. Where we do process limited data (for example, server logs held by our hosting/CDN provider, or correspondence you send us by email), you may contact us to exercise applicable rights, and we will respond as required by law.
Data Retention
In plain English: We don't keep your secrets — we never have them. The only data with any retention period is the routine server logs our host keeps, and any email you send us.
Because the seQRets application does not collect or store your secrets, passwords, keyfiles, shares, or Qards, there is nothing of that kind for us to retain or delete. Toothjockey does not operate its own server logs. Data stored locally on your device (preferences, an optional API key) remains under your control and is removed when you clear it. Any standard server logs created in the course of delivering the Services are retained by our hosting providers (Cloudflare and GitHub) under their own retention practices, not by Toothjockey. If you email us, we keep that correspondence only as long as needed to address your request and to meet any legal obligations.
International Users
Toothjockey LLC is based in the United States, and the Services are operated from the United States. If you access the Services from outside the United States, any limited data processing described above (such as server logs created by our hosting providers, or requests you make to third-party services like Google's Gemini API) may occur in, or be transferred to, the United States or other countries that may have different data-protection laws than your own. By using the Services, you understand that your information may be processed in those countries.
Children's Privacy
seQRets is not directed at children and is intended for adults who can lawfully enter into the Terms of Service. We do not knowingly collect personal information from children. Because we do not collect personal information from anyone through the application, this concern is moot in practice — but we state it here for completeness. If you believe a child has provided us personal information (for example, by emailing us), contact us and we will delete it.
Changes to This Policy
If we update this policy, the revised version will be posted at this URL with an updated revision date. Because seQRets does not collect email addresses or maintain user accounts, we cannot notify you directly of changes, so we encourage you to review this page periodically. Material changes — particularly any that involve new data collection — will also be noted in our GitHub repository, and, where the change affects the application, may be surfaced through the application's acceptance gate.
Questions?
This Privacy Policy is provided by Toothjockey LLC (North Dakota, USA), the maker of seQRets. If you have questions about it, see our Contact page or email hello@seqrets.app. For security concerns, reach out to security@seqrets.app.