Privacy Policy

1. Zero-Knowledge Sharing

When you share a secret on ilusion.io, we do not have access to your content. If you choose End-to-End Encryption (E2EE), the decryption key never leaves your browser. Even for standard secrets, your data is encrypted at rest and in transit.

2. Ephemeral Storage

All data shared through ilusion.io is ephemeral by design:

• Burn on Read: Secrets are permanently deleted from our database immediately after they are accessed.
• Automatic Expiry: If a secret is never read, it is automatically purged after the expiration time you set (e.g., 1 hour, 24 hours).
• Immediate Purge: When a secret is deleted, all associated metadata and attachments are also purged from our storage systems.

3. Information We Collect

We collect minimal information required to operate the service:

• Account Information: Email address and basic profile data provided via Clerk for account management.
• Usage Data: Aggregated, non-identifiable metrics to help us improve the platform (e.g., total secrets created).
• Security Logs: We may temporarily log IP addresses for rate limiting and to prevent abuse of the service.

4. Data Protection

We implement industry-standard security measures, including AES-256 encryption, SSL/TLS for all traffic, and strict access controls to protect our infrastructure.

5. Third-Party Services

We use select third-party providers to help us run ilusion.io:

• Clerk: For secure authentication and user management.
• Dodo Payments: For secure billing and subscription management.
• Mailtrap: For transactional emails and support requests.