Privacy Policy

HeroVault is designed as a zero-knowledge password manager. This means we intentionally built the system so we cannot read your data.

This page explains clearly what we do, what we don't do, and why.

Zero-Knowledge by design

All sensitive data in HeroVault is encrypted before it leaves your device.

  • Encryption happens fully client-side
  • Encryption keys are never stored in full
  • HeroVault cannot decrypt your vault
  • We do not have access to your passwords, notes, identities, or wallets

We operate under a strict zero-knowledge architecture.

What we do NOT collect or store

We do not collect, store, or have access to:

  • Your passwords
  • Vault contents (logins, notes, identities, wallets, documents)
  • Decryption keys
  • Your backup file
  • Decrypted data
  • Your browsing history
  • Autofill activity or form content

Simply put: we cannot see your secrets.

What we DO store

To operate the service, we store only what is strictly necessary.

Account information

  • Your email address
  • Basic technical metadata required to operate your account

One key fragment

HeroVault stores one cryptographic fragment of your encryption key using Shamir's Secret Sharing (SSS).

  • This fragment is useless on its own
  • It cannot decrypt anything
  • It is required only as part of the reconstruction process when combined with your backup and NFT ownership

At no point do we store a complete key.

Vault storage (IPFS)

Your encrypted vault is stored on a private IPFS network powered by Pinata.

  • Files are encrypted before upload
  • Storage nodes cannot read the data
  • Access requires your key fragments and authorization

Even if HeroVault becomes unavailable, your encrypted vault still exists, but remains unreadable without your keys.

NFT access key

Your NFT acts as an authorization layer.

  • It proves vault ownership
  • It does not store passwords
  • It does not expose data
  • It cannot decrypt anything on its own

HeroVault does not custody your NFT and cannot use it without your consent.

Email aliasing (HeroMail)

HeroVault includes email aliasing powered by HeroMail.

Important clarification
  • HeroMail does not provide an inbox
  • HeroMail does not act as an email provider

Aliases work via automatic forwarding only.

What this means

  • Emails sent to an alias are relayed to your existing mailbox (Gmail, Proton, etc.)
  • We do not store emails beyond what is required for delivery
  • We do not scan, analyze, or profile email content
  • Aliases can be disabled or deleted at any time

Email aliasing is designed to protect your identity, not to centralize your emails.

Analytics & tracking

We do not use invasive tracking tools.

  • No advertising trackers
  • No third-party profiling
  • No behavioral fingerprinting

If analytics are enabled, they are: minimal, anonymized, and used only to improve reliability and performance.

Account deletion & data removal

If you delete your account:

  • Your account data is removed
  • Your server-side key fragment is deleted
  • Your email aliases are disabled or removed

Your encrypted vault may still exist on IPFS, but without your fragments and NFT authorization, it is cryptographically inaccessible.

HeroVault cannot recover deleted data.

Your responsibility

Because HeroVault is zero-knowledge:

  • You are responsible for storing your backup safely
  • Losing both your backup and NFT may result in permanent loss of access
  • HeroVault cannot reset or recover your vault

This is the tradeoff of true data sovereignty.

Important final note

HeroVault is built to minimize trust.
Privacy is not a promise — it is enforced by architecture.

Be the hero of your data

cta.subtitle-change