How storemykey collects, uses, and protects your personal data. By using the platform you agree to the practices described here.
storemykey (“we”, “us”, “our”) is an enterprise password-management SaaS platform built on a zero-knowledge architecture. The platform can also be installed on-premise by businesses, in which case the installing company acts as the data controller for their own users' data.
Account data — Name, email address, and hashed password provided at registration.
Profile data — Role (member / admin / superadmin), company affiliation, 2FA configuration.
Vault data — Encrypted credentials stored in your vault. We operate a zero-knowledge architecture — credentials are AES-256 encrypted client-side before leaving your device. We cannot read the contents of your vault.
Usage data — Audit logs recording login times, IP addresses, geographic location of login attempts, idle-lock events, and vault interactions. Visible to your Company Admin and Super Admin.
Cookies & analytics — See Section 7 and our Cookies Policy for full details.
We use your data exclusively to provide and improve the storemykey service:
We never sell your data to third parties, and we never use vault contents for any purpose other than returning them to you.
Has full control over all platform data across all companies. Can view, export, and permanently delete any company account, user account, or associated data. Responsible for platform-wide compliance.
Can manage users within their own organisation — view audit logs, freeze accounts, and update roles. Can request full company data deletion from the Super Admin.
Can view and manage their own vault and profile data. Can request account deletion; this request is reviewed and approved by the Company Admin before data is permanently removed.
Account and vault data is retained for as long as the account is active. Audit logs are retained for 12 months by default. On account deletion (once approved through the proper role chain), all personal data is permanently removed within 30 days.
All data in transit is encrypted with TLS 1.3. Vault credentials are AES-256 encrypted at rest. Passwords are hashed with bcrypt before storage. We do not store encryption keys — only you hold the key to your vault.
In Transit
TLS 1.3
At Rest
AES-256
Passwords
bcrypt
We use strictly necessary cookies for authentication and session management. Optional analytics and functional cookies are only set with your consent. See our Cookies Policy for full details, and use the Cookie Settings link in our footer to manage your preferences at any time.
We do not sell, rent, or share your personal data with third parties for advertising. We use Supabase for database hosting and Vercel for deployment — both are GDPR-compliant processors operating under data processing agreements.
You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact your Company Admin or email us at privacy@storemykey.com. Requests are handled within 30 days.
We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.
Questions? Contact us at privacy@storemykey.com.
© 2026 storemykey. All rights reserved.