Encrypted Clipboard

Privacy Policy

Last Updated: March 6, 2026

1. Introduction

Encrypted Clipboard Manager ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our browser extension and web application.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (hashed using bcrypt and securely stored)

2.2 Clipboard Data

The browser extension captures clipboard data locally on your device. Supported data types include:

  • Plain text
  • JSON data
  • URLs, IP addresses, phone numbers, and other detected patterns

Important: Clipboard data is processed and stored locally in your browser. We do NOT collect, transmit, or store your clipboard data on our servers unless you explicitly enable the cloud sync feature.

2.3 Cloud Sync Data (Optional Feature)

Password-Based End-to-End Encryption (Zero Knowledge): If you enable cloud sync, your clipboard data is encrypted on your device using a password-derived encryption key before transmission. We implement true end-to-end, zero-knowledge encryption where:

  • Your data is encrypted on your device using your encryption password before sync
  • Only encrypted ciphertext is transmitted and stored on our servers — never your raw clipboard content
  • Your master (encryption) password is never transmitted to our servers, not even in hashed form
  • The derived encryption key is never transmitted. It is derived locally via PBKDF2 (400,000 iterations) and destroyed after use on your device
  • We cannot decrypt or access your synced clipboard data
  • You must provide your encryption password locally to decrypt data on another device

This is an optional feature you must explicitly enable. Your clipboard never leaves your device unencrypted. We store only ciphertext that we are technically incapable of reading.

Device identification information (browser fingerprint) is stored to help you manage synced data across multiple devices.

2.4 Usage Analytics & Tracking

No Tracking Policy: We do NOT collect, store, or transmit any usage analytics, telemetry data, or behavioral tracking. The extension operates entirely locally except for optional cloud sync.

2.5 Payment Information

Payment processing is handled by Dodo Payments. We do not store your credit card information. We only receive transaction confirmation and subscription status.

2.6 Support Tickets

When you contact support, we store:

  • Your messages and support requests
  • Screenshots you voluntarily upload
  • Ticket metadata (status, priority, category)

3. How We Use Your Information

We use collected information for:

  • Providing and maintaining the Service
  • Processing your subscription and payments
  • Enabling cross-device sync (if opted in)
  • Responding to support requests
  • Sending important account notifications
  • Preventing fraud and abuse

4. Data Storage and Security

End-to-End Encryption: We implement industry-standard security measures to protect your data:

  • Password-based encryption: Cloud sync data is encrypted on your device using your encryption password before transmission. The password and derived key never leave your device.
  • Zero Knowledge key derivation: We use PBKDF2 (400,000 iterations) + AES-256-GCM. The derived encryption key exists only in memory during encryption/decryption and is never persisted or transmitted.
  • PIN Lock encryption: When you enable PIN lock, your local clipboard data is encrypted and stored in a separate IndexedDB store, only decrypted when you unlock with your PIN
  • User-controlled encryption: Only you have your encryption password and PIN — we cannot decrypt your data even if compelled by law, because we do not possess the keys
  • Account security: All account passwords are hashed using bcrypt (never stored in plain text)
  • Transmission security: All data transmission uses HTTPS/TLS encryption
  • Local storage: Clipboard data is stored locally in your browser's IndexedDB for fast instant search. Use PIN lock to encrypt it at rest.
  • Open-Source Encryption Engine: Our entire encryption logic is published as @encryptedclipboard/crypto (Apache 2.0 license) and is freely auditable by the community.

5. Data Sharing and Third Parties

We do NOT sell your personal information. We only share data with:

  • Dodo Payments: For payment processing (required for subscriptions)
  • Cloud Hosting Provider: For server infrastructure (data is encrypted)
  • Legal Authorities: If required by law or to protect our rights

6. Your Rights and Choices

You have the right to:

  • Access: View your account data at any time
  • Export: Download your stored data
  • Delete: Request account deletion (removes all associated data)
  • Opt-out: Disable sync features
  • Correct: Update your account information

To exercise these rights, contact us at support@encryptedclipboard.app

7. Data Retention

Minimal Data Retention: We retain only the minimum data necessary for service operation:

  • Account data: Until you delete your account
  • Encrypted sync data: Until you disable sync or delete your account (we cannot read this data)
  • Support tickets: For 2 years after resolution
  • Payment records: As required by law (typically 7 years)
  • Usage data: We do not collect or retain any usage analytics or behavioral data

Since we use zero-knowledge encryption, we cannot access or read your encrypted sync data even while it's stored on our servers. This data is retained only to enable your cross-device synchronization.

8. Browser Extension Permissions

Local-Only Operation: Our extension operates entirely within your browser and never transmits your data to external servers except for optional sync functionality (which is end-to-end encrypted). The extension requires the following permissions, each with a specific, limited purpose:

  • Clipboard Read/Write: To capture copied items and paste from your history
  • Storage: To persist your encrypted clipboard history locally in your browser
  • Side Panel: To display the clipboard manager in Chrome's built-in side panel
  • Active Tab & Scripting: To paste content into the current page you are viewing
  • Context Menus: To add right-click options for quick clipboard actions
  • Notifications & Alarms: To display clipboard alerts and schedule background sync tasks
  • Offscreen: To perform clipboard read operations in a hidden document when the side panel is closed (required by Chrome's Manifest V3 architecture)
  • Downloads: To allow you to export your clipboard history as a file
  • System Display: To detect display geometry for correctly positioning the floating clipboard window
  • Host Permissions (<all_urls>): Required so content scripts can listen to clipboard events and enable paste actions on any website you visit. No page content is read or transmitted.

All these permissions serve core user-facing functionality. The extension never collects, tracks, or reports usage data to external services.

9. International Users

Our servers are located in the European Union (EU). By using the Service, you consent to the transfer of your information to our servers. We comply with applicable data protection laws, including the GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for major changes

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: