Privacy Policy

Plainsight is a steganography and encryption service designed with privacy as a core principle. This Privacy Policy describes what data we collect (and do not collect), how we use it, how we protect it, and your rights and responsibilities regarding that data.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Service. Capitalized terms not defined herein have the meanings assigned to them in the Terms of Service.

Plainsight processes Lock, Unlock, Hide, and Reveal requests as authenticated background jobs tied to your account. Submitted files, passphrases, and outputs may be transmitted to our hosted infrastructure so the Service can queue, process, cache, and return results to you.

We encrypt queued job inputs and results at rest and retain them only long enough to operate the Service, but no system is perfectly secure. You remain responsible for the security of your account, device, browser, network connection, local operating environment, and any downstream storage or transfer of generated files.

We may collect the following limited information:

• Usage analytics: Anonymous, aggregated usage statistics such as page views, feature usage frequency, browser type, operating system, device type, screen resolution, language preference, and referral sources. These do not include file contents, filenames, passphrases, or any encrypted data.
• Account information: If you create an account for a paid tier, we collect the information necessary to maintain your account, including your email address and payment information processed via our third-party payment processor. We do not store complete payment card numbers on our servers.
• Support correspondence: If you contact us, we retain communication records for the purpose of providing support, maintaining our internal records, and improving the Service.
• Log data: Our servers may automatically record information such as your IP address, browser type and version, access times, pages viewed, referring and exit URLs, and the date and time of your visit. This data is used for operational, security, and diagnostic purposes.
• Device identifiers: We may collect device identifiers, operating system version, and hardware information for security and fraud prevention purposes.

We do not collect, store, transmit, or have access to:

• Your files, file contents, or filenames
• Your passphrases, passwords, or encryption keys
• Encrypted or concealed output files
• Carrier files you use for steganography
• The content of payloads hidden inside carriers
• The algorithms, parameters, or metadata of your specific encryption or concealment operations

Because we do not have access to these items, we cannot recover lost passphrases, decrypt files, or restore concealed content under any circumstances, regardless of the reason for the request (including law enforcement requests, court orders, or emergencies). You bear sole and complete responsibility for safeguarding your passphrases and maintaining backups of your original files. Plainsight shall have no liability for any loss arising from your failure to do so.

We use the limited data we collect for the following purposes:

• To operate, maintain, and improve the Service
• To process transactions and manage your account
• To respond to your inquiries and provide customer support
• To monitor usage patterns and optimize performance
• To detect, prevent, and address fraud, abuse, unauthorized access, security incidents, or technical issues
• To enforce our Terms of Service and protect the rights, property, and safety of Plainsight, its users, and the public
• To comply with legal obligations and legal processes
• To communicate with you about updates, security alerts, and administrative messages related to the Service

We do not use your data for targeted advertising, behavioral profiling, or any purpose not disclosed in this Privacy Policy.

We use essential cookies to maintain session state and user preferences. We may use privacy-respecting analytics tools (without cross-site tracking) to understand aggregate usage patterns. We do not use advertising trackers, behavioral profiling tools, or cross-site tracking mechanisms.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, doing so may impair certain functionality of the Service, and you assume any risk associated with disabling cookies.

Plainsight does not sell, rent, lease, or trade your personal information to any third party for monetary or other valuable consideration. We do not share your personal information with third parties for their direct marketing purposes.

For paid tiers, we use third-party payment processors (such as Stripe) to handle billing. These processors operate under their own privacy policies, and we do not store full payment card details on our infrastructure.

We may use third-party service providers for analytics, hosting, content delivery, email delivery, and infrastructure. These providers may process limited data necessary to perform their functions on our behalf.

Plainsight is not responsible for the privacy practices, security measures, or content of any third-party services, websites, or applications. Your interactions with third-party services are governed by those parties' own terms and privacy policies, and you access them at your own risk.

The Service may contain links to third-party websites or services that are not owned or controlled by Plainsight. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You acknowledge and agree that Plainsight shall not be liable for any damage or loss caused or alleged to be caused by or in connection with your use of any such third-party websites or services.

Anonymous analytics data is retained in aggregate form indefinitely. Account information is retained while your account is active and for a reasonable period after account closure for legal, operational, tax, audit, and compliance purposes. Log data and support correspondence are retained for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

You may request deletion of your account data at any time by contacting us. We will process your request in accordance with applicable law, though certain data may be retained as required by law, regulation, or court order, or for legitimate business purposes such as fraud prevention, dispute resolution, or enforcement of our Terms.

We implement reasonable technical and organizational measures designed to protect any data we collect against unauthorized access, alteration, disclosure, or destruction. However, no method of internet transmission or electronic storage is completely secure, and we cannot and do not guarantee absolute security. You acknowledge that you transmit data to and from the Service at your own risk.

Plainsight shall not be liable for any unauthorized access, alteration, disclosure, or destruction of data resulting from circumstances beyond our reasonable control, including but not limited to hacking, cyberattacks, zero-day vulnerabilities, failures of third-party infrastructure, or acts of any governmental authority.

In the event that we become aware of a security breach that results in unauthorized access to personal data we hold, we will notify affected users and relevant regulatory authorities as required by applicable law. Because the Service uses hosted job processing, a breach of our infrastructure could affect queued files, encrypted outputs, or account data that we store while operating the Service.

Plainsight disclaims all liability for damages arising from any data breach to the maximum extent permitted by applicable law. You are encouraged to take independent measures to protect your data and to not rely solely on any single service or provider for data security.

Plainsight may disclose your information if required to do so by law, regulation, subpoena, court order, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to: (a) protect the rights, property, or safety of Plainsight, its users, or the public; (b) investigate or prevent fraud, security issues, or illegal activity; (c) enforce our Terms of Service; or (d) respond to an emergency involving danger of death or serious physical injury.

You acknowledge and agree that Plainsight shall have no liability to you for any such disclosure. Because we do not have access to your files, passphrases, or encrypted content, we are unable to provide such materials even in response to a lawful request.

Your information may be transferred to, stored, and processed in the United States or other jurisdictions where Plainsight or its service providers operate. These jurisdictions may have data protection laws that differ from — and may be less protective than — those in your jurisdiction. By using the Service, you explicitly consent to such transfers. Where required by applicable law, we will implement appropriate safeguards for international data transfers.

Depending on your jurisdiction, you may have certain rights regarding your personal data, including the right to:

• Access the personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Restrict or object to certain processing activities
• Request portability of your personal data in a structured, machine-readable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority in your jurisdiction

To exercise these rights, contact us at the address below. We will respond to your request in accordance with applicable data protection law and within the timeframes required by law. We may require verification of your identity before processing your request. Certain data may be exempt from such requests under applicable law, and we may need to retain certain information for recordkeeping, compliance, or other legitimate purposes.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt Out of Sale or Sharing: Plainsight does not sell or share your personal information as those terms are defined under the CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, contact us at privacy@plainsight.dev. We will verify your identity before processing your request.

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent local laws. Our legal bases for processing your personal data include:

• Contractual necessity: Processing necessary to provide you with the Service and fulfill our obligations under the Terms of Service.
• Legitimate interests: Processing necessary for our legitimate interests, such as fraud prevention, security, service improvement, and analytics, provided these interests are not overridden by your rights.
• Consent: Where you have given consent, which you may withdraw at any time.
• Legal obligation: Processing necessary to comply with applicable laws and regulations.

In addition to the rights listed in Section 15, you have the right to lodge a complaint with your local data protection authority. If you believe we have processed your data unlawfully, you may contact your supervisory authority directly.

The Service is not intended for use by individuals under the age of 18 or the age of legal majority in their jurisdiction (whichever is greater). We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will take reasonable steps to delete such information promptly. If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately.

Some browsers offer a "Do Not Track" ("DNT") signal. Because there is no accepted standard for how to respond to DNT signals, the Service does not currently respond to them. We will update this policy if a uniform standard is established.

Plainsight has no knowledge of, access to, control over, or responsibility for the content you encrypt, conceal, or process using the Service. You are solely and exclusively responsible for all content you process through the Service and for ensuring that such content and your use of the Service comply with all applicable laws, regulations, and third-party rights. Plainsight expressly disclaims any and all liability arising from or related to User Content, including any claims by third parties.

The Service may incorporate open-source software components, each of which is subject to its own license terms. This Privacy Policy applies only to data collected and processed by Plainsight and does not govern any third-party open-source software that you may independently download, install, or use.

We may update this Privacy Policy at any time in our sole discretion. Changes will be posted on this page with an updated revision date. For material changes, we may also notify you via email or a prominent notice on the Service. It is your sole responsibility to review this Privacy Policy periodically. Your continued use of the Service following any changes constitutes your binding acceptance of the revised policy. If you do not agree to the revised Privacy Policy, you must stop using the Service immediately.

Privacy inquiries may be directed to privacy@plainsight.dev.