1Bridge Vault

Privacy & Cookie Policy

Last Updated: February 2, 2026

1. Introduction

1Bridge Vault ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our secure document vault service.

Our Privacy Commitment: We use client-side encryption. This means your sensitive documents are encrypted on your device before they ever reach our servers. We do not hold the keys to decrypt your documents and cannot access their cleartext content.

2. Information We Collect

2.1 Account Information

When you create an account or request access, we collect your email address. This is necessary for authentication, account management, and providing the service.

2.2 Vault Metadata

We store non-sensitive metadata about your documents to provide the vault functionality, including:

  • Document type (e.g., ID, Proof of Address)
  • Filename and file size
  • Upload timestamps
  • Ciphertext checksums (for integrity verification)

2.3 Usage & Audit Data

To ensure security and provide accountability, we maintain audit logs of actions taken within the app, such as:

  • Account logins and team invitations
  • Creation and revocation of share links
  • Vendor access events (OTP verification, document views/downloads)
  • Technical metadata: IP addresses (for rate limiting and security), browser type, and timestamps

2.4 Security Verification Data

We use Cloudflare Turnstile for bot protection on sign-in and access request forms. Turnstile collects minimal technical information (such as browser characteristics and IP address) to verify that you are a legitimate user and not an automated bot. This data is processed by Cloudflare according to their privacy policy.

3. How We Protect Your Documents

Your documents are protected using industry-standard AES-256-GCM encryption. The encryption process happens entirely in your browser using a key derived from your vault password.

  • Zero-Knowledge: We never receive your vault password or the cleartext encryption keys.
  • Encrypted Storage: Documents are stored as encrypted blobs (ciphertext) in our secure object storage.
  • Vendor Access: When you share a document, the recipient receives a one-time secret and must complete email OTP verification. Decryption still happens in the recipient's browser.

3.1 Free Watermark Tool

Our free watermark generation and verification tool operates entirely within your browser. When you use this tool:

  • No Upload: Your images are never uploaded to our servers. All watermarking and verification processing happens locally on your device.
  • No Storage: We do not store, cache, or have access to any images you process with the free tool.
  • Privacy by Design: The tool uses client-side JavaScript libraries to embed and verify watermarks without any server-side processing.

Summary: Your documents never leave your device when using our free watermark tool. We cannot see, access, or store any content you process.

4. Data Processors & Third Parties

We use a limited number of trusted third-party service providers to help us operate the service:

Supabase

Authentication, Database, and Object Storage

Vercel

Application Hosting and Infrastructure

Mailtrap

Email delivery for OTPs and notifications

Cloudflare Turnstile

Bot protection and security verification

5. Cookie Policy

We use only essential cookies that are strictly necessary for the operation of the service:

  • Authentication: To keep you signed in during your session.
  • Security: To protect against cross-site request forgery (CSRF) and other security threats.

We do not use tracking, advertising, or third-party analytics cookies.

6. Your Rights

Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or delete your information. Since we do not have access to your cleartext documents, we can only provide or delete the encrypted data and account information we store.

To exercise any of these rights, please contact us at the email address provided below.

7. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

privacy@1bridge.xyz