Privacy Policy

Last Updated: November 24, 2025

At Vizava.pro, our business model is based on anonymity, not data mining. This policy outlines exactly what we do—and more importantly, what we do not—collect when you use our encryption suite.

1. The Zero-Knowledge Principle

Vizava operates on a Client-Side First architecture. This means:

  • Encryption happens in your browser: Data is encrypted using AES-256 before it ever leaves your device.
  • We don't have the keys: The decryption keys are generated locally and passed via URL fragments (anchors). We never see them, store them, or log them.
  • We cannot read your data: Even if compelled by law, we cannot decrypt your "Bunker" drops or reverse-engineer "Artifact" images because we simply do not possess the mathematical means to do so.

2. Data We Do Collect (Infrastructure Logs)

While we do not collect content, our infrastructure providers (Cloudflare & Google) inevitably generate standard access logs to maintain server health and prevent DDoS attacks. This includes:

  • IP Addresses: Used by our Edge network for rate-limiting and abuse prevention.
  • Timestamps: When a request was made.
  • User Agents: Browser type and version strings.

Retention Policy: These logs are rotated on a 24-hour cycle. We do not aggregate this data for analytics, and we do not use tracking pixels (e.g., Google Analytics, Meta Pixel).

3. Local Storage & Cookies

Vizava does not use "Tracking Cookies" to monitor your behavior across the web. We utilize the browser's Local Storage API solely for functional purposes:

  • Storing your UI preferences (e.g., tool settings, theme toggles).
  • Temporarily caching non-sensitive application state.

You may clear this data at any time via your browser settings without affecting the core functionality of the encryption engine.

4. The "Janitor" Protocol (Data Destruction)

For our "Bunker" (Dead Drop) service, data retention is strictly ephemeral. We employ an automated process known as "The Janitor" which enforces the following rules:

  • Read-Once: By default, data is flagged for deletion immediately after it is retrieved by a recipient.
  • Time-To-Live (TTL): Any encrypted payload not retrieved within 10 minutes is permanently purged from physical storage (NVMe SSDs).

5. Third-Party Subprocessors

We rely on a minimal set of trusted vendors to keep the lights on. We ensure these providers have no access to unencrypted user payloads.

  • Cloudflare: DNS, Edge Compute (Workers), and DDoS Protection.
  • Google Cloud Platform (GCP): Encrypted Database Storage (Firestore).

6. Law Enforcement & Transparency

If served with a valid warrant or subpoena, Vizava will comply with the law. However, due to our architecture, our compliance is limited to providing:

  1. Access logs (if the request occurs within the 24-hour retention window).
  2. Encrypted cipher strings (which are mathematically useless without the key held by the user).

We have never received a National Security Letter (NSL) or a gag order.

Questions about this policy? Feel free to contact us. (PGP Key available on request)