Halycron Logo

Privacy Policy

Last updated: January 26, 2026

Introduction

At Halycron, your privacy is our top priority. This Privacy Policy explains how we collect, use, process, and protect your information when you use our secure photo vault service. Halycron is designed with a "zero-knowledge" architecture where your photos are encrypted end-to-end, meaning we cannot access your photos or their content.

Information We Collect

Account Information

  • Email Address: Used for account creation, authentication, and important security notifications
  • Name: Used to personalize your experience and for account identification
  • Profile Image: Optional profile picture you may choose to upload
  • Password Hash: Securely hashed version of your password (we never store your actual password)
  • Two-Factor Authentication Data: Secret keys and backup codes for enhanced security

Session and Security Information

  • IP Address: Used for security monitoring and rate limiting
  • User Agent: Browser and device information for security analysis
  • Login Timestamps: When you access your account for security monitoring
  • Session Tokens: Secure tokens that authenticate your logged-in sessions
  • Failed Login Attempts: Tracked to protect against unauthorized access attempts

Photo and Media Information

  • Encrypted Photo Files: Your photos encrypted with AES-256 encryption before being stored
  • File Metadata: Original filename, file type, image dimensions (all encrypted)
  • Upload Timestamps: When photos were added to your vault
  • Album Organization: How you organize your photos into albums
  • Sharing Information: Links and permissions for photos you choose to share

How We Use Your Information

  • Service Provision: To provide secure photo storage and management services
  • Authentication: To verify your identity and maintain secure access to your account
  • Security: To protect your account from unauthorized access and security threats
  • Communication: To send important security alerts and service updates
  • Technical Support: To assist you with any issues or questions about the service
  • Service Improvement: To improve our security measures and user experience (using anonymized data only)

Our Zero-Knowledge Architecture

End-to-End Encryption

  • All photos are encrypted on your device using AES-256-CBC encryption before upload
  • Each photo has its own unique encryption key
  • Encryption keys are encrypted with your master key before being stored
  • We cannot decrypt or view your photos - only you have access to them
  • Photo metadata is also encrypted before storage

Data Storage and Security

Storage Infrastructure

  • AWS S3: Encrypted photos are stored in Amazon S3 with server-side encryption (AES-256)
  • PostgreSQL Database: Account information and encrypted metadata are stored in a secure database
  • Redis Cache: Temporary session data for improved performance and rate limiting
  • Geographic Location: Data is stored in secure data centers with appropriate jurisdictional protections

Security Measures

  • Multi-factor authentication required for all accounts
  • Rate limiting to prevent abuse and brute force attacks
  • Regular security audits and monitoring
  • Secure session management with automatic expiration
  • HTTPS encryption for all data transmission

Data Sharing and Third Parties

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We work with trusted service providers who help us operate our service:

  • Amazon Web Services (AWS): For secure cloud storage of encrypted photos
  • Database Providers: For storing encrypted metadata and account information
  • Security Services: For monitoring and protecting against threats

These providers are bound by strict data protection agreements and cannot access your encrypted photos.

Legal Requirements

We may disclose information if required by law, but due to our zero-knowledge architecture, we cannot provide access to your encrypted photos even if legally compelled to do so.

Your Rights and Controls

  • Data Access: You can access all your data through your account dashboard
  • Data Export: You can download all your photos and data at any time
  • Data Deletion: You can delete individual photos or your entire account
  • Privacy Controls: You control who can access your shared photos and albums
  • Account Security: You can review and manage your active sessions
  • Communication Preferences: You can control what notifications you receive

Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Account Deletion: When you delete your account, we permanently delete all associated data within 30 days
  • Session Data: Session information is automatically deleted after expiration
  • Shared Links: Expired shared links and their access logs are automatically cleaned up
  • Backup Systems: Data may persist in backup systems for up to 90 days after deletion for disaster recovery purposes

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • End-to-end encryption that protects your data regardless of location
  • Compliance with applicable data protection laws
  • Contractual protections with our service providers
  • Regular security assessments of our infrastructure

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • We will notify you of significant changes via email or in-app notification
  • Your continued use of the service constitutes acceptance of the updated policy
  • We will maintain previous versions for your reference

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: hello@halycron.space
  • Subject Line: Privacy Policy Inquiry
  • Response Time: We aim to respond within 48 hours
Back to Home