LEGAL

Privacy Policy

Last Updated: May 4, 2026

Overview

We strongly support your right to privacy. Our policy is simple: Your data is none of our business.

We make money by selling software, not by mining your or your respondents' personal information. Our core values guide every decision we make:

  • Privacy by Design: Security is baked into the code, not bolted on.
  • Encryption Made Easy: We handle the complexity of end-to-end encryption (E2EE) so you don't have to.
  • Minimal Data Retention: We only keep what is strictly necessary to run the service.
  • Transparency of Purpose: We are open about what we collect and why.

We only collect what we need. Here's what that means in practice:

Creating an Account

When signing up for an account, we ask for a unique username or alias that will be used to identify you across workspaces.

Passkeys: We use industry-standard Passkeys (TouchID, FaceID, Windows Hello, or hardware keys). We do not store your biometric data. We only store a secure, cryptographic code authenticated by your device. We do not use or store traditional passwords.

Recovery Keys: Upon registration, you are provided a recovery key.

Important: We do not have access to your account and we do not store your recovery keys. If you lose your device and your recovery key, you lose access to your account. We recommend storing your recovery code in a physical vault or adding a second device/Passkey to your account.

Paying for an Account

Confide offers a paid subscription service managed through Stripe. Stripe handles all credit card information and billing addresses on their secure servers.

We do not store payment or billing information on our servers. We maintain only a "thin connection" (a Stripe Customer ID and Subscription ID) to validate your Pro account status. For any questions regarding payments, contact us at support@useconfide.app.

Using Confide Service

Our platform is built on a Zero Knowledge Architecture.

Encryption: Your form schema and responses are encrypted on your device before they are uploaded to our servers. Each form is shared via a URL containing a fragment (the encryption key). This key is never sent to our servers, ensuring that only those with the link can decrypt the content.

Shared Access: In shared workspaces, data remains encrypted between team members. You maintain full control over who has access and their level of permission.

Metadata: To operate the service, some non-sensitive metadata is unencrypted (e.g., form status, schema version, etc.).

Email Forwarding: We support forwarding responses to secure email platforms, which requires your PGP public key or continued encryption.

No Tracking or Advertising

Confide is an ad-free service.

  • No Third-Party Tracking: We do not share data with third-party advertisers.
  • No Fingerprinting: We do not log respondent IP addresses, device fingerprints, or browser User Agents.
  • Privacy First: We use minimal, privacy-respecting analytics to monitor service health without identifying individual users.

Deleting Your Data

You own your data, and you control its lifecycle.

  • Immediate Deletion: When you delete a form or response, it is removed from our active database immediately.
  • Backups: Our database backups are fully encrypted and retained for a maximum of seven days (to align with our recovery policies).
  • Account Termination: When an account is terminated, all associated data — including forms and responses — is permanently purged from our systems.

Disclosure to Law Enforcement

We only disclose data if required by a valid legal subpoena. However, due to our encryption architecture, we cannot provide the unencrypted contents of your forms or responses to any third party, including law enforcement, as we do not possess the keys.

Questions?

If you have questions about this policy or how your data is handled, please reach out to us at security@useconfide.app.

Confide LLC