Privacy Policy
Last updated: June 11, 2026
Securiqon (“we”, “us”) provides Secure Document Sharing, a Chrome extension that encrypts documents on your device and optionally uploads ciphertext bundles to your own Google Drive. This policy describes how the extension handles information.
Contact: support@securiqon.com
Summary
- Your passphrase never leaves your device and is not transmitted to us.
- File contents and vault metadata are encrypted locally before any optional cloud upload.
- We do not operate application servers that receive your files or keys.
- We do not sell your data, show ads, or use analytics trackers in the extension or on this website (v1).
- Google Drive is optional transport: only ciphertext is stored on Drive, on your Google account.
Information we do not collect
We do not collect, store, or receive on our servers:
- Your vault passphrase or derived master keys
- Decrypted file contents, filenames, folder names, or comments
- Bundle encryption keys (delivered by you over separate channels)
- Browsing history unrelated to the extension’s operation
The extension has no backend operated by Securiqon for vault or bundle data.
Information stored locally on your device
The extension stores data in Chrome local storage and IndexedDB on your computer, including:
| Data | Purpose |
|---|---|
| Vault profiles and encrypted file/folder records | Local encrypted vault |
| Wrapped encryption keys | Unlock vault with your passphrase |
| Extension settings (theme, language, auto-lock) | Preferences |
| Activity log entries (encrypted) | Local audit trail |
| Bundle records and draft state | Bundle creation and tracking |
| Google OAuth tokens and optional Client ID/Secret | Connect to your Google Drive when you configure it |
| Resumable upload checkpoints | Resume large Drive uploads after interruption |
All sensitive content is encrypted at rest under keys derived from your passphrase. Uninstalling the extension or resetting the vault removes local data subject to browser behavior.
Google account and Google Drive
If you choose to connect Google Drive or complete the optional setup wizard:
- The extension requests OAuth scope
https://www.googleapis.com/auth/drive.file— access only to files created or opened by the app. - OAuth tokens are stored locally in
chrome.storage.localon your device. - Encrypted bundle blobs are uploaded to your Google Drive, not Securiqon’s.
- You may use your own Google Cloud OAuth client (advanced setup) or a client configured for the published extension.
- You can disconnect Drive, clear sign-in cache, or reset all Google Drive settings from the extension at any time.
Recipients who open bundles via the receiver page need only a Drive link/ID and bundle key; they do not need to connect Drive in the vault.
Chrome permissions
| Permission | Why it is needed |
|---|---|
storage | Save vault, settings, and OAuth tokens locally |
identity | Google OAuth sign-in flow |
identity.email | Display connected Google account (when available) |
sidePanel | Main vault user interface |
windows | Extension window management |
downloads | Export decrypted files and backups to your computer |
offscreen | Secure cryptographic operations in an isolated document |
Host access to googleapis.com, accounts.google.com, drive.google.com | Google Drive API and OAuth only |
We request the narrowest permissions needed for stated features.
How you share data with others
When you publish a bundle, you choose recipients and channels. Typical flow:
- Ciphertext is stored on Google Drive (or you export a bundle file manually).
- You send the Drive link and bundle key separately (e.g. email + chat).
We do not control or monitor those communications.
Data retention and deletion
- Lock vault: clears keys from memory; data remains encrypted on disk.
- Disconnect Google Drive: removes local OAuth tokens; files already on Drive remain until you delete them in Google.
- Clear Google Drive settings: removes OAuth client configuration and tokens from the extension.
- Uninstall extension: removes extension local storage per Chrome rules.
Children’s privacy
The extension is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.
International users
Data processing occurs on your device. If you use Google Drive, Google’s policies apply to data stored on their service.
Changes to this policy
We may update this policy. The “Last updated” date will change. Continued use after changes constitutes acceptance of the updated policy.
Contact
Questions about privacy: support@securiqon.com
Google API Services — Limited Use Disclosure {#google-api-limited-use}
Secure Document Sharing’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We use Google user data only to provide or improve user-facing features of the extension (uploading and downloading encrypted bundles on your Google Drive).
- We do not transfer Google user data to third parties except as necessary to provide the feature (Google’s own services), to comply with law, or with your explicit consent.
- We do not use Google user data for advertising, sell it, or use it for credit eligibility.
- Humans do not read your Google user data except with your explicit consent, for security investigations, or as required by law.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.