Privacy Policy

Last updated: June 11, 2026

Securiqon (“we”, “us”) provides Secure Document Sharing, a Chrome extension that encrypts documents on your device and optionally uploads ciphertext bundles to your own Google Drive. This policy describes how the extension handles information.

Contact: support@securiqon.com

Summary

  • Your passphrase never leaves your device and is not transmitted to us.
  • File contents and vault metadata are encrypted locally before any optional cloud upload.
  • We do not operate application servers that receive your files or keys.
  • We do not sell your data, show ads, or use analytics trackers in the extension or on this website (v1).
  • Google Drive is optional transport: only ciphertext is stored on Drive, on your Google account.

Information we do not collect

We do not collect, store, or receive on our servers:

  • Your vault passphrase or derived master keys
  • Decrypted file contents, filenames, folder names, or comments
  • Bundle encryption keys (delivered by you over separate channels)
  • Browsing history unrelated to the extension’s operation

The extension has no backend operated by Securiqon for vault or bundle data.

Information stored locally on your device

The extension stores data in Chrome local storage and IndexedDB on your computer, including:

DataPurpose
Vault profiles and encrypted file/folder recordsLocal encrypted vault
Wrapped encryption keysUnlock vault with your passphrase
Extension settings (theme, language, auto-lock)Preferences
Activity log entries (encrypted)Local audit trail
Bundle records and draft stateBundle creation and tracking
Google OAuth tokens and optional Client ID/SecretConnect to your Google Drive when you configure it
Resumable upload checkpointsResume large Drive uploads after interruption

All sensitive content is encrypted at rest under keys derived from your passphrase. Uninstalling the extension or resetting the vault removes local data subject to browser behavior.

Google account and Google Drive

If you choose to connect Google Drive or complete the optional setup wizard:

  • The extension requests OAuth scope https://www.googleapis.com/auth/drive.file — access only to files created or opened by the app.
  • OAuth tokens are stored locally in chrome.storage.local on your device.
  • Encrypted bundle blobs are uploaded to your Google Drive, not Securiqon’s.
  • You may use your own Google Cloud OAuth client (advanced setup) or a client configured for the published extension.
  • You can disconnect Drive, clear sign-in cache, or reset all Google Drive settings from the extension at any time.

Recipients who open bundles via the receiver page need only a Drive link/ID and bundle key; they do not need to connect Drive in the vault.

Chrome permissions

PermissionWhy it is needed
storageSave vault, settings, and OAuth tokens locally
identityGoogle OAuth sign-in flow
identity.emailDisplay connected Google account (when available)
sidePanelMain vault user interface
windowsExtension window management
downloadsExport decrypted files and backups to your computer
offscreenSecure cryptographic operations in an isolated document
Host access to googleapis.com, accounts.google.com, drive.google.comGoogle Drive API and OAuth only

We request the narrowest permissions needed for stated features.

How you share data with others

When you publish a bundle, you choose recipients and channels. Typical flow:

  1. Ciphertext is stored on Google Drive (or you export a bundle file manually).
  2. You send the Drive link and bundle key separately (e.g. email + chat).

We do not control or monitor those communications.

Data retention and deletion

  • Lock vault: clears keys from memory; data remains encrypted on disk.
  • Disconnect Google Drive: removes local OAuth tokens; files already on Drive remain until you delete them in Google.
  • Clear Google Drive settings: removes OAuth client configuration and tokens from the extension.
  • Uninstall extension: removes extension local storage per Chrome rules.

Children’s privacy

The extension is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

International users

Data processing occurs on your device. If you use Google Drive, Google’s policies apply to data stored on their service.

Changes to this policy

We may update this policy. The “Last updated” date will change. Continued use after changes constitutes acceptance of the updated policy.

Contact

Questions about privacy: support@securiqon.com


Google API Services — Limited Use Disclosure {#google-api-limited-use}

Secure Document Sharing’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  1. We use Google user data only to provide or improve user-facing features of the extension (uploading and downloading encrypted bundles on your Google Drive).
  2. We do not transfer Google user data to third parties except as necessary to provide the feature (Google’s own services), to comply with law, or with your explicit consent.
  3. We do not use Google user data for advertising, sell it, or use it for credit eligibility.
  4. Humans do not read your Google user data except with your explicit consent, for security investigations, or as required by law.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.