Digital Shell

Privacy Policy

Last Updated: January 10, 2026

Introduction

Digital Shell ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our password manager service at the-shell.com (the "Service").

We operate on a privacy-first architecture, which means your encrypted vault data is never accessible to us. Your passwords, credentials, notes, and files are encrypted on your device before being transmitted to our servers.

By using Digital Shell, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address — Used for authentication, account recovery, and important service communications
  • Authentication data — Magic link tokens, OTP codes, or OAuth tokens (Google sign-in)
  • Device information — Device identifiers for multi-device sync and security

Encrypted Vault Data

Your vault data (passwords, credentials, notes, credit cards, and files) is end-to-end encrypted. We store this encrypted data on our servers, but we cannot read or access its contents. Only you hold the encryption keys.

Usage Data

We automatically collect certain information when you use our Service:

  • IP address and approximate location (country/region)
  • Browser type and version
  • Pages visited and features used
  • Time and date of access
  • Referring website or source

Payment Information

Payment processing is handled by a trusted third-party provider. We do not store your full credit card number, CVV, or other sensitive payment details. Our payment provider gives us limited information such as the last four digits of your card and billing address for record-keeping.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your transactions and manage your subscription
  • Send you important service updates and security alerts
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We will never use your encrypted vault data for advertising, analytics, or any purpose other than providing the Service to you.

Data Storage and Security

Security Architecture

Digital Shell uses a privacy-first security model. Your master password and encryption keys are never transmitted to or stored on our servers. All encryption and decryption happens locally on your device.

Security Measures

We implement industry-standard encryption and security measures to protect your data. All data is encrypted both at rest and in transit.

Infrastructure Security

Our infrastructure is hosted on secure cloud providers with SOC 2 compliance. We implement industry-standard security measures including firewalls, intrusion detection, and regular security audits.

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share limited information with:

Service Providers

We work with trusted third-party service providers for payment processing, hosting, and infrastructure services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, or government request. However, due to our security architecture, we cannot provide access to your encrypted vault data even if compelled—we simply do not have the keys.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your options regarding your data.

Your Rights (GDPR/CCPA)

Depending on your location, you may have certain rights regarding your personal data:

For All Users

  • Access — Request a copy of your personal data
  • Correction — Update or correct inaccurate data
  • Deletion — Request deletion of your account and data
  • Export — Download your data in a portable format

For EU/EEA Residents (GDPR)

  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

For California Residents (CCPA)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us.

Data Retention

We retain your data as follows:

  • Account data — Retained while your account is active
  • Encrypted vault data — Retained while your account is active
  • Usage logs — Retained for up to 90 days
  • Payment records — Retained for 7 years for tax and legal compliance

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

Children's Privacy

Digital Shell is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with our service providers
  • Encryption of all sensitive data

Cookies and Tracking

We use cookies and similar technologies to provide and improve our Service. For detailed information about the cookies we use, please see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

For significant changes, we will also send you an email notification. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.