This Privacy Policy is an integral part of the ByteLock Terms of Service. It details the data processing activities specifically related to the creation and activity of your ByteLock Account when you use ByteLock, our end-to-end encrypted password manager and secure vault.
At ByteLock, we believe your privacy is fundamental. We've designed our entire platform around the principle that your sensitive data belongs to you alone, and we're committed to protecting it with the highest level of encryption.
All data stored in ByteLock, including passwords, payment card information, secure notes, and files, are end-to-end encrypted. ByteLock does not possess the ability to decrypt end-to-end encrypted data. This means we cannot access, view, or decrypt your sensitive information under any circumstances.
Metadata associated with your vault entries (such as creation dates, modification timestamps, and entry types) is also encrypted. Only you have the encryption keys to decrypt this information on your device.
If you use ByteLock's alias forwarding feature, alias addresses are created and retained for as long as you choose to keep them. These aliases are not encrypted (as they need to forward emails), but they are stored securely on our servers. This processing of data relies on our contract of services with you.
If you use ByteLock with an external email address, this address will be used as a basis for creating your aliases and account authentication. We will not share this email with third parties without your explicit consent.
When sharing your vault with another ByteLock user, you share your vault encryption key with them. This key is encrypted with your recipient's address key, ensuring only they can access the shared vault. ByteLock servers cannot decrypt this shared key.
All shared vault activities are logged (who has access, when access was granted), but the vault contents themselves remain encrypted and inaccessible to ByteLock servers.
Server Infrastructure: Data storage servers used in connection with ByteLock are wholly-owned and operated by ByteLock or our subsidiaries. Access to this infrastructure is tightly controlled—only authorized employees of ByteLock have physical or other access to the servers.
Encryption at Rest: All data is stored in encrypted format on our servers. Data is exclusively located in Switzerland, Germany, or Norway, under the protection of some of the world's strongest privacy laws.
Backups: Offline backups, which may be stored periodically for disaster recovery, are also encrypted and subject to the same access controls. We cannot decrypt any user encrypted content on either production servers or in backups. Backups are kept for up to 30 days.
Transmission Security: All data transmitted between your device and ByteLock servers is encrypted using TLS/SSL with strong cipher suites. Additionally, the encryption/decryption of vault contents occurs exclusively on your device.
Analytics: We may collect non-personally identifiable usage analytics to improve ByteLock's functionality and security. This data does not include the contents of your vault or personal information.
Privacy Scanning: Our privacy scanning feature analyzes your online accounts to identify security breaches and vulnerabilities. This service may use third-party breach databases to identify compromised accounts. We do not store or transmit your passwords to these services.
Payment Processing: Payment and subscription information is processed through secure third-party payment processors. ByteLock servers do not store complete credit card information—only tokenized payment references.
We collect minimal personal data necessary to provide ByteLock services:
You have the right to:
To exercise any of these rights, please contact us at privacy@bytelock.com or through your account settings.
ByteLock may update this Privacy Policy from time to time. We will notify you of any material changes via email or through the ByteLock app. Your continued use of ByteLock after such modifications constitutes acceptance of the updated Privacy Policy.
If you have any questions about this Privacy Policy or ByteLock's privacy practices, please contact us at:
Email: privacy@bytelock.com
Mailing Address:
ByteLock Security Team
174 Brookfield Rd, Charlton MA 01507, USA
We take data privacy seriously and are committed to transparent, ethical practices.
© 2026 ByteLock. All rights reserved.