Privacy Policy

Your privacy matters, and at Envless it is fundamental to how the platform is built. This Privacy Policy explains what information we collect when you use Envless, how we use that information, who we share it with, and the choices you have. Envless is an end-to-end encrypted secrets management platform: variable values you store with us are encrypted on your device before they ever reach our servers, which means we cannot read them, and neither can a third party that might gain access to our infrastructure.

Envless provides a CLI, cloud dashboard, APIs, and SDKs that let developers and teams manage environment variables and secrets across projects and environments. To make this work, we process two broad categories of information: account and operational data that we can read (such as your email address, workspace membership, and usage metrics), and end-to-end encrypted payloads that we cannot read (the actual values of your variables and any metadata you have chosen to encrypt).

We use a small number of strictly necessary cookies and similar local storage technologies to keep you signed in, remember your dashboard preferences, and protect against fraud and abuse. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that build behavioural profiles on you. You can clear cookies in your browser at any time, though doing so will sign you out of the dashboard.

When you create an Envless account we collect basic information such as your name, email address, password hash, and (for paid plans) billing details handled by our payment processor. We use this information to create and secure your account, communicate with you about the Services, process payments, and provide customer support. Billing information is processed by a PCI-compliant payment provider; we do not store full payment card numbers on our servers.

We collect the following data when you authenticate:

• Account details such as your name, email address, and display name
• Workspace, project, and environment metadata (names, descriptions, member roles)
• API usage, sync activity, and audit log entries tied to your account
• Billing and subscription information processed through our payment provider

Your data is used to:

• Operate and improve the CLI, dashboard, APIs, and SDKs that make up Envless
• Provision and synchronize your projects, environments, and team workspaces
• Enforce plan limits, detect abuse, and protect the platform from fraud and security incidents
• Process payments, manage subscriptions, and send invoices
• Send essential service updates, security notices, and support communications

We never sell, rent, or trade your personal data, and we do not share it with third parties for advertising or marketing purposes.Variable values you store with Envless are end-to-end encrypted on your device before they reach our servers, which means we cannot read the contents of your secrets even if we wanted to.We may share anonymized, aggregated usage statistics for analytics and product research, but we will never share personally identifiable information without your consent or a clear legal basis.We retain your account and workspace data for as long as your account is active. You can export your workspaces and request deletion of your account at any time from the dashboard.We implement industry-standard security controls, including TLS in transit, encryption at rest, strict access controls on production systems, and continuous monitoring, to protect the data we hold on your behalf.

We use the information we collect to operate, maintain, and improve Envless; to provision your projects, environments, and team workspaces; to enforce plan limits; to detect and prevent abuse, fraud, and security incidents; to communicate important service updates and respond to support requests; and to comply with legal obligations. We do not use the contents of your encrypted variables for any purpose other than storing and synchronizing them on your behalf, because we are not able to read them.

Variable values you store with Envless are encrypted client-side using authenticated encryption before they are uploaded. Encryption keys are derived from material that stays under your control, so the ciphertext we hold is meaningless without your keys. In addition, all traffic to and from Envless is protected with TLS, data at rest is encrypted on our infrastructure, and access to production systems is restricted, logged, and reviewed. While no system can guarantee perfect security, our architecture is designed so that even a worst-case server compromise does not reveal the contents of your secrets.

We do not sell, rent, or trade your personal information. We share information only with trusted service providers that help us operate Envless (such as hosting, payment processing, email delivery, and error monitoring), and only under contracts that require them to protect your information and use it solely for the purposes we specify. We may disclose information if required by law, valid legal process, or to protect the rights, safety, or property of Envless, our users, or the public. In the event of a merger, acquisition, or asset transfer, information may be transferred to the new entity subject to this Privacy Policy.

We retain account information for as long as your account is active and for a limited period afterwards to comply with legal, accounting, and security obligations. Encrypted variables and project data are retained while your workspace is active and for a short grace period after cancellation or deletion, during which the workspace can be restored. After that period, the data is permanently deleted from our active systems and removed from backups on a rolling basis.

Depending on where you live, you may have rights to access, correct, export, restrict, or delete the personal information we hold about you, and to object to certain processing activities. You can exercise most of these rights directly from the dashboard, including exporting workspaces and deleting your account. For any request that cannot be completed from the dashboard, contact us using the details below and we will respond in accordance with applicable law.

Envless operates globally, and information we collect may be processed in countries other than the one in which you live. When we transfer personal information across borders, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms recognised under applicable data protection laws.

Envless is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

We may update this Privacy Policy to reflect changes to the Services, our practices, or legal requirements. When we make material changes, we will notify you by email or through the dashboard before the changes take effect. The latest version will always be available at this URL, with the effective date shown at the top.

If you have questions about this Privacy Policy, want to exercise your data protection rights, or would like to report a security concern, please contact our team at [email protected]. We aim to respond within thirty days, or sooner where required by law. [email protected].