Privacy Policy

Last updated: May 11, 2026

Overview

Encrypt Send ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the Encrypt Send app for Zoom, our website (encryptsend.com), and any related services (collectively, the "Service").

By using the Service, you acknowledge that we will collect and use your information as described in this Privacy Policy. This Privacy Policy does not extend to any third-party services, including Zoom. We encourage you to review Zoom's own privacy policy for information about how Zoom handles your data.

1. Information We Collect

Information from Zoom OAuth

  • Zoom account information — When you install and authorize Encrypt Send, we receive basic account details from Zoom through Zoom's OAuth authorization process, including your Zoom user ID, display name, and email address.
  • OAuth tokens — We store the access and refresh tokens issued by Zoom's OAuth system. These tokens are required to call Zoom APIs on your behalf and are stored securely with encryption at rest.

Information You Provide

  • Recipient email addresses — When you send files, you provide a recipient email address used for one-time password (OTP) verification and file delivery notifications.
  • Sender email addresses — When someone uploads files to your portal, they provide their email address for identification and OTP verification.
  • User settings and preferences — Portal branding (logo, accent color, profile photo), custom portal URL, link expiration settings, and blocked sender lists that you configure within the app.
  • Subscription information — If you upgrade to Encrypt Send Pro, payment and billing information is collected and processed by Zoom Marketplace — not by Encrypt Send directly. We receive confirmation of your subscription status but not your payment details.
  • Support communications — If you contact us for support, we retain records of that correspondence to assist you and improve the Service.

Information Collected Automatically

  • File transfer metadata — We retain minimal metadata needed to facilitate file transfers, such as file names (encrypted), share link identifiers, creation timestamps, expiration dates, and access records. We do not store the content of your files.
  • Usage data — We may collect basic usage information — such as feature usage patterns and error reports — to improve the Service and diagnose issues.
  • Device and browser information — When you access our website or portal, we may collect browser type, operating system, and IP address for security, compatibility, and troubleshooting purposes.

2. Information We Do NOT Collect

  • File contents — Files are encrypted before upload and stream directly to your Zoom account via the Zoom Chat Files API. We do not read, access, or permanently store the content of your files. Files are never saved to disk on our servers.
  • Payment card numbers or financial data — All billing is handled by Zoom Marketplace. We do not collect or store your payment information.

3. Zero Personal Data in Our Database

Encrypt Send is designed with a zero readable personal information architecture. All email addresses stored in our database are cryptographically hashed and encrypted. File names are encrypted at rest. OAuth tokens are encrypted at rest. Display names are cached temporarily and never stored in the database. Error logs contain no personal information. This means that even in the unlikely event of a data breach, no readable personal information would be exposed.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service — including uploading files to your Zoom account and generating secure share links
  • Send transactional emails on your behalf, including OTP verification codes, file delivery notifications to recipients, and upload invitation emails
  • Verify recipient and sender identities via one-time password (OTP) email verification
  • Deliver uploaded files to your Zoom Team Chat account
  • Persist your configuration settings, branding, and preferences across sessions
  • Process and manage Encrypt Send Pro subscriptions in coordination with Zoom Marketplace
  • Respond to support requests and communicate with you about your account
  • Improve the Service and develop new features
  • Detect, prevent, and investigate fraud, abuse, or security incidents
  • Comply with applicable legal obligations

We use your data only to provide and improve the Service. We do not use your data for advertising or marketing to third parties.

5. Email Notifications

The Service sends transactional emails via a third-party email delivery provider (SMTP2GO) in the following circumstances:

  • OTP verification codes — A 6-digit one-time code sent to verify a sender's or recipient's email address. Codes expire after 10 minutes.
  • File delivery notifications — When an Encrypt Send user shares files with a recipient, the recipient automatically receives an email containing a secure download link.
  • Upload invitations — When an Encrypt Send user sends an email invite requesting files, the recipient receives a branded email with a direct upload link.

All emails sent by the Service are transactional in nature — they are necessary for the Service to function and are not marketing or promotional messages. We do not send unsolicited emails, newsletters, or promotional content.

6. Information Sharing

We do not sell your personal information. We do not share your personal information with third parties for their own marketing or advertising purposes.

We may share limited information in the following circumstances:

  • Service providers — We engage trusted third-party service providers to help us operate the Service, including cloud hosting (Vercel), email delivery (SMTP2GO), and caching infrastructure. These providers are contractually limited to using your data only to provide services on our behalf and may not use it for their own purposes.
  • Zoom — The Service operates within the Zoom platform. Information necessary for the app to function — such as your Zoom user ID — is exchanged with Zoom in accordance with Zoom's terms and privacy policy.
  • Legal requirements — We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Encrypt Send, our users, or others.
  • Business transfers — In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of the transaction. This Privacy Policy will continue to govern the transferred information, and we will provide notice before your information becomes subject to a materially different privacy policy.

7. Data Storage and Security

Your data is stored in secure cloud infrastructure hosted in the United States. We implement commercially reasonable security measures to protect your information, including:

  • Encryption of all sensitive data at rest (emails, file names, OAuth tokens)
  • Zero-disk file processing — files stream through memory and are never written to disk
  • Encrypted data transmission (TLS/SSL) between your devices and our servers
  • Access controls that restrict access to your data to the minimum necessary service processes
  • Rate limiting on OTP attempts, uploads, and API endpoints to prevent abuse
  • CAPTCHA protection on guest portal access

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of any data.

8. Data Retention and Deletion

We retain your account information, OAuth tokens, and settings for as long as the Encrypt Send app remains installed and authorized on your Zoom account.

When you uninstall or deauthorize the app, Zoom sends us a deauthorization webhook. Upon receiving this notification, we mark your account as disabled. You may request complete deletion of your account data by contacting us.

File transfer metadata (such as share link identifiers and expiration dates) is retained for the duration of the link's active period. Expired file records are automatically cleaned up on a scheduled basis.

You may request deletion of your personal data at any time by contacting us at support@encryptsend.com. We will honor deletion requests unless retention is required for legitimate purposes such as fraud prevention or legal compliance.

9. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Object to or request restriction of certain processing of your data
  • Withdraw consent at any time where processing is based on your consent
  • Data portability — receive a copy of your data in a structured, machine-readable format

To exercise any of these rights, contact us at support@encryptsend.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

10. Cookies and Tracking

Our website (encryptsend.com) uses cookies and similar technologies to improve your browsing experience and to understand how visitors use our site.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to collect and analyze website traffic data. Google Analytics uses cookies to track your interactions with our website. The information collected includes pages visited, time spent on each page, approximate geographic location, browser type, device type, and referring website. We do not send any personally identifiable information to Google Analytics.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, or by adjusting your browser's cookie settings.

Other Cookies

We do not use third-party advertising trackers on our website. We do not serve ads or share browsing data with ad networks. Any cookies set by our site are used solely for analytics and site functionality.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete that information. If you believe we may have collected information from a minor, please contact us at support@encryptsend.com.

12. No Selling or Advertising

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes, and we do not share your data with third-party advertisers.

13. Users Outside the United States

The Service is operated from the United States. If you access the Service from outside the United States, you acknowledge and consent to the transfer, processing, and storage of your information in the United States, where data protection laws may differ from those in your jurisdiction.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify you by email or through a notice within the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

15. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy inquiries within one business day.