Privacy Policy
Plain-language summary.
- Local encryption. MyColdKey is designed so encryption and decryption of backup contents happen on your computer.
- No secrets to us. We do not want seed phrases, private keys, vault passwords, or plaintext secrets.
- Online services. We process account, licensing, checkout, device entitlements, support, website, waitlist, and (if you use it) optional Cloud+ information—including encrypted payloads and related metadata where applicable.
- No sale of personal information. We do not sell personal information.
This Privacy Policy describes how MyColdKey LLC (“MyColdKey,” “we,” “us”) collects, uses, discloses, and protects information in connection with our websites (including mycoldkey.com), our desktop application (“Software”), online accounts and licensing, checkout and payments, customer support, optional Cloud+ sync/storage, physical or titanium fulfillment where you redeem credits or order products, and related services (collectively, the “Services”).
Important distinction: protecting backup contents with local cryptography is separate from account records, payment processing, customer support, marketing email, website analytics, server logs, and other ordinary business data. Those categories may include personal information processed in readable form where necessary to operate the Services.
If you do not agree with this Policy, please do not use the Services. The Terms of Service govern use of the Services.
What stays on your device vs. what may reach us
The table below is a practical overview. It is not an exhaustive technical specification.
| Category | Typical posture |
|---|---|
| Vault contents / plaintext secrets | Intended to remain on your device with your vault password and local cryptographic processing. Do not send these to us. |
| Encrypted backup files or Cloud+ payloads | May be stored or synced using our systems and vendors as ciphertext. We may still process related metadata (for example, account IDs, object or file names, sizes, timestamps, sync status). |
| Account and licensing records | Processed to provide sign-in, entitlements, device limits, and subscription status where applicable. |
| Payment and order records | Payment processors handle payment credentials; we receive order and payment metadata needed to fulfill purchases. |
| Support communications | Processed when you email or message us, including message content and routing metadata. |
| Website, contact, and waitlist data | Processed when you browse the Site, submit forms, or join a waitlist. |
| Physical / titanium fulfillment | If you redeem engraving credits or order physical items, we and fulfillment partners may process shipping contact details, order details, and production or engraving-related metadata needed to manufacture and deliver products. |
1. Information we collect
The categories below depend on how you interact with us. You are not required to provide all of this information, but some features (for example, checkout or Cloud+) will not work without it.
Identifiers and account data
- Email address and name when you create an account, sign in to checkout, join a waitlist or mailing list, or contact us.
- Account identifiers issued by us or our identity and authentication providers (for example, a user or subscriber ID).
- Support communications you send to support@mycoldkey.com or through contact channels, including message content and metadata (such as timestamps and routing information).
Commercial and licensing information
- License and entitlement records tied to your account (for example, product tier, device slots, subscription status for add-ons such as Cloud+).
- Order and payment metadata — our payment processors handle card and certain payment details; we typically receive confirmation of payment, amount, currency, plan purchased, and related identifiers, not your full payment card number.
Software, Cloud+, and technical data
- Cloud+ (optional). If you enable Cloud+, encrypted vault or backup data may be stored or transferred using our infrastructure and third-party cloud services. The Software is designed so we do not receive your vault password and so we are not in a position to decrypt your plaintext secrets. We may still process metadata such as account identifiers, file or object names, sizes, timestamps, and sync status, as needed to operate the service.
- Logs and security data — for example, server or application logs, IP address, device or app version, and diagnostic information used to secure the Services and troubleshoot issues.
Website, forms, and analytics
- Waitlist / forms. If you submit a form, we collect the fields you provide (such as name, email, and optional interests).
- Analytics. We may use cookies or similar technologies and analytics tools to understand traffic, referrers, and aggregate usage. If third-party analytics are enabled, they may collect device or usage data according to their policies; we configure tools to reduce unnecessary collection and we do not intend for analytics to collect vault contents or plaintext secrets.
Physical products and engraving
- If you redeem titanium or engraving credits or purchase physical products, we and fulfillment partners may process name and shipping or contact details, order identifiers, and information needed for production (for example, engraving specifications or layout metadata provided through the product flow).
- Engraving or production content may be visible to production staff or vendors as needed to manufacture and ship the item. Treat engraved or printed materials as sensitive physical artifacts and store them accordingly.
Data categories (examples)
Depending on your choices, we may process categories such as: identifiers (email, account IDs); commercial information (orders, licenses); internet or network activity (logs, analytics); geolocation derived from IP address; and audio, electronic, or similar information contained in support emails. Precise categories vary by jurisdiction and are described here at a practical level.
What we do not intend to collect
We do not ask you to send seed phrases, private keys, vault passwords, or other plaintext secrets. Please do not include them in email, forms, or uploads unless we explicitly request limited materials for troubleshooting under controlled instructions.
Do not send us secrets. Do not email or submit seed phrases, private keys, vault passwords, unencrypted wallet exports, or other plaintext secrets. Use innocuous test data when diagnosing issues unless MyColdKey provides specific, limited instructions for a support workflow.
2. How we use information
We use personal information to:
- Provide, operate, and improve the Services, including licensing, activation, and optional Cloud+;
- Process purchases and fulfill orders (including fulfillment partners for physical items where applicable);
- Authenticate users, prevent fraud and abuse, and secure our systems;
- Communicate with you about transactions, security, and (where you have opted in) product updates or marketing;
- Comply with law, respond to lawful requests, and enforce our Terms of Service;
- Analyze aggregate usage to improve performance and user experience.
Legal bases (EEA/UK/Switzerland). Where GDPR or similar laws apply, we rely on one or more of: performance of a contract, legitimate interests (such as security and product improvement, balanced against your rights), consent where required, and legal obligation.
3. How we share information
We may share personal information with:
- Service providers who assist us under appropriate confidentiality and security obligations where applicable — for example, hosting, cloud storage, authentication, email delivery, payment processing, analytics, and customer support tools.
- Professional advisers (lawyers, accountants) where required.
- Authorities when we believe disclosure is required by law, regulation, legal process, or to protect rights, safety, or security.
- Business transfers — if we merge, are acquired, or sell assets, information may transfer as part of that transaction, subject to this Policy or equivalent protections.
We do not sell personal information. We do not use or disclose personal information for cross-context behavioral advertising as defined under applicable U.S. state privacy laws; if our practices change in a way that triggers such requirements, we will update this Policy and provide choices where required.
A list of subprocessor categories (and representative vendors where named) is maintained at Subprocessors. That page may be updated when we add or replace material vendors.
4. International transfers
We are based in the United States. If you access the Services from other countries, your information may be processed in the U.S. or other jurisdictions where we or our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA, UK, or Switzerland.
5. Retention
We retain personal information for as long as needed for the purposes described in this Policy, including legal, accounting, and security requirements. Examples (non-exhaustive):
- Account and licensing records — for the life of the account and a reasonable period afterward to resolve disputes, enforce terms, and meet legal obligations.
- Order and payment records — as needed for tax, accounting, fraud prevention, and chargeback handling, typically for years depending on applicable law.
- Support emails — long enough to provide follow-up support and maintain internal records, unless a shorter period is required or you request deletion where we can honor it consistent with law.
- Cloud+ encrypted objects and related metadata — while your subscription or entitlement is active and for a reasonable period after cancellation or expiration to allow reactivation, migration, or recovery operations described in product materials, after which data may be deleted according to our retention procedures.
- Logs and security data — for limited periods based on operational and security needs.
6. Security
We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
7. Security incidents
If we become aware of a breach affecting personal information we hold, we will investigate and provide notices to affected individuals and regulators where required by applicable law.
8. Your rights and choices
Depending on where you live, you may have the right to access, correct, delete, or export personal information we hold about you; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority, where applicable and subject to exceptions.
To exercise these rights, email support@mycoldkey.com. We may need to verify your request. If you are in the EEA, UK, or Switzerland, you may also contact your local data protection authority.
9. U.S. state privacy (including California)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including to know, delete, and correct personal information, and to opt out of “sale” or certain disclosures for cross-context behavioral advertising (we do not sell covered personal information and do not engage in such sharing as described in Section 3). You may designate an authorized agent as permitted by law. We will not discriminate against you for exercising privacy rights.
Residents of other U.S. states with comprehensive privacy laws may have similar rights where applicable; contact us as above.
10. Cookies and similar technologies
We and our analytics providers may use cookies, local storage, pixels, or similar technologies for functionality, preferences, and analytics. You can control cookies through your browser settings; blocking some cookies may affect Site functionality.
11. Children
The Services are not directed to children under 13 (or 16 where a higher age applies). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.
12. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the revised version here and change the “Last updated” date. For material changes, we will provide additional notice where required by law.
13. Contact
Data protection questions: support@mycoldkey.com.
Controller: MyColdKey LLC, United States.