Home Features Vault How It Works Chain Developers Get Started FAQ Open Workspace →
Legal

Privacy Policy

Last updated: April 7, 2026
🔒

No P2P File Storage

Direct and local transfers do not store file contents on Clex servers

👤

Local Vault Encryption

Vault notes stay encrypted on your device, with keys derived or stored locally

📊

Scoped Drive Metadata

Temporary Drive-share metadata, quotas, and auth signals are limited to what Vault needs to work

Section 01

Overview

Clex ("we", "us", "our") is a browser-based workspace for preparing and sharing files, plus Vault for encrypted notes, secret links, and timed Drive-share links. This Privacy Policy explains how we collect, use, and protect information when you use clex.in and its related services.

Our default position is to keep content in your browser whenever possible. Direct P2P transfers, local network transfers, browser-side file processing, and local Vault notes are all designed to minimize server involvement.

Section 02

What We Don't Collect

The following boundaries are core to how Clex and Vault are built:

  • We do not store your files on any Clex server during P2P or local transfers
  • We do not read, scan, analyze, or inspect the content of your files
  • We do not store Vault note plaintext or secret decryption keys on our servers
  • We do not require an account for core browser-side preparation, P2P transfer, or local transfer functionality
  • We do not sell or share personal data with third parties for advertising
  • We do not use tracking cookies for behavioral advertising
  • We do not publish Vault notes, secret-link content, or timed Drive-share file contents to the public Transfer Chain
Section 03

What We Do Collect

To operate the service, we may process or store the following limited categories of data:

  • Signaling and routing data: Temporary identifiers and network metadata used to establish P2P sessions and route transfers.
  • Basic service analytics: Aggregated page views, feature usage counts, and error reports used to keep the product stable.
  • Google account data: When you choose Google Drive fallback or Vault Cloud Share, authentication is handled through Google/Firebase flows. We may receive identifiers such as UID, email address, display name, and avatar URL that are necessary to show account state and apply quotas.
  • Temporary Drive-share metadata: For Vault Cloud Share we store share metadata such as file name, size, MIME type, upload time, delete time, owner identifiers, share codes, and Drive item ids so the timed Drive session can function and clean itself up.
  • Secret status metadata: For Vault Secret Share we store encrypted payloads, expiry timestamps, open-status metadata, and the selected protection policy until the secret expires or is consumed.
Section 04

Direct Transfer Privacy

When you share files via direct P2P or local network transfer, Clex uses browser networking primitives such as WebRTC to create a direct connection between devices.

  • A lightweight signaling layer helps the browsers discover each other
  • The signaling layer processes connection metadata, not file contents
  • Once the direct path is established, file data moves between browsers rather than through a Clex content relay
  • Direct transfer traffic is encrypted in transit via the underlying browser protocols
  • When the transfer completes or the tabs close, browser-held transfer data is discarded unless you intentionally save or export it
Section 05

Vault Notes and Local Encryption

Vault notes are designed to remain primarily on your device. Notes, folders, search state, and interface preferences may be written to local browser storage or IndexedDB so Vault can work offline and reopen quickly.

  • Vault note content is encrypted before local persistence
  • Vault keys are generated, imported, or derived locally on the device
  • If you use Google-backed pairing or recovery flows, the derivation happens locally; your raw encryption key is not uploaded to Google by Clex
  • Device sync behavior depends on the features you enable and the devices you pair
Section 06

Vault Secret Share

Secret Share stores an encrypted payload plus its expiry and policy metadata until the link expires or is consumed. The decryption key is intended to stay in the URL fragment so it is not included in normal server requests.

  • We store the encrypted secret body, creation time, expiry, open state, and selected protection policy
  • We do not store the hash-fragment decryption key as part of normal secret creation or viewing requests
  • If you disable view-once protection, the secret may remain re-openable until its expiry time
  • Protection features such as no-select or DevTools guard are client-side controls and should be understood as best-effort browser safeguards
Section 07

Vault Cloud Share and Temporary Drive Sessions

Vault Cloud Share is different from direct transfer. It is a temporary Drive-backed feature that writes uploads into the user's own Google Drive account under the Clex Share folder so files can be picked up later through a timed Vault link.

  • Google Drive sign-in is required so Vault can publish files in the user's Drive account and enforce daily quotas
  • Vault Drive shares are limited to 1 GB per file and 10 GB per day per connected account
  • Drive sessions are scheduled for deletion after 24 hours
  • Recipients who have the Vault link or access code may access the file or folder until the session expires or is deleted
  • We store encrypted refresh tokens and share metadata so the 24-hour cleanup job can remove expired Drive files and folders automatically
Section 08

Google Auth, Cookies, and Local Storage

We use local browser storage for preferences such as theme and for Vault's local state. We do not use advertising cookies or third-party behavioral trackers as part of the core product.

  • Google OAuth or Firebase-based sign-in is used only when you choose features that require it, such as Google Drive fallback or Vault Cloud Share
  • We do not receive or store your Google password
  • Local browser storage may retain preferences, local Vault state, and other product settings until you clear it
Section 09

Chain Boundary

The public Transfer Chain exists for workspace transfer-session metadata. Vault notes, secret-link content, secret policies, and timed Drive-share file contents are not written to that public ledger.

Section 10

Changes to This Policy

We may update this policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Significant changes may also be communicated through the product.

Section 11

Contact

Questions about this privacy policy? Contact us at [email protected].