Davy.Locker ("we," "our," or "us") is a credential security platform for AI agents. This Privacy Policy explains how we collect, use, and protect information when you use our software, services, and website (collectively, the "Service").
Our core architectural principle is zero-knowledge encryption. This means we have designed our systems so that we never see, store, or transmit your credentials in plaintext. All encryption and decryption happens locally on your machine. This is not a policy choice — it is a mathematical guarantee enforced by our architecture.
Your credentials never leave your machine unencrypted. On the Free tier, no data leaves your machine at all. On the Pro tier, only encrypted blobs and team metadata are synced. We never sell your data. We never will.
Information We Collect
What we collect depends on which tier of the Service you use.
Free Tier (Self-Hosted)
The Free tier runs entirely on your local machine. We collect:
- Nothing. Zero telemetry, zero analytics, zero network calls. The Free tier operates fully offline. Your vault, credentials, audit logs, and configuration never leave your device.
Pro Tier (Cloud Dashboard)
When you opt into the Pro tier, we collect the minimum data necessary to provide the cloud dashboard experience:
- Account information: Email address, display name, and payment information (processed by our payment provider; we do not store card numbers)
- Team metadata: Team names, member roles, and permission configurations stored on Supabase
- Encrypted vault blobs: Your credential vault is synced as an encrypted blob to Cloudflare R2. We cannot decrypt it. Only you hold the key.
- Encrypted audit logs: Audit events are encrypted before sync. We can see that an audit entry exists; we cannot read its contents.
- Basic usage analytics: Anonymous, aggregated statistics such as number of active agents, credential access counts, and feature usage. These contain no personally identifiable information and no credential data.
Website Visitors
When you visit our website, we may collect:
- Standard server logs: IP address, browser type, referring URL, pages visited, and timestamps
- Anonymous analytics: Page views and navigation patterns via privacy-respecting analytics (no third-party tracking cookies)
Information We Don't Collect
This is the section that matters most. Our zero-knowledge architecture means we are structurally incapable of accessing the following:
The following items are encrypted with keys derived from your master password via Argon2id. We never receive your master password. Without it, the encrypted data is computationally indistinguishable from random noise.
- Your credentials — API keys, tokens, passwords, secrets of any kind. Never transmitted in plaintext. Never stored in plaintext. Not on our servers, not in our logs, not anywhere.
- Your master password — Used locally for key derivation (Argon2id). Never transmitted. We cannot reset it for you because we do not have it.
- Decrypted vault contents — We store encrypted blobs (Pro tier only). We cannot decrypt them.
- Plaintext audit log contents — Audit events are encrypted before leaving your machine. We see opaque ciphertext.
- Agent request/response payloads — The credential injection proxy operates locally. API call contents never pass through our infrastructure.
- MCP tool invocation details — All MCP server operations run on your machine. We have no visibility into what your agents request or receive.
| Data Type | Free Tier | Pro Tier |
|---|---|---|
| Credentials (plaintext) | Never leaves device | Never leaves device |
| Master password | Never transmitted | Never transmitted |
| Vault data | Local only | Encrypted blob on R2 |
| Audit logs | Local only | Encrypted on sync |
| Team metadata | N/A | Supabase (plaintext) |
| Usage analytics | None | Anonymous & aggregated |
How We Use Information
The limited information we collect on the Pro tier is used for the following purposes and no others:
- Providing the Service: Syncing encrypted vault data across your devices, managing team memberships, processing payments, and delivering the cloud dashboard
- Security monitoring: Detecting and preventing abuse, unauthorized access, or attacks against our infrastructure
- Service improvement: Understanding aggregate usage patterns to improve performance and prioritize features. This uses anonymous, non-identifiable data only.
- Communication: Sending transactional emails (account confirmations, security alerts, billing receipts). We do not send marketing emails unless you explicitly opt in.
We do not sell, rent, lease, or trade your personal information to third parties. Not now. Not ever. Our business model is software subscriptions, not data monetization.
Data Storage & Security
Local Storage (Free & Pro)
Your vault is stored locally at ~/.davy-locker/vault.json, encrypted with AES-256-GCM using keys derived from your master password via Argon2id. This file is under your control and subject to your own device security practices.
Cloud Storage (Pro Only)
- Encrypted vault blobs are stored on Cloudflare R2 (edge-distributed object storage). Data is encrypted before upload using AES-256-GCM. Cloudflare cannot decrypt it. We cannot decrypt it.
- Team metadata (member emails, roles, team names) is stored on Supabase with row-level security policies and encrypted connections.
- Payment information is processed and stored by our payment provider. We do not have access to full card numbers.
Cryptographic Standards
- AES-256-GCM — Encryption at rest (Web Crypto API)
- Argon2id — Key derivation from master password (brute-force resistant)
- X25519 — Key exchange for team sharing (tweetnacl, audited)
- SHA-256 — Integrity verification
All cryptographic operations use NIST-approved algorithms via well-audited, open-source implementations. We did not design our own cryptographic primitives.
Third-Party Services
The Pro tier relies on the following third-party infrastructure providers. Each receives only the minimum data necessary for their function:
- Cloudflare R2 — Stores encrypted vault blobs. Cloudflare sees opaque encrypted data. Their privacy policy applies to infrastructure-level metadata.
- Supabase — Stores team metadata and account information. Subject to Supabase's privacy policy and our row-level security configuration.
- Payment processor — Processes subscription payments. We do not store or have access to full payment card details.
The Free tier uses zero third-party services. All operations happen locally on your machine with no network calls.
We do not use third-party advertising networks, data brokers, or behavioral tracking services on any tier.
Your Rights
Regardless of your jurisdiction, we believe you have the following rights and we will honor them:
- Access: You may request a copy of all data we hold about you. For Free tier users, this is nothing — all data is local to your device.
- Deletion: You may request deletion of your account and all associated data. For Pro tier users, this includes encrypted vault blobs on R2, team metadata on Supabase, and any analytics records.
- Portability: Your vault is a local file under your control. You can back it up, move it, or delete it at any time without our involvement.
- Correction: You may update your account information (email, display name) through the dashboard or by contacting us.
- Objection: You may object to any processing of your data. Given our minimal collection, this primarily applies to analytics, which you can opt out of.
- Withdrawal of consent: You may downgrade from Pro to Free at any time. Upon downgrade and your request, all cloud-synced data will be permanently deleted from our infrastructure.
To exercise any of these rights, contact us at privacy@davylocker.dev.
Data Retention
- Free tier: We retain no data. Everything is local to your device and retained according to your own practices.
- Pro tier (active account): Data is retained for the duration of your active subscription.
- Pro tier (account deletion): All data is permanently deleted within 30 days of a deletion request. Encrypted vault blobs, team metadata, and analytics records are all purged.
- Server logs: Standard web server logs are retained for a maximum of 90 days, then automatically deleted.
Children's Privacy
Davy.Locker is a developer tool intended for professional use. We do not knowingly collect personal information from children under 13 (or under 16 in the European Economic Area). If we become aware that a child has provided us with personal information, we will take steps to delete that information promptly.
If you believe a child has provided us with personal information, please contact us at privacy@davylocker.dev.
International Data Transfers
For Pro tier users, encrypted vault data and team metadata may be stored on infrastructure located in various regions. Because vault data is encrypted before it leaves your device, the physical location of storage does not affect the security of your credentials — the data is computationally inaccessible without your master password regardless of jurisdiction.
If you are located in the European Economic Area, United Kingdom, or Switzerland, we will ensure that any transfer of personal information complies with applicable data protection laws.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective date" at the top of this page
- Notify Pro tier users via email at least 30 days before material changes take effect
- Post a notice on our website
Our zero-knowledge architecture is a design commitment, not a policy convenience. Any change that would weaken our cryptographic guarantees would require a new version of the software that you would need to explicitly install. You cannot be silently downgraded.
Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
- Email: privacy@davylocker.dev
- GitHub: github.com/davylocker
We aim to respond to all privacy-related inquiries within 10 business days.