Privacy Policy
Last updated: December 17, 2025
1. Introduction
SatisVault ("we," "our," or "us") is a browser extension that helps developers securely access and manage secrets stored in cloud key vault services, including Microsoft Azure Key Vault. This Privacy Policy explains how we collect, use, and protect your information when you use our Chrome extension.
Key Privacy Principle: Your credentials and secrets never leave your browser. We do not collect, store, or have access to your vault secrets or authentication tokens.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign up, we collect your email address and name through Google or Microsoft OAuth authentication.
- Subscription Information: If you subscribe to our paid plan, payment processing is handled by Stripe. We do not store your credit card details.
2.2 Information Collected Automatically
- Usage Analytics: We may collect anonymous usage statistics such as feature usage frequency and error reports to improve our service.
- Device Information: Browser type and version for compatibility purposes.
2.3 Information We Do NOT Collect
- Your Azure Key Vault secrets or their values
- Your Microsoft Azure credentials or access tokens
- Your browsing history or visited URLs
- Contents of web pages you visit
- Any personally identifiable information beyond what is necessary for authentication
3. How We Use Your Information
We use the collected information to:
- Authenticate you and provide access to the extension features
- Process subscription payments through Stripe
- Send important service updates and security notifications
- Improve the extension functionality and user experience
- Provide customer support
4. Data Storage and Security
4.1 Local Storage
The extension stores the following data locally in your browser:
- Your authentication session tokens (encrypted)
- Cached vault metadata for performance (vault names, secret names - NOT secret values)
- Your extension preferences and settings
- Web tags you create for URL matching
4.2 Security Measures
- OAuth 2.0 with PKCE: We use industry-standard OAuth 2.0 with Proof Key for Code Exchange for secure authentication
- No Password Storage: We never see, store, or transmit your passwords
- Direct API Communication: The extension communicates directly with Azure APIs from your browser - data does not pass through our servers
- Encrypted Storage: Sensitive data stored locally is encrypted
Zero-Knowledge Architecture: Secret values are fetched directly from Azure Key Vault to your browser. Our servers never see or process your actual secrets.
5. Extension Permissions
SatisVault requires the following browser permissions:
- storage: To save your preferences, cached metadata, and session data locally
- identity: To authenticate you via Google or Microsoft OAuth
- activeTab: To detect the current website URL for secret matching (Web Tags feature)
- tabs: To show badge notifications when secrets match the current site
Host Permissions
- https://vault.azure.net/* and https://*.vault.azure.net/*: To communicate with Azure Key Vault APIs
- https://secretsmanager.*.amazonaws.com/*: For future AWS Secrets Manager support
6. Third-Party Services
We integrate with the following third-party services:
- Microsoft Azure: For Key Vault API access. Subject to Microsoft Privacy Statement
- Google OAuth: For authentication. Subject to Google Privacy Policy
- Stripe: For payment processing. Subject to Stripe Privacy Policy
7. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:
- Service Providers: With Stripe for payment processing
- Legal Requirements: If required by law or to protect our rights
- Business Transfers: In connection with a merger or acquisition (users will be notified)
8. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct your information
- Deletion: Request deletion of your account and data
- Data Portability: Export your data in a machine-readable format
- Opt-out: Unsubscribe from marketing communications
To exercise these rights, contact us at privacy@satisvault.com
9. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Account information is deleted within 30 days
- Local browser storage is cleared when you uninstall the extension
- Payment records may be retained as required by law
10. Children's Privacy
SatisVault is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.
11. International Users
If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@satisvault.com
- Website: satisvault.com