> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/drive-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/drive-support/copy-of-keyboard-shorcuts/privacy-policy.md).

# Privacy Policy

* **Effective date:** 4 June 2026 **Last updated:** 4 June 2026

  Oten Drive ("Oten Drive", the "App", "we", "us", or "our") is a zero-knowledge encrypted file storage service operated by Silver Tiger. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Oten Drive, you agree to this Policy.

  > **The short version:** Your files are encrypted on your device before they ever leave it. We store only encrypted data and we never hold the keys needed to read it. We cannot view, decrypt, or hand over the contents of your files — not to anyone, including ourselves.

  ### 1. Our zero-knowledge principle

  Oten Drive is built on end-to-end, zero-knowledge encryption:

  * Every file is encrypted **on your device** before it is uploaded or synced.
  * Our servers store only **ciphertext** (encrypted data). They never receive your files in readable form.
  * The encryption keys are derived from your password and credentials and are held **only by you**. They are never transmitted to us unprotected and are never stored on our servers in a form we can use.
  * As a result, **we cannot read your file contents, file names, or folder structure**, and we cannot recover them if you lose your password and Recovery Key.

  This design is intentional. It means your most sensitive data stays private even in the event of a server breach, a legal demand, or a compromised device.

  ### 2. Information we collect

  Because of our zero-knowledge architecture, we collect very little. The data below is what we **can** access:

  #### a) Account information

  * **Email address** — to create and authenticate your account (via Oten Identity single sign-on).
  * **Name** — if you provide it, for account and support purposes.
  * **Account / user identifier** — a unique ID associated with your account.

  #### b) Usage and diagnostics data

  * **Usage data** — anonymous or pseudonymous product-interaction events (e.g. which features are used, frequency of use), collected through analytics tools to help us improve the App.
  * **Crash and diagnostic data** — technical logs and crash reports used to detect, diagnose, and fix problems.
  * **Device and technical information** — app version, operating system version, device type, and similar technical details.

  #### c) Information we do NOT collect

  * **The contents of your files, file names, folder names, or vault contents.** These are end-to-end encrypted and inaccessible to us.
  * **Your encryption keys, passwords, PINs, or Recovery Keys.** We never receive these in a usable form.

  ### 3. How we use information

  We use the limited data we collect to:

  * Provide, operate, and maintain the App and its sync functionality;
  * Authenticate you and secure your account;
  * Provide customer support and respond to your requests;
  * Diagnose, fix, and prevent technical problems and abuse;
  * Understand how the App is used so we can improve it;
  * Comply with legal obligations.

  We do **not** use your data for advertising, and we do **not** sell your personal information.

  ### 4. Tracking

  We do **not** track you across other companies' apps or websites for advertising purposes. We do not use third-party advertising identifiers for cross-app tracking.

  ### 5. How information is shared

  We share data only in limited circumstances:

  * **Service providers** — we use trusted third parties to operate the service, including:
    * **Cloud infrastructure** providers that store **encrypted** data only;
    * **Analytics and crash-reporting** providers (for example, Google Firebase) that process usage and diagnostic data on our behalf. These providers are bound by contract to use the data only to provide services to us.
  * **People you choose to share with** — if you use sharing features, the encrypted content you share is made accessible to the recipients you designate, under the access rules (password, expiration, role) you set.
  * **Legal requirements** — we may disclose information if required by law. Note that because of our zero-knowledge design, **we are technically unable to produce the plaintext contents of your files**, regardless of any request.

  We do not sell, rent, or trade your personal information.

  ### 6. Data retention

  * **Account data** is retained for as long as your account is active.
  * **Encrypted file data** is retained until you delete it or close your account. When you delete data, the corresponding ciphertext is removed from our systems.
  * **Usage and diagnostic data** is retained for a limited period consistent with the purposes described above.

  You may delete your data or request account deletion at any time (see Section 8).

  ### 7. Security

  We protect your information using strong, industry-standard cryptography, including AES-256-GCM for data encryption, ML-KEM-768 (FIPS 203) for post-quantum key encapsulation, Ed25519 for signatures, and Argon2id for password-based key derivation. Encryption keys are stored in your device's secure hardware-backed storage (Apple Keychain).

  **Important:** Because only you hold the keys, you are responsible for safeguarding your password and Recovery Key. If you lose both, **your data cannot be recovered by anyone, including us**.

  ### 8. Your privacy rights

  Depending on where you live, you may have rights to:

  * Access the personal data we hold about you;
  * Correct inaccurate data;
  * Delete your data ("right to be forgotten");
  * Object to or restrict certain processing;
  * Data portability;
  * Withdraw consent where processing is based on consent.

  To exercise these rights, contact us at the address in Section 12. We will respond in accordance with applicable law (including the GDPR and the CCPA where they apply).

  ### 9. International data transfers

  Oten Drive operates internationally. Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for such transfers. As always, file contents remain end-to-end encrypted in transit and at rest.

  ### 10. Children's privacy

  Oten Drive is not directed to children. We do not knowingly collect personal information from children under the age required by your jurisdiction (generally 13, or 16 in some regions). If you believe a child has provided us with personal information, please contact us and we will delete it.

  ### 11. Changes to this Policy

  We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you within the App. Your continued use of Oten Drive after changes take effect constitutes acceptance of the updated Policy.

  ### 12. Contact us

  If you have questions about this Privacy Policy or your data, contact us at:

  * **Email:** <support@oten.com>
  * **Operator:** Oten
  * **Support:** <https://docs.oten.com/drive-support>

  <br>
