Skip to main content
MussNV

Privacy Policy

Last updated: January 31, 2026

1. Zero-Knowledge Architecture

MussNV is built on a zero-knowledge architecture. Your files are encrypted in your browser using AES-256-GCM encryption before upload. Your encryption key is derived from your password using PBKDF2 with 600,000 iterations. We never see, store, or have access to your password, your encryption key, or your unencrypted files.

2. Data We Collect

  • Email address — Required for account creation and magic link authentication. Used to send sign-in links and optional upload notifications.
  • Hashed IP address — A SHA-256 hash of your IP address combined with your user agent is used for rate limiting anonymous transfers. We do not store raw IP addresses.
  • Session cookie — A single HTTP-only cookie stores your session for authentication. No tracking or analytics cookies are used.
  • File metadata — File names, sizes, MIME types, and chunk information are stored to facilitate transfers. Encrypted file chunks are stored on disk until expiration.

3. Encryption Details

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: PBKDF2 with 600,000 iterations (OWASP 2023 recommendation)
  • Salt: 32-byte cryptographically random salt per transfer
  • Nonce: 12-byte unique nonce per chunk
  • Implementation: Web Crypto API (browser-native)

4. Payment Processing

Paid subscriptions are processed by Stripe. We do not store your credit card numbers or payment details. Stripe handles all payment processing in accordance with PCI DSS standards. We store only your Stripe customer ID and subscription status.

5. Data Retention

  • Encrypted files: Automatically deleted when they expire (1 hour to 7 days, depending on your settings). A cleanup process runs every 6 hours.
  • Transfer records: Deleted along with expired files.
  • Usage records: Daily rate-limiting records are kept for operational purposes.
  • Account data: Retained until you delete your account.

6. Your Rights

  • Data export: You can export all your account data in JSON format from the Settings page in your dashboard.
  • Account deletion: You can permanently delete your account and all associated data from the Settings page. This action is irreversible and will cancel any active subscriptions.
  • Access: You can view your transfer history and account details in your dashboard at any time.

7. No Tracking or Analytics

MussNV does not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. We do not serve advertisements. We do not sell, rent, or share your data with third parties.

8. Contact

For privacy-related questions or concerns, contact us at support@mussnv.com.