Privacy Policy

Introduction

Krypton ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our secure file transfer service.

By using Krypton, you agree to the terms of this policy. If you do not agree, please do not use our service.

Information We Collect

Account Information

• Name, email address, and password
• Agency or organization details
• Account preferences and settings
• API keys for integrations

Transfer Information

• File metadata (name, size, type, hash)
• Recipient email addresses
• Transfer timestamps and expiry dates
• Access codes and security settings

Audit Information

• IP addresses (anonymized when possible)
• Access logs and timestamps
• User actions within the platform
• Geolocation data (approximate)

How We Protect Your Data

Encryption

• AES-256-GCM encryption for all files at rest
• TLS 1.3 for all data in transit
• End-to-end encryption available on SuperMax plan
• FIPS 140-2 validated cryptographic modules

Infrastructure Security

• SOC 2 Type II certified data centers
• Regular penetration testing
• Continuous vulnerability scanning
• 24/7 threat monitoring

Access Controls

• Multi-factor authentication (MFA)
• Role-based access control (RBAC)
• Least privilege principles
• Quarterly access reviews

Data Retention

Your Rights (GDPR & CCPA)

To exercise these rights, contact privacy@krypton.is

HIPAA Compliance

For healthcare customers handling protected health information (PHI):

• We offer a signed Business Associate Agreement (BAA)
• HIPAA mode includes enhanced audit logging
• Configurable retention periods for compliance
• Contact hipaa@krypton.is to enable HIPAA compliance

Contact Us