Privacy policy

Last updated: today.

What we store

Scriptia stores only encrypted blobs and the metadata needed to route them: your account email, your RSA public key, the list of members on each script, and ciphertext for titles and content.

What we don't store

• Your script's plaintext, ever.
• Your password (handled by Firebase Authentication).
• Your RSA private key (kept only in this browser's IndexedDB).

How sharing works

Each script has its own AES-GCM key. When you invite a collaborator, we wrap that AES key with their RSA-OAEP public key. Only their device can unwrap it.

Your rights

• You can delete your account at any time from the dashboard.
• You can regenerate your keypair from the Settings page.
• You can export your scripts as plain text, Markdown, HTML, or PDF.

Contact

Questions? Email hello@scriptia.live.