The goal is that FlowCrypt will have access to as little information as necessary. The details are outlined below.
This document is the third draft and it is written in Plain English as opposed to Legal Language so that it can be readily understood. Please send me feedback if any section needs clarification or clearer language.
Regardless of the method of MESSAGE delivery, FlowCrypt is an end-to-end encryption software. That means the CONTENT of your MESSAGE is encrypted in LOCAL APP or PRIVATE WEB APP and then sent to the recipient encrypted. How the MESSAGE is handled by the recipient depends on their setup. The vast majority of compatible software will only decrypt your MESSAGEs on the recipient's LOCAL MACHINE. That means neither EMAIL PROVIDER or FLOWCRYPT can access the CONTENT of the MESSAGE in transit or at rest.
ACCESS TOKEN needed to access user's email is exclusively stored in LOCAL APP on user's LOCAL MACHINE, no exceptions. ACCESS TOKEN is used solely within LOCAL APP for user authentication, sending and receiving of MESSAGES and other related actions that make LOCAL APP work smoothly.
When you message a recipient who has COMPATIBLE SOFTWARE, the encrypted message is transferred from your EMAIL PROVIDER to recipient's EMAIL PROVIDER. This includes any attachments. How the encrypted data is transferred and stored and what happens to the MESSAGE is at the sole discretion of respective EMAIL PROVIDERs. EMAIL PROVIDER will see who you are messaging, how often, the email subject and related meta information just like they do when you send PLAIN TEXT email. The mechanics of sending encrypted email is the same as PLAIN TEXT email, except EMAIL PROVIDER is not able to see the CONTENT of these MESSAGEs.
When any of your recipients do not have COMPATIBLE SOFTWARE, LOCAL APP or PRIVATE WEB APP will require a MESSAGE PASSWORD to be provided by sender. Anyone who has access to the MESSAGE PASSWORD can open such MESSAGE. The encrypted MESSAGE is then sent through EMAIL PROVIDERs the same way as above. In addition, encrypted MESSAGE will be stored on FLOWCRYPT SERVER. This helps recipients without COMPATIBLE SOFTWARE to open such messages and view their CONTENT through the use of PRIVATE WEB APP. When the recipient doesn't have COMPATIBLE SOFTWARE and the encrypted MESSAGE is relayed through FLOWCRYPT SERVER, following information is stored along with it: (a) date and time MESSAGE was sent, (b) size of MESSAGE, (c) the encrypted MESSAGE, (d) message expiration time, (e): indication if this is a MESSAGE text or attachment, (f) sender of MESSAGE only if this is an attachment and this particular MESSAGE never expires. MESSAGE that is not an attachment or is set to expire at a future date will not have any sender associated with it on FLOWCRYPT SERVER. Because MESSAGE PASSWORD can be subject to a BRUTE FORCE ATTACK, it is advisable to use a MESSAGE PASSWORD of sufficient strength for your particular use case.
FLOWCRYPT will never have access to user PRIVATE KEYs, MESSAGE PASSWORDs or PASS PHRASEs. LOCAL APP is intended to never send such information to FLOWCRYPT SERVER or ATTESTER.
LOCAL APP, PRIVATE WEB APP or any other FLOWCRYPT software will not distribute PASS PHRASEs or MESSAGE PASSWORDs in any way. Safe storage, backup and distribution of this material is left solely on the user.
If any user intentionally or unintentionally sends a PRIVATE KEY, MESSAGE PASSWORD or PASS PHRASE to FLOWCRYPT (please do not do that!), FLOWCRYPT will delete such information immediately upon noticing it, unless the user explicitly indicated that this material is solely for testing purposes. In either case, users should consider such keys not trusted and compromised, and should avoid using them in production scenarios.
LOCAL APP will store PRIVATE KEYs in storage accessible only to LOCAL MACHINE such as browser storage, application storage, hard drive or similar, and the security of these PRIVATE KEYs depend on the security of the underlying LOCAL MACHINE that keeps them. For this reason, it is advised to always update to latest operating system, keep up to date with latest security fixes, keep the system virus free using reliable antivirus software, using full-disk encryption or any other practices that make LOCAL MACHINE less vulnerable to attackers. Additionally, FLOWCRYPT recommends that you select an option to "Always require a pass phrase when opening email" as an additional layer of security in case your LOCAL MACHINE gets compromised in the future through physical or other means.
In addition to storing PRIVATE KEY in LOCAL APP exclusive to LOCAL MACHINE, depending on how was LOCAL APP set up, following will apply:
We will not sell or otherwise abuse your personal information.
To be able to fulfill our services, we may need to share user's email address and name with a 3rd party, such as a payment processor for premium accounts.
This may not be necessary for payments made in Bitcoin or Ethereum.
Public key contains YOUR email address, name and information about how to encrypt messages for you. Distribution of so-called public keys is necessary to make end-to-end encryption work. When others encrypt messages to you, your LOCAL APP will retrieve relevant PUBLIC KEY from ATTESTER based on your email address.
While ATTESTER does allow searching of PUBLIC KEYS based on email addresses, it does not allow listing or bulk export of public keys. This way our PUBLIC KEY database cannot be harvested for spam, unlike other keyservers.
Requesting ATTESTER PUBLIC KEY takedown:
We, as well as all of our suppliers, are complying with GDPR regulations for all users globally.
You can utilize our software to meet your own GDPR compliance goals, as end-to-end encryption helps guard your sensitive data, and helps reduce exposure in case of a data breach.
This document is factually correct but incomplete. Additional information concerning following topics will be added soon: