Privacy Policy

Last updated: February 20, 2026

Our Commitment to Privacy

Fortilis is built with a zero-knowledge architecture. This means your secrets are encrypted on your device before they ever leave it, and we cannot access your encrypted data. Your privacy isn't just a feature—it's the foundation of our product.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • First name and last name
  • Email address
  • Password (stored as a secure hash—we never store your actual password)
  • Organization/team name (if applicable)
  • Subscription status and plan type

1.2 What We Do NOT Collect

Due to our zero-knowledge design:

  • We cannot access your secrets or encrypted data
  • We do not store your vault password (only you know it)
  • We cannot decrypt your data even if legally compelled
  • Your sync database credentials are stored locally on your device
  • We do not collect analytics, telemetry, or usage tracking data

1.3 Technical Data

We may collect limited technical information:

  • IP address (for security and abuse prevention)
  • Device type and operating system (for compatibility)
  • Error logs (to improve the application)
  • Auto-updater: App version, operating system, and CPU architecture (sent to gdkdigital.com when checking for updates)
  • External share access logs: IP address, browser fingerprint, user agent, and timestamps of share link access (see Section 3.4)

No analytics. No telemetry. No usage tracking. Fortilis does not use Google Analytics, Mixpanel, Segment, or any other analytics service. We do not track which features you use, how often you open the app, or any behavioral data.

1.4 Breach Detection Data

When you use the password breach detection feature, Fortilis uses the Have I Been Pwned k-anonymity protocol:

  • Your password is hashed locally using SHA-1
  • Only the first 5 characters of the hash are sent to the HIBP API
  • Your full password or full hash is never transmitted
  • The HIBP API returns a list of matching hash suffixes, and comparison happens locally on your device
  • Results are cached locally for 24 hours to minimize API calls

This approach makes it mathematically impossible for the HIBP service to determine which password you are checking. Learn more at haveibeenpwned.com.

2. How We Use Your Information

We use your information solely to:

  • Provide and maintain the Fortilis service
  • Send you important account notifications (email verification, password resets)
  • Send product updates and announcements (if you opted in)
  • Respond to your support requests
  • Prevent fraud and abuse
  • Process payments and manage subscriptions

3. Data Storage & Security

3.1 Your Secrets

All secrets are encrypted locally on your device using AES-256-GCM encryption before being stored or synced. The encryption key is derived from your vault password using Argon2id, an industry-leading key derivation function. We never have access to your unencrypted data.

3.2 Bring Your Own Database (BYOD)

Fortilis uses a BYOD model for sync. This means:

  • You provide your own database (PostgreSQL, MySQL, Google Sheets, S3, etc.)
  • Your encrypted data is stored in YOUR database, not ours
  • We never have access to your sync database credentials
  • You maintain full control over your data storage

3.3 Account Data

Account information (name, email, subscription status) is stored securely on our servers with industry-standard encryption and access controls.

3.4 External Shares

When you create an external share (a link that anyone can view):

  • Encrypted content is stored on GDK servers (we cannot decrypt it)
  • The encryption key is placed in the URL fragment (the part after #), which is never sent to the server by design of the HTTP protocol
  • Metadata is stored in our database: creator ID, recipient info, view count, view limit, expiration date, creation timestamp, and DRM settings
  • Access logs are recorded: IP address, browser fingerprint, user agent, and access timestamps
  • Decryption occurs entirely in the recipient's browser (client-side)

3.5 Browser Extension

The browser extension stores data differently based on mode:

  • Standalone Mode: All data stored locally in the browser's IndexedDB, encrypted with AES-256-GCM. No data leaves your browser.
  • Native Mode: Communicates with the desktop app via localhost native messaging. No data sent to external servers.
  • Cloud Mode: Encrypted data syncs to a backend you configure (BYOD). You control the storage location.

The browser extension does not send analytics, telemetry, or any data to GDK servers in any mode.

3.6 Backup Files

Fortilis backup files (.fortilis-backup) are encrypted with AES-256-GCM using your vault key. These files are stored wherever you choose (local disk, USB drive, cloud storage). We have no access to your backup files or their contents.

4. Third-Party Services

We use or integrate with the following third-party services:

  • Amazon Web Services (AWS) — For sending transactional emails via SES
  • Stripe — For payment processing (we never see your full card number)
  • Have I Been Pwned — For password breach detection (k-anonymity, SHA-1 prefix only; see Section 1.4)
  • Tauri Updater — App update checks via gdkdigital.com (version, OS, architecture only)
  • User-configured SMTP — Team invitation emails are sent via your own mail server

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Retention

  • Account data is retained while your account is active
  • Upon account deletion, your account information will be removed within 30 days
  • Your encrypted secrets (in your own database) are your responsibility to manage
  • External share data is deleted when the share is revoked or expires
  • External share access logs are retained for up to 90 days
  • Security logs may be retained for up to 90 days for abuse prevention

6. Your Privacy Rights

6.1 General Rights

All users have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Opt out of marketing communications

6.2 GDPR Rights (European Economic Area)

If you are in the EEA, you have additional rights under the General Data Protection Regulation:

  • Right of access (Art. 15) — Obtain a copy of all personal data we hold about you
  • Right to rectification (Art. 16) — Correct inaccurate personal data
  • Right to erasure (Art. 17) — Request deletion of your personal data
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format
  • Right to restriction (Art. 18) — Request restricted processing of your data
  • Right to object (Art. 21) — Object to processing based on legitimate interests

Data Controller: GDK Digital LLC, P.O. Box 85, Benton Harbor, MI 49023, United States
Legal Basis for Processing: Contract performance (providing the service you subscribed to) and legitimate interest (security, fraud prevention)
Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects

6.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know — What personal information we collect, use, and disclose
  • Right to delete — Request deletion of your personal information
  • Right to opt-out — We do not sell personal information, so this right is automatically satisfied
  • Right to non-discrimination — We will not treat you differently for exercising your rights

To exercise any of these rights, contact us at support@gdkdigital.com. We will respond within 30 days (or within the timeframe required by applicable law).

7. Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of discovering the breach
  • Notification will be sent via email and, where possible, in-app notice
  • We will describe the nature of the breach, the data affected, and steps we are taking
  • Where required by law (e.g., GDPR Art. 33), we will also notify the relevant supervisory authority

Zero-knowledge protection: Because of our zero-knowledge architecture, a breach of GDK servers cannot expose your vault contents. Your secrets are encrypted with keys derived from your master password, which we never store or transmit. An attacker who compromises our servers would only obtain encrypted blobs that are computationally infeasible to decrypt.

8. International Data Transfers

Your data may be processed in the following locations:

  • United States — GDK Digital servers and infrastructure
  • United Kingdom / European Union — Have I Been Pwned API servers (SHA-1 prefix only; see Section 1.4)
  • Your chosen location — BYOD sync backends and backup storage are located wherever you configure them

For EEA users: transfers to the US are conducted under Standard Contractual Clauses or other lawful mechanisms as required by GDPR Chapter V. Your encrypted vault data never leaves your control under the BYOD model.

9. Children's Privacy

Fortilis is a general-purpose tool with no age restrictions. However, we do not knowingly collect personal information from children under 13 without parental consent. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Fortilis after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

GDK Digital LLC

P.O. Box 85, Benton Harbor, MI 49023

Phone: 1-877-435-3424

Email: support@gdkdigital.com