Privacy Policy
Data minimization, Zero-Knowledge and GDPR compliance.
Legal Information & Controller
ITYLOS is an ephemeral secret transmission service allowing the temporary exchange of sensitive information via a secure ephemeral link.
Service Controller
Kachouri® (INPI registered trademark)
Mehdi Kachouri
France
Contact: Secure contact form
Legal Basis (GDPR)
The technical processing carried out by ITYLOS is strictly based on service execution requested by the user (Article 6.1.b of GDPR) and legitimate interest related to securing the infrastructure.
Privacy by Design & Architecture
Our service architecture is fundamentally different from traditional communication tools.
Design Principles
- Strict data minimization
- Client-side encryption (Zero-Knowledge)
- Automatic and physical deletion
- Cryptographic transparency
Transport, not storage
ITYLOS acts as a secure transmission vector, not as a permanent storage service. Capsules are designed to disappear after use.
Technical Security
The mechanisms used to ensure secure secret sharing are based on recognized and proven cryptographic standards:
- Encryption AES-256-GCM : Reference standard for authenticated symmetric encryption.
- Signatures Ed25519 : Elliptic curve used for tamper-proof destruction proofs.
- Web Crypto API : Local entropy generation executed natively by your browser engine.
Data processed
Capsule content is encrypted browser-side before transmission and is never accessible in plaintext by the ITYLOS infrastructure.
The following information is processed temporarily and solely to ensure cryptographic routing:
- Random technical identifier of the capsule.
- The encrypted data envelope (completely opaque).
- The technical timestamp (Creation, Expiration).
- The integrity hash (for the public registry).
Lifecycle, Conservation & IP
Capsule destruction
The cycle is immutable: Create → Encrypted storage → Read → Physical deletion.
Capsules are automatically deleted from our servers in two cases:
- Immediately after their first and only viewing.
- Upon the time expiration defined during their creation.
IP Address Management
IP addresses may be temporarily processed by network security systems (firewall or anti-DDoS), but are not recorded in application logs related to ITYLOS capsules.
Cookies & Traceurs
Digital hygiene is at the core of our philosophy. ITYLOS uses no advertising cookies nor cross-site tracking mechanisms (external Analytics).
Only local storage elements strictly necessary for the technical operation of the application (such as the encrypted history of your own capsules stored in your browser) are used.
Localisation & Droits GDPR
Data location
ITYLOS infrastructure is sovereignly hosted in Europe (Switzerland/EU). No data transfers to third-party services outside the European Union are made.
Your Rights
In accordance with the GDPR, you have the following rights regarding your personal data (although the service collects very little):
- Right of access.
- Right to rectification.
- Right to erasure.
- Right to restriction du traitement.
Any request regarding the exercise of these rights can be addressed to Contact : Secure contact form.
Audit & Transparence
Because declarative trust is a security flaw, the destruction and integrity mechanisms can be technically verified via:
- Le registre de transparence cryptographique (journal append-only).
- The downloadable cryptographic proofs for each destruction.