Chamber v1.0 is here! 🎉 Discover a new way of privacy
About
Privacy Policy

Privacy Policy

Last updated: 2025-10-08

1. Introduction

This Privacy Policy explains how Chamber (“Software”) handles information for you (“User”) in context of handling data stored on User’s computer inside the file that it creates (“Vault”, “Vault file” or “Chamberfile”) as well as data sent to the Backend Server (“Backend”) belonging to the creator (“Author” or “Author(s)”). We respect your privacy and are committed to transparency. By using the Software, you acknowledge to have read, understood and agreed with the points laid here.

Till such a time that the Author(s) provide a way to notify you of changes to this policy, it is your responsibility to visit this page to reintroduce yourself with the policy at any given point of time.

2. Data We Do Not Collect

  • We do not collect or transmit your vault contents, file names, or any other personal files stored on User’s computer.
  • Vault ID, any settings and encryption keys used to operate on the data stored in the Vault (including vault IDs) are stored inside your vault file, not on our Backend.

3. Data We Collect

  • Telemetry: Basic usage statistics is sent periodically. It may also include resource consumption metrics, and error reports. The pieces of data that we collect are limited to: the Vault Public ID (described below), the operating system on which the Software is running, the CPU architecture of the machine on which the Software is running, the edition and the version of Software. The IP address from which the telemetry data is sent is detected, recorded and stored on the server automatically.

What is “Vault ID”: Every Chamberfile (the Vault) receives a unique identifier, called the “Vault ID” which is mixed with the password supplied by the user to generate the encryption key which is then used to encrypt the data contained in the vault (this is done to avoid the shared key reuse scenario).

What is “Vault Public ID”: Since the Vault ID is part of the security mechanism, we are committed to never transfer it over to our Backend. However we do want to know the number of unique vaults that Chamber is managing for all its users globally. For this purpose, we pass the Vault ID through a one-way hashing function (SHA256 as of this writing) to derive another unique ID which we called the “Vault Public ID”. It is practically impossible to derive the Vault ID from its Public ID in its current form. We use this Vault Public ID to uniquely identify the vault for telemetry purposes without sending over anything related to the vault.

4. How We Use Data

  • To monitor and improve performance and reliability.
  • To monitor usage and distribution and patterns of usage to understand required focus areas.
  • To display ads or informational content.

5. Data storage and security

Chamber creates the vault file (which we call “Chamberfile”) locally on the user’s computer. The file content (data content) that is uploaded into Chamberfile via Chamber is encrypted before storing it on disk. Some pieces of data such as the password hint, the file names, the Vault ID and some settings are not in the encrypted format. This is done to provide the services offered by the Software.

The encryption algorithm used to encrypt (or decrypt) the data is AES-256. The key is derived using both the user-supplied password as well as the Vault ID (described above). The algorithm to derive the encryption key from the user-supplied password and the Vault ID is Argon2id. The key itself is derived mid-way in a multi-step hashing mechanism.

The Software does not try to upload, duplicate or transmit in any form any of the file content, its names, hashes or any other metadata to any other person or computer by any means without explicit user permission. However it is still possible for the user to store or transmit the Chamberfile to another computer of his/her choice (including but not limited to any online backup solutions, network attached storage devices, external storage devices etc.) by any means the user desires. The Author(s) disclaim the responsibility of any consequences arising from such a transfer to another computer. Furthermore, the Author(s) may not be held responsible for any data theft arising due to a cybersecurity attack on the machine where the Software runs, or the Vault file is stored.

We do not sell or share any of the data we collect with any third parties. Ads and content delivery are not based on vault contents. Furthermore, the telemetry data is never shared with anyone for any purposes whatsoever.

6. Limitation of Liability

Author(s) disclaim the responsibility arising from any unlawful usage of the Software. It is completely the user’s responsibility to ensure lawful usage of the Software.

The Author(s) make no representation that the use of this software complies with encryption or export laws in all jurisdictions. Users are responsible for determining whether local laws permit the use, distribution, or export of encryption software. To the fullest extent permitted by law, the Author(s), maintainers, and contributors shall not be liable for any damages, losses, or claims arising from the use or misuse of this software, including any indirect, incidental, or consequential damages, even if advised of the possibility of such damages. The Software may be subject to encryption export control laws and regulations. You agree to comply with all applicable export laws and not to export, re-export, or use the software in violation of such laws or any applicable government restrictions.

The User is solely responsible for ensuring that the use of the Software complies with all applicable local, national, and international laws governing encryption, data storage, and information security. The Author(s), maintainers, and contributors of the Software assume no responsibility or liability for any misuse of the software or for any data encrypted or managed with it.

Last updated on
Terms of Use