Privacy Policy
Last updated July 8, 2026
Privacy claims tend to inflate. Ours match how ColdStorage is actually built — what it does, and what it doesn't.
What we collect
- Account: the email address you sign up with, managed through Amazon Cognito.
- Subscription: your plan and billing status, handled by Paddle.com (our Merchant of Record). Your card details go to Paddle, never to us.
- Your files: stored as encrypted data we cannot read. They're scrambled on your Mac before upload, so what sits in storage is content nobody but you can open.
What we never do
- We never scan your files.
- We never train AI on your data.
- We never run ads or sell your data.
Human access and your encryption key
Today we hold your encryption key in escrow so recovery works when you need it. Any human access is audit-logged and only ever happens with your say-so. We're working toward holding the key on your device alone.
Who processes your data
We use a small set of providers to run the service: Amazon Web Services (encrypted storage and account identity) and Paddle.com (payments and tax). They process data only to provide these functions.
Keeping and deleting your data
You can export everything, at any time. If your subscription lapses, your archive goes read-only and is kept through a grace period with reminders before anything is removed — we never delete over a single lapsed card. If we ever wind the service down, you get at least six months' notice to take your archive elsewhere first.
Your rights and contact
You can ask what we hold about you, correct it, or have it deleted. Reach us at support@m.coldstorage.sh. If we make a material change to this policy, we'll give reasonable notice.