Share.env
FeaturesUse casesPricingCLI
Log inStart for free

Your team's secrets deserve better than Slack

Upload your first .env file and see what secret sharing looks like with real access control.

Product

  • CLI
  • API documentation
  • Service status

Legal

  • Privacy policy
  • Terms of service
  • Cookie policy
  • Security
Send an email

share.env

© 2026 share.env. All rights reserved.

Built for teams who take secrets seriously.

Legal

Privacy Policy

Last updated: July 8, 2026

This policy explains what personal data share.env collects, why, and what rights you have over it. It does not cover the contents of the .env files you store those are your data, encrypted at rest, and we only process them to provide the service you asked for.

1. Who is responsible for your data

share.env is operated by KPZsProductions. For anything in this policy, or to exercise any of the rights below, contact us at kpzsproductionscontact@gmail.com.

2. What we collect

We collect only what the product needs to function:

  • Account data: email address, and anything you choose to add to your profile (display name, bio, avatar).
  • Workspace data: workspace name, description, logo, membership roles, and invitations you send or receive.
  • The .env files and variables you upload encrypted at rest, scoped to your workspace, never analyzed or read by us outside an authorized support request you initiate.
  • Security data needed to protect your account: password hashes, TOTP and passkey credentials, and access logs for protected environments.
  • Basic technical data: IP address and timestamps for security-relevant actions (sign-in, share link creation, environment downloads), kept only as long as needed for abuse prevention.

3. Why we process it (legal basis)

  • Performance of a contract: creating your account, running your workspace, and delivering the file-sharing service you signed up for (GDPR Art. 6(1)(b)).
  • Legitimate interest: securing the service against abuse, debugging failures, and preventing unauthorized access (Art. 6(1)(f)).
  • Consent: optional product update emails and any analytics you explicitly opt into (Art. 6(1)(a)) you can withdraw this at any time from your profile settings.

4. Who else processes your data

We use a small number of infrastructure providers to run the service, each acting as our data processor under a data processing agreement:

  • Supabase database, authentication, and encrypted file storage.
  • Vercel application hosting and edge network.
  • A transactional email provider for invite emails and account notifications only.
  • We do not sell your data, and we do not share it with advertisers or data brokers.

5. International transfers

Our infrastructure providers may process data outside the European Economic Area (for example, in the United States). Where that happens, transfers are covered by Standard Contractual Clauses or an equivalent safeguard recognized under GDPR Chapter V.

6. How long we keep it

Account and workspace data is kept while your account is active. If you delete your account, your profile and any workspace you solely own are removed; environments are deleted with their storage objects. Security logs are kept for a limited period strictly for abuse investigation, then deleted.

7. Your rights

Under GDPR and similar laws, you have the right to:

  • Access the personal data we hold about you (see the data export tool on your profile page).
  • Correct inaccurate data, or delete your account and associated data.
  • Object to or restrict certain processing, and withdraw consent where processing is based on it.
  • Receive your data in a portable format, and lodge a complaint with your local data protection authority (in Poland, the UODO).

8. Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information as defined by the CCPA, so there is nothing to opt out of.

9. Security

Every table is protected by Row Level Security enforced at the database, not just the interface. File contents are encrypted at rest. Share links use high-entropy tokens, always expire, and can be revoked instantly. See our security page for details.

10. Children

share.env is not directed at children under 16, and we do not knowingly collect their data.

11. Changes to this policy

If we make a material change, we'll update the date at the top of this page and, where appropriate, notify account owners by email.

12. Contact

Questions about this policy or your data: kpzsproductionscontact@gmail.com.