Last updated: April 2026
Privacy Policy
This Privacy Policy explains how Literal collects, uses, and protects your information. Literal is built on a zero-knowledge architecture — meaning we are technically unable to access the contents of your documents. This policy explains what we do collect and why.
1. Information We Collect
1.1 Account Information
Literal does not store your email address. Authentication is handled through an advanced encrypted login process — your credentials are cryptographically protected and never stored in readable form on our servers. We collect only the minimum account information necessary to operate your account securely.
1.2 Usage Information
We collect metadata about how you interact with Literal — such as access timestamps, feature usage, and session information. We do not collect the content of any documents, identity records, or files stored in your vault. All document data is end-to-end encrypted and inaccessible to Literal.
2. How We Use Your Information
We use the information we collect to operate and improve Literal, authenticate your account, provide customer support, send service-related communications, and comply with legal obligations. We do not use your information for advertising, and we do not sell it to third parties.
3. Zero-Knowledge Architecture
Literal is designed so that your documents are encrypted before they leave your device. Our servers store ciphertext only — encrypted data without the keys required to read it. This means Literal cannot access, read, or share the contents of your vault, even in response to a legal request. The decryption keys exist only on your device.
4. Data Sharing
We do not sell, rent, or trade your personal information. We may share limited account information with trusted service providers who help us operate Literal — such as infrastructure providers — under strict confidentiality agreements. We may disclose account-level information (not vault contents) if required by law, but we are architecturally unable to produce document contents.
5. Data Retention and Deletion
You may export and delete your vault at any time from your account settings. When you delete your account, all encrypted data is permanently removed from our servers within 30 days. Because we store only ciphertext, deletion is complete by design — we have no recoverable plaintext copy of your data.
6. Security
Literal uses zero-knowledge encryption, hardware-isolated processing enclaves, and post-quantum cryptographic standards to protect your data. We conduct regular security reviews. While no system is completely immune to attack, a breach of Literal's servers would yield only encrypted ciphertext — nothing readable without keys that we do not hold.
7. Your Rights
Depending on your location, you may have rights under GDPR, CCPA, or other applicable privacy laws — including the right to access, correct, or delete your personal information. To exercise any of these rights, contact us at the address below. Because vault contents are encrypted and inaccessible to us, requests related to document contents must be fulfilled by you directly through your account.
8. AI Features
Literal's AI features are opt-in and governed by a separate AI Policy. When you use AI features, document content you submit is processed by Anthropic (Claude). Literal does not share vault contents with any AI provider unless you explicitly enable AI and initiate a query. Review our full AI Policy at literal.so/ai-policy.