Your data is fully erased within 30 days of deleting a vault
When you destroy a vault, its secrets and full version history, machines, projects, integrations, and active sessions are deleted from production right away. Everything else tied to the vault, including its audit trail and your account record, is then erased within 30 days, by which point the encrypted backups that held it have also expired. A deleted vault is gone from both production and backups within that window. Our privacy policy sets out exactly what is removed and when.
Tighter platform security
- Stronger browser content-security policies across the dashboard, docs, marketing site, and SikkerLink, so more classes of injected content are blocked outright.
- Added rate limiting to SAML single sign-on, protecting the sign-in flow against abuse.
- Brought our web stack up to its latest security release.
SikkerLink
- Links, passphrases, and revealed secrets you copy now clear from your clipboard automatically after 30 seconds, so a one-time secret does not linger on a shared or unattended machine.
- Fixed a case where a malformed link could leave the reveal page blank instead of prompting for the passphrase.