Key Master · Privacy

Privacy, briefly

Last updated: April 2026.

What we do not store

The secrets the Key Master catches. Ever. Not for a second, not for a minute. The Key Master is a highway, not a destination. Caught credentials pass through memory in milliseconds and are written to the vault you chose at setup — your Google Secret Manager, your own server over SSH, or a webhook you control. Our copy is destroyed the instant yours is written.

What we do store

Three small things, and only these:

1. Access tokens for your Slack workspace — so we can receive the channel events you enrolled and delete leaked messages when they appear. Stored encrypted at rest.

2. Your destination configuration — which vault you chose, the write-scoped credential that lets us route to it (e.g. a Google service account key with secretmanager.secretVersionAdder only, or an SSH private key locked to a write-only forced command). Never read-scoped. We can write; we cannot read back.

3. A metadata audit log — timestamp, the kind of thing we caught (e.g. "stripe_secret_live"), the Slack message ID, the vault path we wrote to. Never the secret itself.

Who can see the caught secrets

You, and only you. They live in the vault you chose, under your control. We cannot retrieve them — our destination credentials are write-only by design. If you lose access to your vault, we cannot help you get your secrets back, because we never had them.

What you pay

A transit fee per caught credential. Five cents per catch beyond a free monthly allowance. There is no subscription, no seat fee, no enterprise upsell. You pay the toll when the road is used.

Who to ask

Questions: [email protected]. Answered by a human.

How to remove

You can revoke the Key Master from your Slack at any time (admin → Manage apps → The Key Master → Remove). Once revoked, your Slack access tokens are dead. You can also revoke the destination credential on your own side — the Key Master will stop being able to write to your vault the moment you do. Either way, nothing you paste in Slack going forward will reach us. The audit log for work already done remains for your records until you ask us to delete it.