Privacy Policy

Posted and effective as of February 6, 2018


Please read this privacy policy carefully. It applies to all interactions you have with the web site including all web services and application programming interfaces (APIs).

The Information We Collect

Account Information.
When you register for an Undercover Pics account, we ask you to choose a name, email address, and password. Your email address is your username. If you select a Undercover Pics plan that requires payment, we’ll also ask you for billing information.

Information About Your Use of Undercover Pics.
We receive some information automatically when you use the Undercover Pics service. This includes data about your device, software, and the operating system you use when accessing our service, your Internet Protocol address and the date and time of each request you make to Undercover Pics. We also aggregate statastics about the features you use through the service including encrypting, decoding, and sharing files.

How We Use Your Information

We use your personal information to keep Undercover Pics running, understand how you use our service, customize your experience, prevent abuse, provide customer support, sell and market our products, and improve Undercover Pics. We also use this information to restrict certain application features based on your current free or paid service plan. We use your information internally only as necessary to accomplish these goals.

How We Disclose Your Information

We share your personally identifiable information only in the limited circumstances below. Undercover Pics never sells your information or shares it with third-party advertisers.

With your permission.
We may share your information with your consent, after letting you know what information will be shared and with whom.

In response to the law.
We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order (e.g., an order under 18 U.S.C. § 2705(b)). We may disclose your information without giving you prior notice if we believe it’s necessary to prevent imminent and serious bodily harm to a person. Nothing in this policy is intended to limit any legal objections or defenses you might have to demands to compel disclosure of your information, including demands from the government.

With third parties helping us provide Undercover Pics.
We may share your information with third-party services helping us provide our products and services. Those third parties access and use the information we share with them only on our behalf. They include Stripe, ZenDesk, Mailgun, and Base CRM. Please note that this Privacy Policy explains Undercover Pics' practices only, and doesn’t cover the practices of other services. Take a look at those companies’ privacy policies to learn more about their data practices.

With other users.
When you share files with others through Undercover Pics, your email address, username, profile picture, first and last name, and cover photo may be visible to other people.

Aggregate information.
We may disclose aggregate, non-identifying information about how our users use Undercover Pics products and services.

Sale or merger.
If all or part of Undercover Pics is sold, merged, or otherwise transferred to another company in the future, your information may be transferred as part of that transaction. If that happens, Undercover Pics will take reasonable steps to make sure your information continues to be treated consistently with this privacy policy.

Web Tracking Policy

Our very first priority is our customer's privacy. We don’t allow third-party tracking on our service, including Google Analytics which tracks web browsing history. We may track web traffic internally only and do not share this information with third-parties.

We use cookies to enable our servers to recognize your web browser and tell us how and when you use the Undercover Pics websites. We use cookies to identify whether you have logged in and recognize that your web browser has accessed our servers before, and we may associate that information with your account. Most browsers have an option for disabling cookies, but if you disable them you may not be able to log into your Undercover Pics account.

Account Termination

If you're on a paid plan, you can cancel your plan at any time by signing into your account and canceling it online. This means your user account will be moved automatically to a free plan on our service. If you wish to have your account deleted entirely, including all of your account data, you may send a request to delete your account data to and our support team will terminate and remove your account from our systems.

Data Security

The Undercover Pics service is designed to have many layers of security.

  • We encrypt the secret image files that you upload to Undercover Pics servers using either AES-128 or AES-256 encryption algorithms depending on your plan. You control your passwords, and Undercover Pics does not have access to them. By design, we do not encrypt the cover image files that you upload to Undercover Pics.
  • We use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to create a secure tunnel to protect all data in transit between your web browser on your device to Undercover Pics' web sites and servers.
  • We do not store the unprotected secret images that you upload to Undercover Pics anywhere on our servers. However, we do store the protected version of the Undercover Pic for a maximum of 24 hours after the Undercover Pic was generated and only for the purposes of encrypting, decrypting, and sharing files with your friends through the use of the "Quick Decode" feature. For the very small and limited timeframe that your files remain on the server, they are protected behind our firewall and secure infrastructure. Undercover Pics employees do not have access to your secret images nor do they have a way of decoding your Undercover Pics.
  • We do not store any passwords in plain text. We hash and salt your passwords using the Bcrypt hash algorithm to protect against possible compromise. We only store the hashed and salted version of your passwords which cannot be reverse engineered to reveal your original plain text passwords.
  • We only store the Bcrypt hashed version of your account password on our servers. We do not have access to your real plain text account password.
  • We do not store the plain text version of any password that you choose to create and encrypt files through the service. We store the Bcrypt hashed version of your file password inside each encrypted file that you generate through the service. This enables you to securely store your encrypted files on any device, while decoupling your files from the Undercover Pics service, with the technical ability to decrypt the files at a later date and time through the Undercover Pics web site.
  • We limit the number of Undercover Pics employees who have access to user data through policy and technical access controls.
  • No transmission over the internet is completely secure, so we can’t absolutely guarantee that unauthorized parties won’t be able to defeat our security measures. You use Undercover Pics at your own risk, and are responsible for taking reasonable measures to secure your account (such as choosing strong, unique passwords and keeping them secret) and secure all devices and systems where you choose to store files that were generated with the Undercover Pics service.

We are always on the lookout for vulnerabilities in Undercover Pics. If you discover a vulnerability in our service, we would be grateful for your report and encourage you to let us know immediately. If you give us reasonable time to respond to your report before making any information public, and make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not pursue any legal action against you or ask law enforcement to investigate your actions.

To report a security vulnerability, please email

Changes to This Policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at If we make changes that we believe will substantially alter your rights, we will post the revisions 7 days before they take effect so you can review them.


We would love to hear from you. Undercover Pics welcomes questions, concerns, and feedback about this policy. If you have suggestions for us, let us know at