© 2026 José Carrillo
Terms & Conditions
Conditions of use for the Zefer platform
By using Zefer, you accept the following terms and conditions. Zefer is an open-source encryption tool that operates entirely in your browser. These terms govern your use of the service and establish the limits of our liability.
Service description
Zefer provides a client-side encryption tool, available as a web application and as the official CLI (zefer-cli), that allows users to encrypt text and files into .zefer format using AES-256-GCM. All cryptographic processing occurs in the user's browser or on their own machine. Zefer does not transmit, store, or process any user data on external servers, except for the client's public IP lookup when IP restriction is used.
The official CLI
zefer-cli is part of the same project and is governed by these same terms and the MIT license. It is distributed through the npm registry and as standalone binaries published on GitHub Releases. The .zefer files produced by the CLI and the web are fully compatible with each other. The user is responsible for verifying the SHA-256 checksums of downloaded binaries and for safeguarding their passphrases: without them, encrypted content is unrecoverable.
Security responsibility
Zefer uses military-grade cryptographic algorithms (AES-256-GCM, PBKDF2-SHA256) implemented through the browser's Web Crypto API. However, the security of your encrypted files depends directly on the strength of the passphrase you choose. Zefer is not responsible for loss of access to encrypted files due to forgotten passphrases, expired files, or incorrect security configurations. There is no recovery mechanism.
Limitation of liability
Zefer is provided 'as is' and 'as available', without warranties of any kind, express or implied. In no event shall the creators or contributors of Zefer be liable for any direct, indirect, incidental, special, or consequential damages arising out of the use or inability to use the service, including but not limited to loss of data, business interruption, or loss of profits.
Acceptable use
Zefer is designed for the secure exchange of legitimate sensitive information, such as passwords, API keys, configurations, and confidential documents. It is prohibited to use Zefer to encrypt, distribute, or store illegal content, malware, material that violates intellectual property rights, or any content that infringes applicable laws in your jurisdiction.
GDPR Compliance (European Union)
Zefer complies with the General Data Protection Regulation (GDPR) of the European Union. Since Zefer does not collect, process, or store personal data, no legal basis for data processing is required under Articles 6 and 7 of the GDPR. No cookies, trackers, or analytics are used. No international data transfers are made. In compliance with Articles 13 and 14 of the GDPR, we inform that the data controller is José Carrillo. No Data Protection Officer (DPO) is designated since no personal data is processed.
CCPA Compliance (California, USA)
Zefer complies with the California Consumer Privacy Act (CCPA). We do not sell, share, or disclose personal information of users. We do not collect categories of personal information as defined by the CCPA. California residents have the right to request information about data collection; since Zefer does not collect data, there is no information to disclose.
LGPD Compliance (Brazil)
Zefer complies with Brazil's General Data Protection Law (LGPD). No processing of personal data takes place. No sensitive data is collected as defined by Article 5 of the LGPD. Data subjects in Brazil may exercise their rights under Article 18 of the LGPD by contacting José Carrillo through the project page.
Law 1581 Compliance (Colombia)
Zefer complies with Statutory Law 1581 of 2012 of the Republic of Colombia and its Regulatory Decree 1377 of 2013, which govern the protection of personal data. Since Zefer does not collect, store, or process personal data at any time, no authorization from the data subject is required under Article 9 of Law 1581, nor registration with the Superintendence of Industry and Commerce (SIC). Zefer operates under the principle of data minimization contemplated in paragraph d) of Article 4 of said law. For inquiries, the data controller is José Carrillo, reachable through the project page.
Intellectual property
Zefer is an open-source project. The source code is available under the terms of its respective license. Users retain full ownership of their encrypted content. Zefer does not claim any rights over the data that users encrypt or decrypt through the platform.
MIT License
Zefer is open-source software distributed under the MIT License. Permission is hereby granted, free of charge, to any person obtaining a copy of this software, to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software, subject to the condition that the copyright notice and permission notice be included in all copies. The software is provided 'as is', without warranty of any kind. The full license text is available in the project repository.
Attribution and creator
Zefer was created and is maintained by José Carrillo, a senior fullstack developer and Tech Lead with over 10 years of experience. By using Zefer, you acknowledge that this project is a contribution to the open-source ecosystem under the terms of the MIT License.
Changes to terms
We reserve the right to modify these terms at any time. Changes will take effect immediately upon publication on this page. Continued use of Zefer after publication of the changes constitutes acceptance of the new terms. We recommend reviewing this page periodically.