Secure Vault

Privacy Policy

Last updated: February 8, 2026

Overview

Secure Vault ("App") is designed with a privacy-first architecture. We do not collect, store, or transmit any of your personal data, photos, videos, or usage information. This Privacy Policy explains our data practices in detail.

1. Data We Do NOT Collect

We want to be explicit about what we do not collect:

  • Photos and videos — Your media is encrypted locally on your device. We never see, access, or transmit your media files.
  • PIN and encryption keys — Your PIN and encryption keys are generated and stored only on your device in the iOS Keychain. We have no access to them.
  • Personal information — No name, email, phone number, or any personally identifiable information is collected. No account creation is required.
  • Usage analytics — We do not use any analytics SDKs or tracking tools. We do not know how you use the App.
  • Location data — We do not access or collect your location.
  • Contact information — We do not access your contacts, calendar, or any other personal data.

2. Data Stored on Your Device

The following data is stored exclusively on your device and is never transmitted:

  • Encrypted media — Photos and videos encrypted with AES-256-GCM, stored in the App's sandboxed directory.
  • Encrypted metadata index — An encrypted JSON file containing your album names, file references, and timestamps.
  • PIN hash — A cryptographic hash of your PIN stored in the iOS Keychain.
  • Encryption salt — A random salt used for key derivation, stored in the iOS Keychain.
  • App preferences — Non-sensitive settings (e.g., Face ID enabled, blur toggle) stored locally using MMKV.
  • Subscription status — A cached flag indicating whether you are on the free or premium plan.

3. Encryption

Secure Vault uses AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) to encrypt all stored media. Encryption keys are derived from your PIN using PBKDF2-SHA256 with 120,000 iterations and a random 32-byte salt.

All encryption and decryption happens entirely on your device using Apple's CryptoKit framework. No encryption keys or decrypted data are ever transmitted off your device.

4. Device Permissions

The App may request the following device permissions:

  • Photo Library Access — To import photos and videos into the encrypted vault. Access is requested only when you choose to import.
  • Camera Access — To capture photos directly into the vault. Photos taken with the in-app camera are never saved to your Camera Roll.
  • Face ID / Touch ID — For optional biometric authentication. Biometric data is managed entirely by iOS and is never accessible to the App.

All permissions are optional and requested only when the corresponding feature is used. You can revoke permissions at any time through iOS Settings.

5. Third-Party Services

The App uses the following third-party services:

  • RevenueCat — For managing in-app subscriptions. RevenueCat processes subscription transactions through Apple's App Store. RevenueCat may receive an anonymous app user ID and subscription status. No personal information, media, or vault contents are shared with RevenueCat. For more details, see RevenueCat's Privacy Policy.
  • Apple App Store — For processing subscription payments. Apple's own privacy practices apply to payment processing. See Apple's Privacy Policy.

6. Data Deletion

Since all data is stored locally on your device, you have full control over it:

  • Delete individual items from within the App at any time.
  • Use the "Reset All Data" option in Settings to erase all vault contents, encryption keys, and preferences.
  • Uninstall the App to remove all associated data from your device.

No residual data remains on any server after deletion, because no data was ever uploaded.

7. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect any information from children. Since the App collects no personal data from any user, this concern is mitigated by design.

8. Data Security

We take the security of your data seriously. The App employs the following security measures:

  • AES-256-GCM authenticated encryption for all stored media
  • PBKDF2-SHA256 key derivation with 120,000 iterations
  • iOS Keychain for secure credential storage
  • Automatic vault locking when the App is backgrounded
  • Encryption key cleared from memory on app lock
  • No unencrypted media ever written to disk
  • Temporary decrypted files (for video playback) are deleted immediately after use

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us at support@evtsoy.com.