Privacy Policy

Last Updated: January 17, 2026

The Simplest Privacy Policy Possible

We don't collect your data.
We can't access your data.
We don't want your data.

Your secrets stay on your device, encrypted, forever.

Privacy is a human right.

Zero Data Collection

OK Vault does not collect, transmit, or share any user data. Period.

What We DON'T Do

❌ No analytics or usage tracking

❌ No behavioral tracking or profiling

❌ No telemetry or diagnostics collection

❌ No crash reporting or error logging

❌ No network requests of any kind

❌ No cloud sync or backup

❌ No third-party SDKs or libraries

❌ No advertisements or marketing pixels

❌ No user profiling or fingerprinting

What We DO

✅ Store all data locally on your device

✅ Encrypt everything with AES-256-GCM

✅ Use your device's Secure Enclave for biometrics

✅ Keep your master password in memory only

✅ Protect against screenshots and screen recording

✅ Give you complete control over your data

Your Data

Storage

All data remains on your device, encrypted with military-grade AES-256-GCM encryption. We cannot access your vault because it never leaves your device. There are no remote servers, no cloud backups, and no external storage of any kind.

Master Password

Your master password is used to derive encryption keys using PBKDF2-HMAC-SHA256 with 100,000 iterations. We never store your master password anywhere—not on disk, not in memory after use, not anywhere. If you forget it, your data cannot be recovered. This is by design.

Backups

When you export your vault, an encrypted .vault file is created. This file is protected by a password you choose. You are responsible for storing and protecting this backup file. The backup file never leaves your device unless you explicitly share it.

Biometric Data

Face ID and Touch ID authentication is handled entirely by Apple's LocalAuthentication framework. Biometric data never leaves the Secure Enclave on your device. OK Vault only receives a success/failure response, never the actual biometric data. We have no access to your fingerprints or facial data.

Permissions

Face ID / Touch ID Optional biometric unlock

Purpose Convenient vault access

Data Access Success/failure only

Biometric Storage Secure Enclave (never leaves device)

File Access (Import/Export) Optional backup functionality

Purpose Encrypted vault backup and restore

Data Format AES-256-GCM encrypted .vault files

Storage Location Your device's Documents folder

Device Storage Required for app functionality

Purpose Storing encrypted vault database

Encryption AES-256-GCM per-entry

Network Access None (100% offline)

Third-Party Services

None.

OK Vault does not use any third-party services, SDKs, analytics platforms, crash reporting tools, or external dependencies beyond Apple's standard frameworks (CryptoKit, LocalAuthentication, SwiftUI).

Data Retention

Your data is retained on your device until you:

• Delete individual entries within the app

• Wipe all data from Settings > Danger Zone

• Trigger the auto-wipe after 10 failed unlock attempts (if enabled)

• Delete the app from your device

There are no remote servers storing copies of your data. When data is deleted, it's gone forever.

Security Measures

Encryption

Algorithm AES-256-GCM

Key Derivation PBKDF2-HMAC-SHA256

Iterations 100,000

Salt Unique per vault, cryptographically random

Implementation Apple CryptoKit framework

Authentication

🔐 Master Password: Required, never stored

👤 Biometric: Optional Face ID / Touch ID via Secure Enclave

⏱️ Auto-Lock: Configurable (immediate, 1 minute, 5 minutes)

Protection

📸 Screenshot Prevention: OS-level blocking

🎥 Screen Recording Prevention: OS-level blocking

🧠 Memory Security: Sensitive data cleared when locked

💥 Failed Attempts: Optional auto-wipe after 10 failed unlocks

Your Rights

Since we don't collect any data about you, traditional data rights work differently:

Right to Access All data on your device, accessible anytime

Right to Deletion Delete app to remove all data

Right to Portability Export encrypted vault at any time

Right to Rectification Edit any entry directly in app

Right to Object Not applicable (we don't process your data)

Children's Privacy

OK Vault does not knowingly collect data from anyone, including children under 13. The app is rated 4+ and is safe for all ages. Since we collect no data at all, COPPA and similar children's privacy laws are satisfied by design.

International Users

OK Vault works the same way for users worldwide. No data leaves your device regardless of your location. We comply with GDPR, CCPA, and other privacy regulations by simply not collecting any data.

🇪🇺 GDPR Compliant: Zero data processing

🇺🇸 CCPA Compliant: No personal information sale

🌍 Universal Privacy: Same protection globally

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted here with an updated "Last Updated" date. Since we don't have your contact information (because we don't collect it), we can't notify you of changes—please check back periodically.

However, our core principle will never change: we will never collect your data.

Open Source Commitment

OK Vault is committed to transparency. Our code is auditable and we welcome security researchers to review our implementation. Don't trust us—verify our claims yourself.

Questions About Privacy?

If you have questions about this privacy policy or OK Vault's privacy practices:

Email: vault@ok.gold

Please note: We cannot help you recover forgotten master passwords or access your vault if you lose your device, as we have no way to access your encrypted data.

Summary

In an age of mass surveillance, encryption is resistance.

OK Vault is not just an app—it's a statement.
Your secrets are yours. Your privacy is non-negotiable.
Your vault is impenetrable.

Privacy is a human right.