🔒 Privacy Policy

VaultKeep Privacy Policy

Your documents stay on your device. Always.

Effective date: June 1, 2025  ·  Last updated: June 1, 2025

The short version

🔐
Encrypted on-device AES-256. Only your device holds the key.
📵
No account needed No email, password, or phone number.
📊
Anonymous analytics only Feature usage counters — no document data.
🚫
Zero document data to servers We never receive, store, or transmit your documents.

1. Who We Are

VaultKeep is a personal document vault application that stores, encrypts, and organizes your family's important documents entirely on your device. It is developed and maintained by the VaultKeep team ("we", "our", or "us").

This Privacy Policy explains what information we collect when you use VaultKeep, why we collect it, and how we handle it. By installing or using VaultKeep you agree to this policy.

2. What Data We Collect

Data type Collected? Where it goes
Your documents, photos & images Never sent off-device Stays encrypted on your device only
Document names, dates, notes Never sent off-device Stays encrypted on your device only
Biometric / PIN credentials Never sent off-device Handled by the OS Keychain / Keystore
App feature usage (e.g. "document added") Anonymous only Firebase Analytics — no PII, no document content
Name, email, or any personal identifier Not collected
Location Not collected
Contacts, microphone, camera roll Not accessed Camera & photo library used only when you pick an image
What "anonymous analytics" means: We receive aggregate counters such as "X users added a document today." We never receive which document, what it contains, or any information that could identify you. The analytics SDK assigns a random device identifier that is not linked to your name, email, or any other personal data.

3. How We Use the Data We Collect

The anonymous analytics data is used solely to:

  • Understand which features are useful so we can improve them.
  • Make informed decisions about future development priorities.

We do not use this data for advertising, profiling, or sale to third parties.

4. Encryption & Local Storage

Every document, image, and piece of metadata you store in VaultKeep is encrypted with AES-256-GCM before being written to disk. The encryption key is generated on your device, stored in the platform Keychain (iOS) or Keystore (Android), and is never transmitted anywhere.

VaultKeep operates in a local-first, offline-by-default model. There is no backend server that receives or stores your data. The app functions fully without an internet connection.

Because we never hold your encryption key, we cannot decrypt or recover your data even if legally compelled. There is no "forgot password" reset via a server — your device is the only key.

5. Third-Party Services

VaultKeep uses the following third-party SDK:

  • Firebase Analytics (Google LLC) — collects anonymous, aggregated usage events. No document content or personally identifiable information is included in these events. Google Privacy Policy ↗

This service operates under Google's privacy framework. You can review Google's data processing terms at firebase.google.com/support/privacy ↗ .

6. Data Retention & Deletion

Your documents: Stored only on your device. To delete them, use the Erase All Data option in Settings, or simply delete the app. VaultKeep has no copy of your data to delete from a server.

Analytics data: Anonymous aggregate data retained by Firebase Analytics for up to 14 months in accordance with Google's standard retention policy, after which it is automatically deleted.

7. Children's Privacy

VaultKeep is not directed at children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal information through the app, please contact us so we can take appropriate action.

8. Your Rights

Depending on your jurisdiction you may have rights to access, correct, or delete personal data held about you. Because VaultKeep collects only anonymous analytics, there is typically no personal data held by us that can be attributed to you individually.

If you wish to opt out of analytics collection, you can disable it in your device's app settings or contact us and we will guide you through the available options.

9. Security

We take reasonable technical and organizational measures to protect the anonymous data that passes through third-party services. However, no system is 100% secure. The primary protection for your documents is on-device AES-256 encryption — the layer we fully control and that requires no trust in our servers.

10. Changes to This Policy

We may update this policy to reflect changes in the app or legal requirements. When we do, we will update the Last updated date at the top of this page. Material changes will be announced through an in-app notice.

We will never change this policy in a way that introduces server-side collection of your document content without prominent disclosure and your explicit consent.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out:

We aim to respond within 5 business days.