Last updated: March 23, 2026
Effective date: March 23, 2026
Welcome to Enclave ("the App", "we", "our"). Enclave is an offline password manager developed by Paolo Ronco ("Developer", "I", "me").
This Privacy Policy explains how the App handles your information. Please read it carefully.
The short version: Enclave does not collect, transmit, or share any personal data. Everything stays on your device.
Developer: Paolo Ronco
App name: Enclave — Offline Password Manager
Package ID: com.paoloronco.codevault
Platform: Android
Contact: info@paoloronco.it
We collect no personal data whatsoever.
Enclave does not require you to:
Create an account
Provide an email address
Enter your name or any personal identifier
Connect to the internet
All data you create in Enclave — including account titles, usernames, passwords, URLs, and notes — is stored exclusively on your device. This data:
Is never transmitted to any server
Is never shared with the Developer or any third party
Is never used for analytics or advertising
Is never uploaded to the cloud
All vault data is stored in a local SQLite database on your device, located in the private app directory (/data/data/com.paoloronco.codevault/). This directory is not accessible to other apps or to external parties without root access to your device.
Every sensitive field (account title, username, password, and notes) is individually encrypted using AES-256-GCM before being written to the database.
Encryption keys are generated by and stored exclusively within the Android Keystore System — a hardware-backed secure enclave provided by Android. These keys:
Never leave the secure hardware chip of your device
Are bound to your device and cannot be extracted
Are automatically destroyed when the app is uninstalled
Access to the vault is protected by a PIN and/or biometric authentication (fingerprint or face unlock) managed entirely by Android's BiometricPrompt API. No authentication data is transmitted or stored outside your device.
Enclave offers an optional local backup feature that allows you to export your vault data to a file of your choice on your device.
Backup files are password-encrypted using a key derived from your chosen backup password
The Developer has no access to your backup files
Backup files are stored wherever you choose on your device or local storage
You are solely responsible for the security of your backup files
Enclave does not use the internet. The App:
Makes no network requests of any kind
Does not contact any external server
Does not use analytics SDKs (e.g., Firebase Analytics, Google Analytics)
Does not include advertising SDKs
Does not use crash reporting services
Does not check for updates remotely
Enclave does not integrate any third-party service that collects data, including but not limited to:
Service
Used?
Google Analytics / Firebase
No
Facebook SDK
No
Crashlytics / Sentry
No
Advertising networks
No
Cloud sync services
No
Push notification services
No
The only external code used is open-source Android libraries (Jetpack Compose, Room, AndroidX Biometric) which operate entirely on-device and do not transmit data.
Enclave requests the following Android permissions:
Permission
Purpose
USE_BIOMETRIC
Allows fingerprint / face unlock to open the vault
USE_FINGERPRINT
Legacy biometric support on older Android versions
The App does not request permissions for:
Internet access (INTERNET)
Camera
Location
Contacts
Phone state
Microphone
External storage (beyond what you explicitly choose for backup export)
Since Enclave stores data only on your device:
Your data persists until you manually delete it or reset the vault
All data is permanently deleted when you uninstall the App
The Developer retains no copies of your data at any time
Enclave is not directed at children under the age of 13. The App does not knowingly collect any information from children. Since no data is collected from any user, there is no risk of inadvertent collection of children's data.
We take security seriously. The technical measures implemented in Enclave include:
AES-256-GCM encryption for all sensitive fields
Android Keystore hardware-backed key storage
FLAG_SECURE window flag — prevents screenshots and hides vault content in the app switcher
Root detection — the App displays a warning if root access is detected on the device
Auto-lock — the vault automatically locks after a configurable timeout
No recovery mechanism — forgotten PINs cannot be recovered, by design, to prevent unauthorized access
Despite these measures, no security measure is perfect. You are responsible for keeping your device secure, your PIN secret, and your backup files safe.
Since Enclave does not collect or process any personal data, standard data-subject rights (access, rectification, erasure, portability) apply exclusively to data stored locally on your own device, which you fully control at all times.
If you wish to delete all your data, you can:
Use the "Reset Vault" option in the App settings, or
Uninstall the App
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this document. The current version is always available at the URL provided on the Google Play Store listing.
Continued use of the App after changes constitutes acceptance of the updated policy.
This Privacy Policy is designed to comply with:
Google Play Developer Policy
General Data Protection Regulation (GDPR) — EU Regulation 2016/679
California Consumer Privacy Act (CCPA)
Children's Online Privacy Protection Act (COPPA)
As Enclave collects no personal data, the obligations under these regulations are fulfilled by design.
If you have any questions or concerns about this Privacy Policy, please contact:
Paolo Ronco
Email: info@paoloronco.it
This privacy policy was written for Enclave — Offline Password Manager, package ID com.paoloronco.codevault.