# Privacy Policy — Kryptos
> Publish this at your **Privacy Policy URL** in App Store Connect (e.g. Google Sites).
> **Support / privacy requests:** https://github.com/saichandakkineni/Kryptos-nativeiOS/issues
---
**Effective date:** May 22, 2026
**Last updated:** May 22, 2026
**App:** Kryptos (iOS)
**Publisher:** Kryptos
**Contact:** asaic502@gmail.com
**Support:** https://github.com/saichandakkineni/Kryptos-nativeiOS/issues
---
## 1. Introduction
This Privacy Policy describes how **Kryptos** (“we,” “our,” or “the app”) handles information when you use our iOS password manager. Kryptos is designed to be **privacy-first**: your master password and decrypted vault contents stay on your device. We do not operate a Kryptos cloud service that receives your passwords.
By using Kryptos, you agree to this policy. If you do not agree, please do not use the app.
---
## 2. Summary
| Topic | Our approach |
|--------|----------------|
| **Your passwords** | Encrypted on your iPhone/iPad; we never receive your master password |
| **Cloud sync** | Optional; only an **encrypted vault file** is stored in **your** iCloud or Google Drive |
| **Analytics & ads** | None. No third-party analytics, advertising, or tracking SDKs |
| **Selling data** | We do not sell your personal information |
| **Account with us** | No Kryptos account or login is required to use the app |
---
## 3. Information you provide
You choose what to store in your vault, such as:
- Login credentials (usernames, passwords, site URLs, TOTP secrets, security questions)
- Secure notes and custom fields
- Credit and debit card details, bank account information
- Identity documents (e.g., driver license, passport) and optional photos you attach
- Wi‑Fi passwords, SSH/API keys, and passkeys
- Labels, favourites, and version history for vault items
This information is **provided by you** and used only to provide app functionality (store, display, edit, sync, and AutoFill where enabled).
---
## 4. How your data is stored and protected
### 4.1 On your device
- Vault data is stored in an **encrypted database** on your device.
- Encryption uses **AES-256-GCM**. Keys are derived from your master password using **Argon2id** (or a legacy derivation method for older vaults).
- Your **master password is never transmitted** to us or stored in plain text on our servers (we do not operate vault servers).
- A **salt**, **verification token**, and optional **biometric-wrapped key** are stored in the iOS **Keychain**.
- App settings (e.g., auto-lock timeout, biometric preferences) are stored in **App Group** storage shared with the Kryptos **AutoFill extension**.
### 4.2 Biometric unlock
If you enable Face ID or Touch ID, unlock uses Apple’s **LocalAuthentication** and Secure Enclave. **Biometric data never leaves your device** and is not accessible to us.
### 4.3 AutoFill extension
The Kryptos AutoFill extension runs in a separate process but accesses the same encrypted vault through the App Group and Keychain. It can fill credentials only after you unlock with biometrics or your master password, consistent with iOS AutoFill security.
---
## 5. Optional cloud sync
Sync is **optional**. If you turn it on:
| Provider | What is stored | Who controls it |
|----------|----------------|-----------------|
| **iCloud Drive** | Encrypted file (`Kryptos.vault`) in your iCloud app container | You, via your Apple ID |
| **Google Drive** | Same encrypted vault file in your Google Drive app data; OAuth tokens needed for sync are stored encrypted in the vault | You, via your Google account |
- Kryptos **cannot decrypt** your cloud vault file without your master password.
- Cloud providers (Apple, Google) have their own privacy policies governing their services.
- If you delete the Kryptos app, **local** data is removed; copies in iCloud or Google Drive may remain until **you** delete them in those services.
---
## 6. When the app uses the network
Kryptos works **offline** for core features. Network access is used only for the following:
| Feature | Data sent | Purpose |
|---------|-----------|---------|
| **Password breach check** | First **5 characters** of the SHA-1 hash of a password (k-anonymity) to [Have I Been Pwned](https://haveibeenpwned.com/) | Optional security check; full password is never sent |
| **Site favicons** | Website **domain** (from login URL) to Google’s public favicon service | Display icons in the app |
| **iCloud sync** | Encrypted vault blob via Apple APIs | Optional backup/sync you enable |
| **Google Drive sync** | Encrypted vault blob and Google OAuth traffic | Optional backup/sync you enable |
We do **not** send routine usage analytics, crash reporting to third-party trackers, or advertising identifiers.
---
## 7. Device permissions
Kryptos may request:
| Permission | Why |
|------------|-----|
| **Face ID / Touch ID** | Unlock the vault quickly |
| **Camera** | Scan TOTP setup QR codes when you choose “Scan QR” |
| **Photo Library** | Attach photos to identity documents in your vault (only when you pick an image) |
You can deny permissions in iOS Settings; related features may not work.
---
## 8. What we do not collect
We do **not** collect or use:
- Advertising identifiers
- Cross-app tracking profiles
- Contact lists, location, browsing history, or search history outside what **you** save in the vault
- Diagnostic or analytics data sold to data brokers
- Your master password or decrypted vault contents on our servers
---
## 9. Third-party services
Kryptos integrates with services you may use:
- **Apple** (iCloud, App Store, LocalAuthentication, AutoFill)
- **Google** (Drive sync, OAuth, favicon service)
- **Have I Been Pwned** (breach checks)
These third parties process data according to their own policies. We do not control their practices.
**Open-source dependency:** The app uses **Argon2Kit** for Argon2id key derivation on device. No vault contents are sent to that library’s authors.
---
## 10. Data retention and deletion
- **Vault items:** You can edit, archive, or delete items in the app.
- **Version history:** Previous versions of credentials are kept locally (and in sync) according to app limits.
- **Uninstalling the app** removes local vault data unless copies remain in your iCloud or Google Drive account.
- **Wiping the vault** (where offered in settings) removes local encrypted data; you should also remove cloud copies if you no longer want them.
We do not retain your vault on company servers because we do not host your vault.
---
## 11. Children’s privacy
Kryptos is not directed at children under **13** (or the minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has provided information through the app, contact us at asaic502@gmail.com or open an issue at https://github.com/saichandakkineni/Kryptos-nativeiOS/issues.
---
## 12. Your rights and choices
Depending on where you live, you may have rights to access, correct, or delete personal information. Because your vault data is stored **on your device** and optionally in **your** cloud accounts:
- You can view, edit, export (where the app supports it), and delete data in the app.
- You can revoke iCloud or Google sync by disconnecting sync in the app and removing the vault file from that service.
- You can contact us at asaic502@gmail.com or via https://github.com/saichandakkineni/Kryptos-nativeiOS/issues for privacy questions.
We will respond to reasonable requests as required by applicable law.
---
## 13. International users
If you use Kryptos outside your home country, your encrypted vault may be stored on device and, if you enable sync, in the region(s) associated with your Apple or Google account. You are responsible for complying with local laws regarding password managers and data storage.
---
## 14. Security
We use industry-standard encryption and iOS security features. No method of storage or transmission is 100% secure. You are responsible for choosing a strong master password and keeping your device and cloud accounts secure.
---
## 15. Changes to this policy
We may update this Privacy Policy from time to time. We will change the **Effective date** and **Last updated** date at the top. Continued use of the app after changes means you accept the updated policy. For material changes, we may provide notice in the app or on this page where practicable.
---
## 16. Contact us
For privacy questions or requests:
**Email:** asaic502@gmail.com
**Support:** https://github.com/saichandakkineni/Kryptos-nativeiOS/issues
**App:** Kryptos (iOS)
**Publisher:** Kryptos
---
## 17. Legal note
This policy is provided for transparency and App Store compliance. It is **not legal advice**. Consider having a qualified attorney review it for your jurisdiction and business structure before publication.