Vaulto - Privacy Policy

Offline first AES 256 Encrypted Password Manager

Last updated: April 2026  ·  Effective: April 2026

No data collection

No account required

No ads ever

100% offline by default

AES-256 encryption

Your data stays on your device

Table of Contents

1. Overview & Our Privacy Commitment

2. Information We Do NOT Collect

3. Data Stored on Your Device

4. Encryption & Security

5. Optional Google Drive Sync

6. Password Breach Checking (HIBP)

7. Google Play Billing & Subscriptions

8. App Permissions Explained

9. Autofill Service

10. Children's Privacy

11. Third-Party Services

12. Data Retention & Deletion

13. Changes to This Policy

14. Contact Us

1Overview & Our Privacy Commitment

Vaulto is an offline-first password manager for Android. We built Vaulto on a simple principle: your passwords and personal credentials belong to you alone. They should never be transmitted to, stored on, or accessible by any third-party server — including ours.

This Privacy Policy explains what information the Vaulto app ("App", "we", "our") handles, how it is stored, and what choices you have. By using the App you agree to the practices described here.

✓ Vaulto does not operate any servers for user data. We have no database of your credentials, no user accounts, and no way to read your vault — even if we wanted to.

2Information We Do NOT Collect

Vaulto is designed to collect nothing. We do not collect, transmit, or store any of the following:

• Passwords, usernames, PINs, or any credential data you enter

• Government ID details, card numbers, or financial information

• Your name, email address, phone number, or any personal identifier

• Device identifiers, advertising IDs, or hardware fingerprints

• Usage analytics, session data, or feature interaction logs

• Crash reports or diagnostic telemetry

• Location data of any kind

• Clipboard contents (the app clears the clipboard after copying passwords)

• Biometric data (fingerprint/face data never leaves your device's secure hardware)

The App operates entirely offline by default. No data is transmitted to any server operated by Vaulto.

3Data Stored on Your Device

All data you enter into Vaulto is stored exclusively on your device in an encrypted database. This includes:

• Credential entries (usernames, passwords, PINs, notes)

• Government ID details and document photos (encrypted)

• Two-factor authentication (TOTP) secrets

• App settings and preferences

Where data is stored

All credential data is stored in the app's private encrypted SQLite database using SQLCipher. Document photos are stored as individually encrypted files in the app's private files directory. Neither location is accessible to other apps on your device or to Android cloud backup systems.

ℹ️ We have disabled Android's automatic cloud backup for vault data. Your credentials are never silently uploaded to Google's backup servers.

Clipboard security

When you copy a password or sensitive value, Vaulto automatically clears the clipboard after a short period to prevent other apps from reading it through the clipboard API.

Screen security

The app sets the FLAG_SECURE window flag which prevents the vault contents from appearing in Android's recent apps screen or being captured by screen recording tools.

4Encryption & Security

Vaulto uses multiple layers of encryption to protect your data:

• AES-256-GCM: All credential data is encrypted using AES-256-GCM, the same standard used by governments and financial institutions worldwide.

• PBKDF2 key derivation: Your vault key is derived from your PIN using PBKDF2 with 310,000 iterations and a random salt. This makes brute-force attacks computationally infeasible.

• SQLCipher: The entire database file is encrypted at rest using SQLCipher. The database cannot be opened without the derived key — even with direct file access.

• Android Keystore: Biometric keys are stored in Android's hardware-backed Keystore and never exported from the device's secure enclave.

• Per-file image encryption: Document photos are individually encrypted using AES-256-GCM before being written to storage.

⚠️ Your PIN is never stored anywhere — not on your device, not on any server. If you forget your PIN, your vault cannot be recovered. Please store your PIN safely.

5Optional Google Drive Sync

Vaulto offers an optional feature to sync your encrypted vault to your personal Google Drive account. This feature is disabled by default and must be explicitly enabled by you.

What is uploaded

When sync is enabled, Vaulto uploads a single encrypted vault file to the appDataFolder of your Google Drive. This folder is private to Vaulto — it is not visible in your regular Google Drive file browser and cannot be accessed by other apps.

Encryption before upload

Your vault data is encrypted on your device before being uploaded. The encrypted file is protected by your PIN and device-specific salts. We — the Vaulto developers — cannot read the contents of your synced vault. Neither can Google.

What we do not access

• We do not access any other files in your Google Drive

• We do not receive your Google account credentials

• We only request the drive.appdata scope — the most restricted Google Drive permission, limited to files created by Vaulto

• We do not share your Google account information with any third party

Your control

You can disconnect Google Drive sync at any time from Settings → Sync. You can also delete the vault file from Drive entirely. After disconnecting, no further data is transmitted.

ℹ️ Google's own Privacy Policy governs how Google stores the encrypted file on their servers. We encourage you to review Google's Privacy Policy.

6Password Breach Checking (HaveIBeenPwned)

Vaulto includes an optional password health feature that can check whether your passwords appear in known public data breaches. This uses the HaveIBeenPwned (HIBP) API.

How it protects your privacy

This check is implemented using the k-anonymity model — your actual password is never sent to any server. Here is exactly what happens:

1. A SHA-1 hash of your password is computed locally on your device

2. Only the first 5 characters of that hash are sent to the HIBP API

3. HIBP returns a list of all hashes beginning with those 5 characters

4. Your device checks locally whether your full hash appears in that list

5. HIBP never learns which specific password you are checking

✓ Your password never leaves your device. The HIBP API cannot determine which password you are checking.

This feature is optional and only runs when you explicitly request a health check. HaveIBeenPwned's own privacy policy applies to the anonymised requests made to their API.

7Google Play Billing & Subscriptions

Vaulto offers an optional Premium subscription through Google Play. Subscription tiers are:

• Free: Up to 30 credentials with full core features

• Premium: Unlimited credentials — $1.00/month or $8.00/year

Payment processing

All payment processing is handled entirely by Google Play. Vaulto does not receive, store, or process your payment card details at any point. Google may share a subscription status (active or inactive) with the App through the standard Google Play Billing API.

What we receive

We receive only a boolean subscription status — whether a valid active subscription exists. We do not receive your name, billing address, card details, or any other payment information.

Google's Privacy Policy governs all billing transactions. Please review Google's Privacy Policy for details on how your payment data is handled.

8App Permissions Explained

Vaulto requests only the permissions necessary for its features. Here is exactly what each permission is used for:

Permission

Why it is needed

Optional?

INTERNET

Required for optional Google Drive sync and optional HaveIBeenPwned breach checking. The app functions fully without network access.

Optional

USE_BIOMETRIC / USE_FINGERPRINT

Allows fingerprint or face unlock of your vault. Biometric data is processed entirely within your device's secure hardware (Trusted Execution Environment) and never exported.

Optional

CAMERA

Used only to scan TOTP QR codes when setting up two-factor authentication. We do not capture, store, or transmit photos taken through this permission.

Optional

READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE

Used only when you choose to attach a document photo (e.g. ID card image) to a credential. Access is limited to files you explicitly select through the system file picker.

Optional

WRITE_EXTERNAL_STORAGE

Used only when you choose to save an encrypted backup file to a location of your choosing. You select the save location through the system file picker.

Optional

VIBRATE

Provides haptic feedback during PIN entry for accessibility. No data is involved.

Optional

All optional permissions are only requested at the moment you use the feature that requires them. You can deny any optional permission and the rest of the app continues to work normally.

9Autofill Service

Vaulto can optionally be set as your Android Autofill provider. When enabled, Vaulto suggests credentials when you tap login fields in other apps and browsers.

What the autofill service accesses

When you tap a login field in another app, Android passes information about that field (the app package name and field hints) to the Vaulto autofill service so it can match and suggest relevant credentials. This information is:

• Processed entirely on your device

• Never logged, stored beyond the immediate request, or transmitted anywhere

• Used only to find matching credentials in your local encrypted vault

Vaulto only presents autofill suggestions when your vault is unlocked. No credential data is shared with the app requesting autofill — only the specific credential you select is filled into the target field.

10Children's Privacy

Vaulto is not directed at children under the age of 13. We do not knowingly collect any personal information from children. The App does not contain content designed for or targeted at children.

If you believe a child under 13 has used the App in a way that raises privacy concerns, please contact us at the address below and we will take appropriate action.

11Third-Party Services

Vaulto integrates with the following third-party services, all of which are optional:

• Google Play Services & Google Sign-In: Used for optional Google Drive sync. Governed by Google's Privacy Policy.

• Google Drive API: Used to store your encrypted vault file in your personal Google Drive appDataFolder. Governed by Google's Terms and Privacy Policy.

• Google Play Billing: Used to process Premium subscription payments. Governed by Google's Privacy Policy.

• HaveIBeenPwned API: Used for optional password breach checking using k-anonymity. No identifying information is shared. Governed by HIBP's Privacy Policy.

Vaulto does not integrate with any advertising networks, analytics platforms, social media SDKs, or data brokers. No third-party tracking code is included in the App.

✓ Vaulto does not serve ads and never will. No advertiser has paid or will pay to have their products or services promoted through this App.

12Data Retention & Deletion

On your device

All vault data is stored locally on your device. You can delete all data at any time by:

• Uninstalling the App (clears all local vault data immediately)

• Using the "Delete vault" option in Settings (wipes the encrypted database)

• Clearing app data through Android Settings → Apps → Vaulto → Clear Data

On Google Drive (if sync is enabled)

If you have enabled Google Drive sync, your encrypted vault file is stored in your Google Drive. You can delete it by:

• Tapping "Disconnect and delete Drive vault" in Settings → Sync

• Revoking Vaulto's access to your Google account via your Google Account settings at myaccount.google.com

We do not retain any copies of your data. Once deleted from your device and from Google Drive, the data cannot be recovered by us or anyone else.

What we retain

We retain nothing. We operate no servers, no user databases, and no logs of any kind relating to user data.

13Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document. For significant changes, we will post a notice within the App.

We encourage you to review this policy periodically. Your continued use of the App after any changes constitutes acceptance of the updated policy.

The most current version of this policy is always available at the URL you are currently reading.

14Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how Vaulto handles your data, please contact us. We aim to respond to all privacy inquiries within 7 business days.

Get in Touch

For privacy enquiries, data deletion requests, or any concerns about this policy:

apposecurelabs@gmail.com

Please update the email address above with your actual contact email before publishing. You may also wish to add your registered business address if required by your jurisdiction.

Vaulto Privacy Policy  ·  Version 1.0  ·  April 2026

This policy was last reviewed and updated in April 2026.