Privacy Policy

Last updated: June 2026

Short version: CredStore stores everything locally on your device. We collect no personal data, operate no servers, and share nothing with anyone.

1. Who we are

CredStore is a privacy-first personal vault application for iOS and Android. "We", "our", and "us" refer to the developers of CredStore.

2. What data we collect

None. CredStore does not collect, transmit, or store any personal data on external servers. There are no accounts, no sign-ups, and no cloud services involved in the operation of this app.

All vault entries — passwords, notes, and credentials — exist exclusively on your device, encrypted at rest.

3. How your data is stored

All data is encrypted before being written to local storage using:

Argon2id key derivation from your master password (never stored)
XChaCha20-Poly1305 authenticated encryption for every vault entry
SQLCipher database encryption keyed with a per-install key stored in the OS secure keychain

Your master password is never stored, logged, or transmitted. It is used only to derive an in-memory encryption key, which is wiped when you lock the vault.

4. Biometric data

If you enable biometric unlock (Face ID or Touch ID on iOS; fingerprint on Android), the app uses the operating system's secure biometric APIs. Biometric data — your face geometry or fingerprint templates — is processed entirely by the device's Secure Enclave (iOS) or Android Keystore. This data never leaves your device and CredStore never has access to it.

When biometric unlock is enabled, a copy of your vault encryption key is wrapped by a hardware-backed, biometric-protected key and stored in the OS keychain. Disabling biometric unlock deletes this wrapped key.

5. Backup and export

The backup feature generates an encrypted file on your device. You choose where to save or share this file (for example, to iCloud Drive, Google Drive, or email). We have no access to your backup files. The backup is protected by a separate passphrase you provide.

6. Permissions

Face ID / Touch ID — optional, requested only when you choose to enable biometric unlock

CredStore requests no other permissions (no camera, no contacts, no location, no microphone).

7. Analytics and crash reporting

CredStore contains no analytics SDKs, no advertising SDKs, no crash-reporting services, and no telemetry of any kind. We receive no information about how you use the app.

8. Third-party services

CredStore does not integrate with any third-party services at runtime. There are no third-party SDKs that transmit data off your device.

9. Children's privacy

CredStore does not knowingly collect information from anyone, including children under 13. Because no data is collected at all, the app is safe for users of all ages.

10. Changes to this policy

If we make material changes to this privacy policy, we will update the "Last updated" date above and release an updated version of the app. Continued use of CredStore after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy? Contact us at: privacy@credstore.io

← Back to home