Legal

Privacy Policy

Last updated: May 2026

Summary

Vaultic collects no personal data, contacts no servers, and contains no third-party SDKs. Everything stays on your device.

What we collect

Nothing. We do not collect, transmit, store, or share any personal data, usage data, analytics, crash reports, or identifiers of any kind.

Network requests

The app makes zero outbound network requests. There is no backend, no CDN, no telemetry endpoint, no analytics service, no remote configuration.

A build-phase script in the project fails the build if any networking API (URLSession, NSURLConnection, CFNetwork, etc.) appears anywhere in the source code outside of the local-network Device Transfer feature. You can verify this yourself by reviewing the source.

Where your data lives

All encrypted files, metadata, and keys live entirely on your device:

The Keychain attribute kSecAttrAccessibleWhenUnlockedThisDeviceOnly prevents iCloud Keychain sync and backup, and prevents the key from being restored to a different device.

iCloud

Vaultic opts out of iCloud for its SwiftData store (cloudKitDatabase: .none). Vault files are stored in Application Support, which is not automatically iCloud-backed.

Pro subscribers can opt in to encrypted iCloud Drive backup. If you enable this feature, your vault is exported as an encrypted archive and uploaded to your personal iCloud Drive. The archive is AES-256-GCM encrypted on-device before upload — Apple's servers only ever see opaque ciphertext. The decryption key never leaves your device.

Local backups (iTunes / Finder)

Local backups created via iTunes or Finder may include the encrypted blobs. The master key remains in the iOS Keychain, which is excluded from unencrypted device backups — the blobs are useless without the key.

Cryptography

The cryptographic core uses only Apple-provided frameworks (CryptoKit, CommonCrypto): AES-GCM 256-bit encryption, PBKDF2-HMAC-SHA256 key derivation (200,000 iterations), and SHA-256 integrity verification. No proprietary encryption is implemented.

Third-party SDKs

None. Vaultic contains no third-party SDKs, no analytics libraries, no crash reporters, and no advertising frameworks.

In-App Purchases

Purchase transactions are handled entirely by Apple's StoreKit framework. We never see your payment information. Apple's privacy policy governs purchase data.

Children

Vaultic is not directed at children under 13 and we do not knowingly collect information from children.

Changes to this policy

If this policy changes, the updated version will be posted at this URL with a new "Last updated" date. We will not retroactively reduce your privacy protections.

Contact

Questions about this policy? See our support page or email support@vaulticapp.com.