Privacy Policy

Last updated: May 15, 2026

This Privacy Policy describes how SafeKeep ("we", "us", or "our") collects, uses, and protects your information when you use our mobile application. By using SafeKeep, you agree to the practices described in this policy.

1. Information We Collect

SafeKeep is designed to minimize data collection. Here is exactly what we collect and why:

Information You Provide

• Vault Password: A master password you create to secure your vault. This password is hashed with a salt and multiple iterations of PBKDF2. The plaintext password is never stored. Password strength is validated on-device (8+ characters, must include uppercase, lowercase, number, and special character).
• Recovery Key: A 16-character alphanumeric key (e.g., ABCD-1234-EFGH-5678) generated on-device for password recovery. Stored locally in encrypted form.
• Photos & Documents: Files you choose to import into your vault. These are encrypted with AES-256-CBC and stored in the app's private file system. Thumbnails (250x250, JPEG, 30% quality) are generated on-device for display purposes.
• Decoy Vault Password (Premium): A separate password for your decoy vault, stored with the same hashing and encryption standards as your main vault password.
• Backup PIN (Premium): A PIN you set to protect encrypted backup archives. This PIN is required to decrypt and restore backups.

Information Collected Automatically

• Usage Data: We collect anonymous, non-personal usage data such as feature interactions (e.g., "user opened photo vault") to improve the app. This data is not linked to your identity or vault contents.
• Crash Reports: If the app crashes, anonymized crash data may be sent to help us fix bugs. No vault contents or personal information is included.
• Device Information: Basic device information (model, OS version) may be collected for analytics and compatibility purposes. This does not include device identifiers like IDFA or IDFV.
• App State Information: The app tracks the last active time locally to determine when to auto-lock the vault. This data never leaves your device.
• Version Check Data: SafeKeep may check the App Store for newer versions using the app ID (6762066127). This involves a minimal network request with no personal data.

Information We Do NOT Collect

2. How We Use Your Information

Your information is used solely for the following purposes:

• To Provide Vault Functionality: Your password and recovery key are used to authenticate you and encrypt/decrypt your vault contents.
• To Enable Biometric Authentication: Face ID / Touch ID / Fingerprint references are managed by the device's Secure Enclave or Trusted Execution Environment. SafeKeep only stores a XOR-encrypted reference token, never biometric data.
• To Process In-App Purchases: When you purchase SafeKeep Premium, the transaction is processed by Apple's App Store. We receive only a receipt confirming your purchase status.
• To Improve the App: Anonymous usage data helps us understand which features are used and how to improve the user experience.
• To Detect Intruders: If enabled, the front camera captures a photo silently on failed password attempts. These photos are stored securely in your vault and never transmitted anywhere.
• To Enable Decoy Vault (Premium): A separate password authenticates access to a fake vault with placeholder content, keeping your real files hidden.
• To Provide Emergency Action (Premium): Device shake detection or a header button triggers an instant switch to the Decoy Vault. This is processed entirely on-device.
• To Create Encrypted Backups (Premium): Your vault contents are packaged into a ZIP archive and encrypted with AES-256-GCM using your PIN. Backups are exported at your direction via the system Share Sheet.
• To Restore Backups (Premium): Backup files are decrypted with your PIN, validated for structure, and re-encrypted with your current vault password. Rollback protection preserves the original vault on failure.
• To Manage Premium Status: Your premium purchase status is stored locally using AsyncStorage and verified against the App Store receipt. This works offline.

3. Data Storage & Security

On-Device Storage

All vault data is stored exclusively on your device in the app's private file system. iOS sandboxing prevents other apps from accessing this data. We do not use cloud storage, remote servers, or third-party data warehouses.

Security Measures

• Password Hashing: Your master password is hashed using PBKDF2 with a unique salt and multiple iterations before storage.
• File Encryption: All files are encrypted with AES-256-CBC encryption. Each file has a unique encryption key derived from your master password.
• Biometric Key Storage: Biometric references are XOR-encrypted and stored in the device's secure storage (iOS Keychain).
• Auto-Wipe Protection: After 3 failed password attempts, all vault data is permanently deleted from the device — including files, metadata, thumbnails, and decryption caches.
• Privacy Blur: When the app goes to the background, the screen is blurred to prevent vault contents from being visible in the app switcher.
• Auto-Lock (Premium): The vault automatically locks after a configurable period of inactivity (immediate, 30 seconds, 1 minute, 5 minutes, or never).
• Per-File Encryption Toggle: Individual files can be toggled between encrypted and decrypted states. Encrypted files display a lock badge.
• Batch Operations: Encrypt, decrypt, delete, or share multiple files at once. All operations are processed securely on-device.
• Secure Sharing: Files shared via the system share sheet are temporarily decrypted and automatically cleaned up after sharing.

Intruder Detection Photos

If Intruder Detection is enabled, photos captured by the front camera on failed login attempts are stored securely within your encrypted vault. These photos are never uploaded, shared, or transmitted. You can view, delete individual photos, or clear all intruder photos from within the app. The latest intruder photo is always visible; full history requires Premium.

Thumbnail Generation

When you import photos, thumbnails (250x250 pixels, JPEG format, 30% quality) are generated on-device for display in the grid layout. These thumbnails are stored in the app's private file system and deleted when the original file is deleted.

4. Encryption & Key Management

SafeKeep uses industry-standard encryption to protect your data:

Component	Algorithm	Purpose
File Encryption	AES-256-CBC	Encrypts all photos and documents in the vault
Key Derivation	PBKDF2 (10,000 iterations)	Derives encryption keys from your master password
Password Hashing	PBKDF2 + Salt	Securely stores your master password hash
Backup Encryption	AES-256-GCM (CryptoKit)	Encrypts backup archives with PIN protection
Biometric Storage	XOR Encryption	Protects biometric key references in device secure storage

5. App Permissions

SafeKeep may request the following permissions. Each permission is optional and can be revoked at any time through your device settings:

Permission	Purpose	Required?
Photo Library	To import photos into your vault (multi-select supported)	Optional (needed for photo import)
Camera	For Intruder Detection (captures photo silently on failed login)	Optional (needed for Intruder Detection)
Face ID / Touch ID / Fingerprint	For biometric authentication to unlock the vault	Optional
Notifications	For future feature updates (not currently used)	Optional
Files & Documents	To import documents (PDF, DOC, DOCX, XLS, XLSX, PPT, PPTX, TXT, RTF) and to export encrypted backups	Optional (needed for document import and backup export)

SafeKeep does not request or use location services, Bluetooth, microphone, calendar, or health data permissions.

6. Third-Party Services

SafeKeep integrates with the following third-party services, all of which are privacy-respecting:

Apple App Store (In-App Purchases)

• Used for processing SafeKeep Premium purchases (Product ID: com.safekeep.premium)
• Transaction data is handled entirely by Apple's servers
• We receive only a purchase receipt to verify premium status
• No payment information is shared with us
• Purchase restoration is supported across devices using the same Apple ID
• See Apple's privacy policy: https://www.apple.com/legal/privacy/

App Store Review (Version Check)

• SafeKeep checks the App Store for newer versions to prompt updates
• This involves a network request to Apple's servers with the app ID (6762066127)
• No personal data is transmitted in this request

Analytics (Optional)

• We may use anonymized, aggregate analytics to understand feature usage
• No personally identifiable information is collected
• No advertising or tracking SDKs are used
• You cannot be identified from this data

7. In-App Purchases & Premium

SafeKeep offers a one-time Premium purchase that unlocks additional features. Here's what you need to know:

• Product ID: com.safekeep.premium
• Payment Processing: All payments are processed by Apple's App Store. We never see or store your payment information.
• Premium Status: Your premium status is stored locally on your device using AsyncStorage. It is verified against the App Store receipt.
• Restore Purchases: You can restore your Premium purchase on any device using the same Apple ID via the restore functionality.
• Offline Verification: Premium status works offline. Your purchase is cached locally and does not require an internet connection to verify.
• Transaction Listener: A transaction listener automatically detects and processes new purchases for immediate unlock.

Premium Features

The following features require a Premium purchase:

• Decoy Vault — A separate password-protected fake vault with placeholder photos for coercion situations. Changeable password, toggleable from Settings.
• Emergency Action — Shake your phone or tap the "Switch to Decoy Vault" button in the header to instantly switch to the Decoy Vault. Works only when Decoy Vault is enabled.
• Auto-Lock Vault — Configurable auto-lock timers (immediate on background, 30 seconds, 1 minute, 5 minutes, or never).
• Intruder Snapshots (Full History) — View all captured intruder photos (free version shows only the latest). Delete individual or clear all.
• Unlimited Storage — No limits on photos or documents (free version: 30 photos + 30 documents).
• Encrypted Backup & Restore — Create PIN-protected, AES-256-GCM encrypted backups (.safekeep files) and restore them with rollback protection.

Free Features

The following features are available to all users at no cost:

• Password-Protected Vault — Master password with strength validation, hashing with salt + multiple iterations
• Recovery Key System — 16-character alphanumeric key for password recovery
• Biometric Authentication — Face ID / Touch ID / Fingerprint unlock with toggle
• Auto-Wipe Protection — Vault auto-wipes after 3 failed password attempts (toggleable)
• Privacy Blur — Screen blur on app background (toggleable)
• Intruder Detection — Front camera captures photo on wrong password (latest photo visible)
• Photo Vault — Import photos with 3-column grid, full-screen viewer, thumbnails (up to 30 photos)
• Document Vault — Import documents with list view, built-in viewer, share button (up to 30 documents)
• File Encryption/Decryption — AES-256-CBC with per-file toggle and batch operations
• Selection Mode — Long-press multi-select with batch delete, share, encrypt, decrypt
• Secure Sharing — Share individual or batch files via system share sheet with temp decryption
• File Deletion — Individual and batch delete with confirmation, thumbnail cleanup
• First-Launch Onboarding — 6-slide onboarding flow (skip-able, re-watchable)
• Guided Tutorials — 5 contextual tutorials for photos, documents, and decoy vault
• In-App Help & Feature Guide — Searchable help with 16 categorized feature guides
• Animated Screen Transitions — Fade, slide, and spring animations
• Glassmorphism UI — BlurView-based glass cards and modals
• Version Update Check — Automatic check for newer versions

8. Data Deletion & Auto-Wipe

Manual Deletion

You can delete individual files or all vault contents at any time from within the app. Deletion removes both the main file and its thumbnail from the device's file system, and clears any decryption caches. Batch deletion is supported via selection mode.

Auto-Wipe Protection

If Auto-Wipe is enabled (toggleable from Settings), the vault will automatically wipe all data after 3 failed password attempts. This includes:

• All photos and documents
• All file metadata
• All thumbnails
• Intruder detection photos
• Decryption caches

This is a permanent, irreversible action designed to protect your data if your device falls into the wrong hands.

App Deletion

When you delete the SafeKeep app from your device, all vault data is removed along with it, as it is stored in the app's private sandboxed file system.

9. Backup & Restore

SafeKeep Premium includes encrypted backup and restore functionality:

• Backup Creation: Creates a ZIP archive of your entire vault, encrypted with AES-256-GCM using Apple's native CryptoKit.
• PIN Protection: Backups are protected by a user-set PIN that is required for decryption.
• File Format: Backups use the .safekeep file extension.
• Export: Backups can be exported via the system Share Sheet to AirDrop, Files, iCloud Drive, or other apps.
• Progress Indicator: A progress indicator is displayed during backup creation and restore operations.
• Restore: When restoring, the backup file is decrypted with your PIN, validated for structure, and all files are re-encrypted with your current vault password. Thumbnails are regenerated after restore.
• Rollback Protection: If a restore fails, the original vault is preserved and restored. An event-driven vault reload occurs after successful restore.

10. Biometric Authentication

SafeKeep supports biometric authentication (Face ID, Touch ID, Fingerprint) as a convenient way to unlock your vault. Here's how it works:

• On-Device Processing: All biometric authentication is handled entirely by your device's Secure Enclave or Trusted Execution Environment. SafeKeep never receives or stores your biometric data.
• XOR-Encrypted References: When you enable biometric unlock, a XOR-encrypted reference token is stored in the device's secure storage (iOS Keychain). This token is used to verify that the correct biometric was presented.
• Biometric Key Management: Biometric keys can be created and managed from within the app. You can toggle biometric authentication on or off from Settings at any time.
• Fallback to Password: If biometric authentication fails or is unavailable, you can always fall back to your master password.
• No Biometric Data Storage: Your fingerprint, face map, or iris data never leaves the Secure Enclave. We cannot access, store, or transmit this data.

11. Intruder Detection

SafeKeep includes an Intruder Detection feature designed to help you identify unauthorized access attempts:

• How It Works: When enabled, the front camera silently captures a photo whenever someone enters an incorrect password.
• Local Storage Only: Intruder photos are stored securely within your encrypted vault. They are never uploaded, shared, transmitted, or sent to any server.
• Camera Permission: This feature requires camera permission, which you can grant or revoke at any time from device Settings.
• Viewing Photos: The latest intruder photo is always visible to all users. Full history (all captured photos) requires a Premium subscription.
• Managing Photos: You can delete individual intruder photos or clear all intruder photos from within the app.
• Toggle: Intruder Detection can be enabled or disabled from Settings at any time.

12. Decoy Vault & Emergency Action

SafeKeep Premium includes a Decoy Vault feature designed to protect you in coercion situations:

Decoy Vault

• Separate Password: You set a separate password for your decoy vault. Entering this password shows a convincing fake vault with placeholder photos.
• Real Files Hidden: Your real files remain completely hidden and inaccessible when the decoy vault is unlocked.
• Changeable Password: You can change your decoy vault password at any time from Settings.
• Toggle: Decoy Vault can be enabled or disabled from Settings.

Emergency Action

• Shake to Switch: Shake your phone to instantly switch from the real vault to the Decoy Vault.
• Header Button: A "Switch to Decoy Vault" button is available in the app header for quick access.
• Works Only When Enabled: Emergency Action only functions when Decoy Vault is enabled.
• Toggle: Emergency Action can be enabled or disabled from Settings.
• On-Device Processing: All emergency actions are processed entirely on your device. No data is transmitted.

13. Onboarding & Tutorials

SafeKeep includes onboarding and tutorial features to help you get started. Here's how they handle your data:

First-Launch Onboarding

• 6-Slide Flow: A one-time onboarding flow covering Welcome, Vault intro, Security features, Safety Net, Premium, and Get Started.
• Skip-able: You can skip the onboarding at any time.
• Re-watchable: You can re-watch the onboarding from the Help screen.
• No Data Collection: The onboarding flow does not collect any personal data. It simply displays information.

Guided Tutorials

• 5 Contextual Tutorials: Photos Add, Photos Hold (long-press), Documents Add, Documents Hold, and Decoy Vault tutorials.
• On-Device Tracking: Tutorial completion status is tracked locally on your device. This data never leaves your device.
• Reset Option: You can reset all tutorials from Settings at any time.
• Custom Tooltips: Tutorials use on-device tooltip components that do not collect or transmit any data.

In-App Help & Feature Guide

• Searchable Help: A searchable help screen with categorized features (Quick Start, Managing Vault, Security, Advanced Protection, Backup & Restore, About).
• 16 Feature Guides: Detailed step-by-step instructions for all app features.
• No Data Collection: The help system is entirely local and does not collect usage data.

14. Children's Privacy

SafeKeep is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Updating the "Last updated" date at the top of this policy
• Posting a notice within the SafeKeep app
• Updating this page on our website

We encourage you to review this Privacy Policy periodically. Continued use of SafeKeep after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

---

SafeKeep — Your private space. Totally secure.
Made with ❤️ by Ambition Project App Studio