Privacy Policy — CipherSafe
What this app collects
CipherSafe does not collect any personal information from you. No accounts, sign-in, profile, or analytics.
| Data | Collected? | Stored where |
|---|---|---|
| Name, email, account info | No | — |
| Device location | No | — |
| Vault entries (label, username, password, notes, URL) | Encrypted on your device only | AES-256-GCM ciphertext in app-private storage (vault.bin) |
| Generated passwords | Only the ones you save to the vault | Encrypted as above |
| Crash logs / analytics | No | — |
How encryption works
- The vault file
vault.binis encrypted with AES-256-GCM. - The AES key is generated and stored in the Android Keystore system. It is non-exportable — even root access on your device cannot read it directly. The key is bound to the device’s hardware-backed keystore where available.
- Unlock requires biometric authentication (fingerprint / face) backed by the Android Keystore.
android:allowBackup="false"in the manifest — the encrypted vault is not auto-backed-up by Android.
Network connections
The internet is used only by Google AdMob to load ads (see “Advertising” below). Your vault data is never transmitted over the network.
Ads and the vault
Ads only appear on the Generator tab (where you create new passwords). The Vault tab is intentionally ad-free so that nothing renders next to your sensitive credentials.
Permissions the app requests
- Biometric (
USE_BIOMETRIC) — to unlock the vault. No fingerprint or face data leaves your device; biometric matching is handled by Android itself. - Internet / network state — required to load ads.
The app does not request location, contacts, microphone, camera, or storage.
Advertising
CipherSafe shows ads provided by Google AdMob on the password Generator tab only. Google’s advertising SDK collects and processes limited data — for example, your device’s advertising identifier, IP address, and approximate IP-based location — to serve and measure ads. Ads are loaded only when the device has an internet connection.
- Google’s Privacy Policy
- How Google uses information from sites or apps that use our services
- Google Ad Technologies
If you live in a region where consent is required (the EEA, UK, Switzerland, or a US state with applicable privacy law), the app uses Google’s User Messaging Platform (UMP) on first launch so you can choose whether ads are personalized.
Children
This app is not directed at children under 13 and is not classified as a “family” app on Google Play.
Contact
If you have questions about this policy, contact the developer through the Google Play listing.