100% Offline · Zero Data Collection

Privacy Policy — OffVault

App: OffVault — Photo & File Vault (com.offvault.locker)
Effective date: June 10, 2026 · Version covered: 1.0.0

The short version

OffVault collects nothing. It has no internet access, no accounts, no analytics, no ads, and no third-party services. Everything you put in your vault is encrypted and stored only on your device. We could not see your data even if we wanted to — the app is technically incapable of sending it anywhere.

1.What data we collect

None. OffVault does not collect, store, receive, or process any personal data on our side. There are no accounts and no sign-up. We do not know who you are, what you store, or even that you installed the app.

No names, email addresses, or phone numbers
No usage statistics, analytics, or telemetry
No crash reports
No device identifiers, advertising IDs, or location data
No copies of your photos, videos, files, notes, or passwords — ever

2.No data transmission — verifiable, not just a promise

The OffVault Android app does not request the android.permission.INTERNET permission. On Android, an app without this permission cannot open any network connection. This is enforced by the operating system itself, not by our goodwill.

You can verify this yourself

Inspect the app's manifest in the installed APK (for example with any APK analyzer): you will find no INTERNET permission. As a result, no data of any kind — encrypted or otherwise — can leave your device through the app.

3.How your content is protected on your device

Everything you import into OffVault stays in the app's private storage on your device and is encrypted at rest:

Files (photos, videos, documents, and any other files) are encrypted with AES-256-GCM, using a unique key per file. GCM authentication tags also allow the app to detect tampering with encrypted files.
Your PIN is never stored. It is processed with Argon2id key derivation to derive the keys that protect your vault.
The app's database (notes, passwords, metadata) is encrypted with SQLCipher.
Screenshot blocking and auto-lock help protect content while the app is open.

If you choose to export or share a decrypted copy of a file out of the vault, that copy leaves OffVault's protection and is then governed by wherever you send it. That action is always initiated by you.

4.PIN and biometrics

Your PIN and biometric data never leave your device:

Your PIN is used only locally to derive encryption keys. It is never transmitted (the app has no network access) and never stored in readable form.
Biometric unlock (fingerprint/face) is handled entirely by the Android operating system. OffVault never sees, reads, or stores your fingerprint or face data — Android only tells the app "unlock succeeded" or "unlock failed."

5.Device permissions

Permission	Why it exists
USE_BIOMETRIC	Lets you unlock the vault with your fingerprint or face, via the Android system. The app never accesses biometric data itself.
CAMERA	Declared but not used in version 1.0. It is reserved for a planned optional "intruder selfie" feature (photographing failed unlock attempts), which will be off by default and entirely your choice if released. In the current version, the app never activates the camera.
VIBRATE	Haptic feedback for the PIN pad and security alerts.

That is the complete list. OffVault does not request internet, location, contacts, microphone, SMS, or any other permission.

6.Third parties, SDKs, analytics, and ads

There are none. OffVault contains no analytics SDKs, no advertising SDKs, no crash-reporting services, no social logins, and no cloud services. We do not share data with anyone because there is no data to share and no channel to share it through.

7.Data retention and deletion

Your data exists in exactly one place: your device. Because of that, deletion is simple and absolute:

Delete items in-app: removing a file, note, or password from your vault removes it from the app's encrypted storage.
Uninstall the app: uninstalling OffVault permanently erases the entire vault and all encrypted data. There is no server copy, no backup on our side, and nothing for us to delete — nothing exists anywhere else.

Important: there is no PIN recovery

This is a deliberate security design. We have no servers, no account system, and no copy of your keys, so if you forget your PIN, your data cannot be recovered — by you, by us, or by anyone else. Please choose a PIN you will remember, and keep your own copies of anything irreplaceable before importing it.

8.Children's privacy

OffVault is not directed at children under 13, and we do not knowingly collect personal information from anyone — children included, since the app collects no data at all. If you are a parent or guardian with questions, contact us at the address below.

9.Changes to this policy

If we ever change how OffVault works in a way that affects privacy (for example, releasing the optional intruder-selfie feature), we will update this policy, revise the effective date at the top, and describe the change plainly. Our core commitment will not change: OffVault is an offline app, and your vault contents are yours alone.

10.Contact

Questions about this policy or about OffVault's privacy practices:

Email: jkclaude143@gmail.com