← Back to PocketSafe

Privacy Policy

PocketSafe  ·  Last updated: June 2026

🔒 Short version: PocketSafe stores everything locally on your device using AES-256-GCM encryption. We have no servers, collect no personal data, and never transmit your vault to anyone.

1. Introduction

This Privacy Policy describes how PocketSafe ("the App", "we", "us") handles your information. PocketSafe is a fully offline password and vault manager developed by GktwinApp (gktwinapp@gmail.com).

By installing or using PocketSafe you agree to this policy. If you do not agree, please uninstall the app.

2. Data We Do Not Collect

We do not collect, store, or transmit any of the following:

PocketSafe has no backend server, no account system, and no analytics SDK.

3. How Your Data Is Stored

All vault data is stored locally on your device only in an encrypted SQLite database. Encryption uses AES-256-GCM with a key derived from your master password via Argon2id (PBKDF2-SHA-256 fallback for key stretching). Your master password is never stored — it is used solely to derive the encryption key at unlock time.

Sensitive metadata (such as the derived key during an active session) is stored in the Android Keystore via flutter_secure_storage and is cleared when you lock the vault.

4. Internet Access

PocketSafe does not require or use an internet connection for any vault operations. The app does not phone home, sync to a cloud service, or send any data to external servers.

The only network activity that may occur is serving advertisements via Google AdMob (see Section 5 below). All vault data remains entirely offline.

5. Advertising (Google AdMob)

PocketSafe may display advertisements provided by Google AdMob. AdMob may collect certain non-personal device information to serve contextual ads, including:

This data is collected and processed by Google, not by us. We do not receive or store this information. Ads are never shown on screens that display your vault data (password details, card numbers, notes, or identity entries).

To learn more about how Google uses data from apps that use AdMob, visit policies.google.com/technologies/ads .

6. Biometric Data

If you enable biometric unlock (fingerprint or Face ID), biometric verification is handled entirely by your device's operating system (Android Biometric API). PocketSafe never accesses, stores, or transmits any biometric data. We only receive a boolean "authenticated / not authenticated" result from the OS.

7. Encrypted Export & Import

The export feature creates an encrypted .vault file on your device. This file is encrypted with your master password using AES-256-GCM and can only be decrypted with the correct master password. When you share this file (via Files, Drive, email, etc.), you are solely responsible for where you send it and who receives it. We have no access to exported files.

8. Permissions Used

No permissions beyond the above are requested.

9. Data Retention & Deletion

All your data is stored locally on your device. You can delete it at any time by uninstalling PocketSafe or by using the "Delete All Data" option in Settings. Uninstalling the app permanently deletes the encrypted database and all stored entries. There is no data on any server to delete because we have none.

10. Children's Privacy

PocketSafe is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal data through our app, please contact us and we will take appropriate steps.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the app after changes constitutes acceptance of the revised policy. Significant changes will be communicated via an in-app notice.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: