Privacy Policy

Our Commitment to Absolute Privacy

Vaulto is architected on the principle of digital sovereignty. We believe your photos, videos, and documents belong entirely and exclusively to you. Our infrastructure is zero-knowledge by design — meaning even our own development team cannot access, view, or decrypt your files under any circumstances whatsoever.

Data Stored Locally on Your Device

All data created or imported by Vaulto is stored exclusively within the app's private sandbox directory on your Android device. This includes:

• Encrypted Media Files — Photos, videos, and documents you import into the vault are encrypted using AES-256-GCM and stored only in your device's local app storage. They are never uploaded anywhere.
• Master PIN & Decoy PINs — Your primary and decoy vault PINs are processed and verified entirely on-device. They are never transmitted, synchronized, or stored on external servers. If you forget your PIN without a configured security question, your data cannot be recovered by anyone — including us.
• Album & Folder Metadata — Album names, folder structures, and file organization metadata are stored locally within the app's private database. This metadata is never shared.
• App Settings & Preferences — Theme selections, accent colors, security configurations, and other preferences are stored locally in Android's encrypted SharedPreferences.

Permissions We Request & Why

Vaulto requests only the minimum permissions necessary to function. Each permission is used exclusively for the stated purpose — never for advertising, tracking, or analytics on your behaviour.

• Media / Storage Access — Required to import photos, videos, and documents from your device gallery into the encrypted vault. Vaulto reads files you explicitly select; it does not scan or catalogue your entire gallery.
• Camera (Optional) — Used only if you choose to take a photo or record a video directly inside the vault. This is entirely opt-in and never triggered automatically.
• Internet Access — Used solely for the built-in Private Browser feature and to serve Google AdMob advertisements. Your encrypted vault media is never transmitted over the internet under any circumstances.
• Foreground Service (optional) — Used only if a background media import or download operation is in progress, so the process continues if you switch apps. No personal data is transmitted during this time.

Encryption & Technical Security Architecture

Vaulto uses a layered, hardware-backed security stack designed to exceed the requirements of personal privacy:

• AES-256-GCM Encryption — Every file stored in the vault is encrypted individually using the Advanced Encryption Standard with a 256-bit key in Galois/Counter Mode, providing both confidentiality and authenticated integrity.
• Hardware-Backed Android Keystore — Encryption keys are generated inside your device's dedicated Trusted Execution Environment (TEE) or Secure Enclave, physically inaccessible to any software — including the operating system itself.
• FLAG_SECURE Anti-Screenshot Protection — A system-level flag prevents all screenshots, screen recordings, and app switcher previews within the vault, blocking unauthorized screen capture by any app or system service.
• Decoy Vault (Anti-Coercion) — A secondary decoy PIN opens a completely separate, empty vault. If you are ever compelled to unlock the app, the real vault remains entirely hidden and inaccessible.
• Auto-Lock on Minimize — The vault instantly locks when you switch apps, turn off the screen, or place your device face-down. No timed delay, no grace period — immediate protection.

Third-Party Services & Advertising

To sustain ongoing development and offer Vaulto free of charge, we integrate Google AdMob to display non-intrusive advertisements within the application. This is the only external service we use.

AdMob may collect the following device-level data to serve contextual or personalized ads:

• Advertising ID (GAID) — Android's resettable advertising identifier, used to serve relevant ads. You can reset or opt out of ad personalization in Android Settings → Google → Ads.
• IP Address — Used by AdMob for approximate geographic targeting (country/region level). Vaulto itself never reads or stores your IP address.
• App Interaction Metrics — Generic, anonymized crash reports and performance diagnostics may be collected by the Firebase SDK bundled with AdMob. No vault content or file information is ever included.

Built-In Private Browser

The Private Browser built into Vaulto operates in a fully isolated WebView sandbox, separate from your device's system browser (Chrome, Firefox, etc.). The following data is stored locally in your app's private directory and is never transmitted to us:

• Browsing History — Stored locally and only accessible from within the unlocked vault.
• Bookmarks & Saved Tabs — Stored locally within the vault's private database.
• Downloaded Media — Videos and images downloaded via the browser are automatically encrypted and stored in your vault.

When you use the Private Browser, your web traffic passes through the websites you visit and their associated networks — not through Vaulto servers. You are responsible for ensuring you have the legal right to access and download any third-party content. Vaulto does not monitor, moderate, or endorse any content downloaded through the private browser.

Data Retention & Deletion

Because your data is stored exclusively on your local device hardware, you are always in full control of deletion:

• Deleting Files — Deleted vault files are moved to the in-app Recycle Bin for up to 30 days, after which they are permanently and irrecoverably destroyed. You can also empty the Recycle Bin manually at any time.
• Exporting Before Deletion — Use the "Unhide" or "Export Vault" feature to restore your files to unencrypted device storage before uninstalling the app.
• Uninstalling the App — Uninstalling Vaulto or clearing app data via Android Settings → Apps permanently and irrecoverably deletes all encrypted vault files, albums, and settings. This action cannot be undone.

We do not retain any copy of your vault data on our end — there is no cloud backup to restore from. We strongly recommend exporting critical files before uninstalling.

Children's Privacy

Vaulto - Calculator Photo Vault is not intended for use by individuals under the age of 13. We do not knowingly collect any personal information from children. If you are a parent or guardian and believe that your child has used this application, please contact us immediately at help.vaulto@gmail.com and we will take appropriate steps to address the situation.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, application features, or applicable legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and provide notice via the application where appropriate.

Your continued use of Vaulto after any changes to this Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed about how we protect your privacy.

Contact Our Security Team

If you have questions, concerns, or requests regarding this Privacy Policy, your data rights, or our security architecture, our team is ready to help.

We aim to respond to all privacy inquiries within 72 hours. For urgent security disclosures, please mark your email subject with [SECURITY].