Supervault

Privacy Policy

Last updated: June 25, 2026

Supervault has no backend server. Your vault never leaves your device unless you explicitly export it or enable Apple's iCloud Backup. We operate no service that can see, collect, or store your data because there is none.

1. Who We Are

Supervault is published by Cygar Labs. When we say "we", "us", or "our" in this policy, we mean Cygar Labs. When we say "you" or "your", we mean you as a user of Supervault.

2. Data We Collect

None. Supervault is a fully offline, on-device app. There is no backend server, no cloud sync service, and no network requests for vault operations. We do not operate accounts and have no way to identify you.

Specifically, we do not collect:

Any account, email address, name, phone number, or other personal information. Creating a vault requires none of these.
Any vault contents, your items never reach us in any form, encrypted or otherwise.
Any device, usage, or analytics data. There are no analytics, tracking pixels, advertising SDKs, or tracking cookies.
Any server logs or session records, there is no server to log to and no sign-in to record.

3. Where Your Data Lives

All vault data is stored locally on your device, using the iOS Keychain and the app's native Application Support storage. It is encrypted on your device and stays there.

If you turn on Apple's iCloud Backup in iOS Settings, your device backup, which may include Supervault's encrypted data, is handled by Apple as an operating-system file backup. This is OS-managed sync between you and Apple under Apple's privacy policy; it is not a Supervault server, and we never receive that data. You control this entirely in iOS Settings.

4. Encryption

All key derivation and encryption happen on your device, using Argon2id for key derivation and XChaCha20-Poly1305 for encryption. Your master key never leaves your device, and we never have it.

5. Your Control Over Your Data

You can export an encrypted backup file at any time from the app's backup feature, and store it wherever you choose.
You can delete your vault, or delete the app, to remove all local Supervault data from your device. Because we hold no copy, there is nothing for us to delete on our side.
If you use iCloud Backup, you can manage or remove those backups in iOS Settings.

6. Third Parties

We do not share data with any third party, because we do not collect any. Supervault makes no network requests to operate your vault. The only third party involved is Apple, solely if you choose to use iCloud Backup, as described above.

7. Children

Supervault is not directed at children under 16. Because the app collects no data, it does not knowingly collect data from anyone, including children.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date. Continued use of Supervault after changes constitutes acceptance of the revised policy.

9. Contact

If you have questions about this privacy policy, you can reach us at [email protected].