KyberVault collects zero data. No accounts, no analytics, no network calls. Everything stays on your device. We couldn't access your data even if we wanted to.
KyberVault is a post-quantum cryptographic toolkit for Android. It generates, stores, and manages Kyber-1024 and X25519 key pairs, performs hybrid encryption, and facilitates secure key exchange — all entirely on-device.
This policy applies to the KyberVault Android application distributed via Google Play and GitHub.
✓ None
KyberVault does not collect, transmit, or store any personal data on external servers. The application has no network permissions, makes zero HTTP requests, and contains no analytics SDKs, crash reporters, advertising libraries, or telemetry of any kind.
All data remains exclusively on your device under Android's app sandbox:
You can destroy all persisted data at any time using the in-app wipe functions. Uninstalling the app removes everything.
KyberVault uses the Android BiometricPrompt API for optional fingerprint authentication. Biometric data is processed entirely by the Android operating system. KyberVault never accesses, stores, or transmits biometric data.
✗ No internet permission
The app declares no INTERNET permission in its manifest. It cannot communicate with any server, API, or external service. This is verifiable by inspecting the APK or the open-source code.
✓ None
KyberVault integrates no third-party services: no Google Analytics, Firebase, AdMob, crash reporting, A/B testing, or any SDK that communicates externally. The only external libraries used are Bouncy Castle (cryptography) and ZXing (QR code generation), both of which operate entirely offline.
Cloud backup and device-to-device transfer are explicitly disabled in the app manifest. Key material will not appear in Google Drive backups, Android Auto Backup, or device migration tools.
KyberVault is not directed at children under 13. Since we collect no data whatsoever, no children's data is collected, stored, or processed.
KyberVault is open source. Every claim in this policy is verifiable by inspecting the source code, build configuration, and Android manifest.
Any changes will be posted on this page with an updated effective date. Since we collect no data, meaningful changes are unlikely.
Questions or concerns about this policy can be directed to the project's GitHub repository.