EGES Vault is a privacy-first password manager designed for iOS. Our core principle is that privacy comes first: your passwords are encrypted on your device with AES-256-GCM. This policy explains what data is processed, why it is processed, and how it is protected.
The table below summarizes the data categories processed by the app:
| Data Type | Where It Is Stored | Sent to Server? |
|---|---|---|
| Password entries (site, username, password, note) | iOS Keychain (encrypted) | No |
| PIN verification data | iOS Keychain (salt + hash) | No |
| App preferences (theme, notifications) | UserDefaults (on-device) | No |
| Secure files (Pro) | Encrypted on-device storage | No |
| Group Vault data (Pro – family sharing) | Firebase Firestore (encrypted) | Yes – sync only |
| Recovery email | On-device + Firebase Auth | Yes – for recovery |
| Purchase records | Apple StoreKit | Yes – processed by Apple |
| Breach scan (optional) | Not stored | Partial – k-anonymity |
All password entries are encrypted on-device with AES-256-GCM using a key derived from your PIN (PBKDF2 + random salt). This key never leaves your device.
kSecAttrAccessibleWhenUnlockedThisDeviceOnly accessibility level.4.1 Firebase (Google LLC)
Firebase Authentication is used only for account recovery through anonymous sign-in and email link sign-in. When Group Vault (Pro) is enabled, encrypted sync data is stored in Firebase Firestore. Google Privacy Policy
4.2 Have I Been Pwned (HIBP)
The Leak Scan feature is optional. Only the first 5 characters of your password’s SHA-1 hash are sent to the HIBP API using the k-anonymity model. Your actual password is never transmitted.
4.3 Apple StoreKit
In-app purchases are processed directly by the Apple App Store infrastructure. Your payment information is never transmitted to our app. Apple Privacy Policy
4.4 Apple CloudKit
If backup is enabled, your data may be transferred in encrypted form through Apple’s CloudKit infrastructure. This process is managed entirely through your iCloud account.
EGES Vault does not collect or use location data under any circumstances.
EGES Vault is not intended for children under the age of 13. We do not knowingly collect personal data from this age group. If a parent or guardian becomes aware of such a situation, please contact us.
Users in Türkiye may have rights under Law No. 6698 (KVKK), including the right to:
Since your data is stored largely on your device, deleting the app or using Settings → Delete Data permanently removes local data.
This privacy policy may be updated from time to time. Significant changes will be announced through an in-app notice. We recommend checking the “Last updated” date at the top of this page regularly.
For privacy-related questions:
EGES Vault · Privacy Policy · © 2025 Gökhan Öztürk. All rights reserved.