Privacy Policy
1. Introduction
KCH Labs ("we", "us", "our") operates the SecureKeep mobile application ("the App"). This Privacy Policy explains how we handle information when you use our App.
SecureKeep is designed with a zero-knowledge architecture — we cannot access your data, and we do not collect or store personal information on any server.
2. Information We Do NOT Collect
- We do not require accounts or registration
- We do not collect names, email addresses, or contact information
- We do not collect or transmit passwords, documents, or notes you store in the App
- We do not use tracking pixels, advertising identifiers, or fingerprinting
- We do not sell, share, or trade any user data
3. Data Stored Locally on Your Device
All data you create in SecureKeep is stored exclusively on your device:
- Vault data (credentials, documents, notes, video and audio messages) — encrypted with AES-256-GCM and stored in a local SQLite database
- Encryption keys — your master password is never stored; a derived key is generated via PBKDF2-SHA256 (600,000 iterations) and held in memory only while the App is unlocked
- Biometric data — if you enable biometric unlock, an encrypted key is stored in your device's secure hardware (iOS Keychain / Android Keystore). We never access or process your biometric data directly; authentication is handled entirely by your device's operating system
- Document and media files — documents, photos, video messages, and audio messages are encrypted and stored in the App's sandboxed file storage on your device
4. Device Permissions
SecureKeep may request access to certain device features. These permissions are optional and only requested when you use a specific feature. All data captured through these permissions is encrypted and stored exclusively on your device — it is never uploaded, transmitted, or accessible to us.
- Camera — used to record video messages and capture document photos for your vault. Recordings and photos are encrypted with AES-256-GCM and stored only on your device.
- Microphone — used to record audio messages for your vault. Recordings are encrypted and stored only on your device.
- Photo Library — used to let you attach existing photos or documents from your library to your vault. Imported files are encrypted and stored only on your device.
- Face ID / Biometrics — used to let you unlock your vault without entering your master password. Biometric authentication is handled entirely by your device's operating system; we never access or process your biometric data.
- Motion Sensors — used to detect when your device is placed face-down, which triggers an automatic vault lock for added security. No motion data is stored or transmitted.
You can revoke any of these permissions at any time through your device's Settings. Revoking a permission will disable the corresponding feature but will not affect your existing vault data.
5. Backup Feature
SecureKeep includes an encrypted backup feature that allows you to export your vault data:
- Backups are encrypted with a separate passphrase you choose, using AES-256-GCM
- Backup files are created locally and shared using your device's share sheet
- We never receive, transmit, or store your backup files
- You are solely responsible for where you store your backup files
6. Third-Party Services
SecureKeep currently does not integrate with any third-party analytics, advertising, or tracking services. If we add any third-party services in the future (such as crash reporting), we will update this policy and notify users through an app update.
7. App Store Data
When you purchase SecureKeep through the Apple App Store or Google Play Store, the respective platform processes your payment. We do not receive or have access to your payment details. Please refer to Apple's or Google's privacy policy for information about how they handle purchase data.
8. Your Rights Under GDPR (European Users)
If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to:
- Access your personal data — all your data is already on your device and fully accessible to you
- Delete your personal data — delete the App or use the "Delete Vault" option in Settings
- Data portability — use the encrypted backup feature to export your data
- Rectification — edit any information directly within the App
Since we do not collect or process personal data on any server, most GDPR rights are inherently satisfied by the App's local-only architecture.
9. Your Rights Under CCPA (California Residents)
SecureKeep does not sell personal information. We do not collect personal information as defined under the CCPA. All data remains on your device under your control.
10. Children's Privacy
SecureKeep is not intended for use by children under the age of 13. We do not knowingly collect any information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page and communicated through app updates. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, contact us at: