Privacy Policy for FortiVault
Last updated: May 2, 2026
Thank you for choosing FortiVault. Your privacy is our absolute priority. This application was engineered from the ground up with a single, uncompromising principle: Your secrets, your device, your control.
1. The Offline-Only Guarantee
FortiVault operates strictly as a 100% offline application. The core functionality of FortiVault does not require an internet connection, ensuring the highest level of data isolation.
This means:
We do not collect, store, transmit, or have any access to your passwords, notes, or attached files.
The data you enter into FortiVault never leaves your device unless you manually and explicitly choose to export a backup.
(Note regarding In-App Purchases: The app utilizes standard platform billing APIs to process premium upgrades and tips. This specific billing function communicates securely with the app store but does not transmit your vault data.)
2. How Your Data Is Stored
All data you save within FortiVault (including passwords, secure notes, and media attachments) is encrypted and stored locally within a secure database on your device's private storage sector.
Encryption Standard: Your data is protected using robust, industry-standard AES-256 encryption.
Master Passphrase & Total Ownership: Your vault is locked with a Master Passphrase that only you know. This passphrase is required to decrypt your data. We never see, transmit, or store this passphrase. Because we have no access to your passphrase, if you forget it, your data is permanently unrecoverable by anyone, including us.
3. PIN, Biometrics & Decoy Data
FortiVault allows you to utilize your device's PIN or biometric sensors (fingerprint/face recognition) for convenient "Quick Unlock" access, as well as a "Decoy PIN" feature.
Zero Biometric Access: FortiVault never accesses or stores your actual biometric data. We exclusively utilize the official, secure operating system APIs (such as Android Keystore). When you authenticate, the operating system merely confirms your identity to our app; we never possess your biometric profile.
Decoy Vault: If you configure a Decoy PIN, it will unlock a secondary, empty instance of the app. This feature is designed to protect your primary data if you are coerced into opening the application.
4. Camera Access (Intruder Selfie Feature)
FortiVault includes an optional "Intruder Selfie" feature. If enabled, the app uses your device's front-facing camera to capture a photo after a specified number of failed unlock attempts.
These photos are stored strictly locally on your device within the app's secure storage.
They are never transmitted, uploaded to the cloud, or shared with us or any third parties.
5. Backups & User Responsibility
You have the functionality to create an encrypted backup file containing your vault data. This exported file remains encrypted.
Your Control: You are solely responsible for the security and storage location of this backup file once it leaves the FortiVault app.
Third-Party Storage: If you choose to manually upload your backup file to a cloud service (e.g., Google Drive, iCloud, Dropbox), that file is then subject to the privacy policy of that respective service. We have no control or visibility over your exported backup files.
6. Changes to This Policy
If we update this Privacy Policy, we will notify you by updating the "Last updated" date at the top of this document. We encourage you to review this policy periodically.
7. Contact Us
If you have any questions or concerns regarding this Privacy Policy or your data security, please contact us at: