PassVault Privacy Policy

Privacy Policy for PassVault

Privacy Policy for PassVault

Effective Date: March 29, 2025

This privacy policy applies to the PassVault app (hereby referred to as “Application”) for mobile devices that was created by Hokoriam (hereby referred to as “Service Provider”) as a Free service. This service is intended for use “AS IS”.

This page is used to inform users regarding our policies with the collection, use, and storage of information if anyone decides to use our Service.

By using the Application, you agree to the collection and use of information in relation to this policy. The information that the Application collects is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

 

Information Collection, Use, and Storage.

 

The Application stores information that you explicitly provide when you use it. This includes:

  1. User Credential:
    • User ID: The unique identifier you choose during sign-up.
    • Master Password Hash: A hash generated from the master password you provide during sign-up and use for login. Your actual master password is NOT stored by the Application; only this hash is stored for verification.
  2. Vault Entries:
    • Site/Application Name
    • Username/Email/ID associated with the site/application
    • Password associated with the site/application

All the information listed above (User ID, Master Password Hash, and all Vault Entries) is stored exclusively and locally on your mobile device within the Application’s private storage area, managed via a local database (Room). This data is NOT transmitted, uploaded, or stored on any external servers controlled by the Service Provider or any third party.

The Application does not automatically collect information such as:

  • Your device’s Internet Protocol address (IP address)
  • Usage statistics (pages visited, time spent)
  • Precise location information
  • Device identifiers beyond what the underlying operating system may use for its own purposes.

The Application does not require contact information (like your email address) and will not contact you for marketing or other notices.

Data Storage Location

As stated above, all data you enter into PassVault (credentials and vault entries) resides solely on your device’s local storage within the Application’s sandboxed environment.

Third-Party Access and Data Sharing

The Service Provider does not share any of the information you store within the Application (User ID, Master Password Hash, Vault Entries) with any third parties. The Application does not currently integrate with third-party analytics, advertising, or cloud storage services that would access this data.

Since all data is stored locally on your device, the Service Provider cannot access or disclose it. Disclosure could only occur if legal authorities gain access to your physical device and compel disclosure under applicable law.

Opt-Out Rights & Data Deletion

You can stop all collection and storage of information by the Application easily by uninstalling it. Uninstalling the Application will remove the local database file and all associated data from your device.

You can also delete individual vault entries from within the Application at any time.

Because all data is stored locally, the Service Provider cannot remotely delete your data. Deletion is entirely controlled by you through actions on your device (deleting entries or uninstalling the app). Please do not contact the Service Provider requesting data deletion, as we have no access to your locally stored data.

Data Retention Policy

The Application retains the data you provide (User Credentials, Vault Entries) locally on your device for as long as the Application remains installed and you do not manually delete the entries or the Application itself.

Children’s Privacy (COPPA Compliance)

The Application is not intended for use by children under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has used the Application and stored information locally (which we cannot access), we encourage parents or guardians who become aware of this to uninstall the Application from the child’s device immediately to remove the data. If you are a parent or guardian and believe your child may be using this app, please ensure they understand the risks of password managers and manage the app’s presence on their device directly.

Security

We are concerned about safeguarding the confidentiality of your information. Your data is stored within the Application’s private local storage on your device, which benefits from the security features provided by the Android operating system (sandboxing).

However, it is crucial to understand the following limitations in the current version of the Application:

  • Vault Data Encryption: The passwords you store for specific sites/apps within your vault are currently stored UNENCRYPTED in the local database file on your device. While the file location is private to the app on non-rooted devices, this lack of encryption means the data could be compromised if someone gains unauthorized access to your device’s internal storage (e.g., via rooting, physical access with debugging, or significant OS vulnerabilities).
  • Master Password Hashing: The method used to hash your master password for login verification is basic and does not meet modern cryptographic standards. It is not designed to withstand determined attacks if the hash value itself were compromised.

We recommend using a strong, unique master password for this Application and being aware of the current data storage limitations. Future updates may address these security aspects. Access to your device should be protected by a strong device lock (PIN, pattern, password, or biometrics).

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy within the Application or on its associated Google Play Store listing. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

 

Your Consent

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing” means storing and managing data on your local device using the features of the Application.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about our practices (excluding requests for remote data deletion, which is not possible), please contact the Service Provider via email at passvault@hokoriam.com.