E7Coding E7Coding
Cipher7 — 隐私政策 / Privacy Policy

Cipher7 — 隐私政策 / Privacy Policy

J
Joy
2026年06月29日 · 3 分钟阅读

Cipher7 隐私政策:本地零知识架构,数据只存于你的设备,开发者无法访问。说明数据处理、可选同步/共享、安全检查与联系方式。中英双语。

系列:Cipher7 3 / 3
  1. 1 Cipher7 — 你的密码,只属于你自己
  2. 2 Cipher7 — 技术支持 / Support
  3. 3 Cipher7 — 隐私政策 / Privacy Policy 当前
  • 生效日期 / Effective date: 2026-06-29
  • 适用产品 / Applies to: Cipher7(iOS)
  • 联系方式 / Contact: e7coding@gmail.com
  • 中文
  • English

概述

Cipher7 是一款「本地优先、零知识」的密码保险箱。我们的核心原则是:我们不收集、不上传、也无法访问你的密码与保险箱内容。 所有敏感数据都在你的设备上加密(AES-256-GCM,密钥由 Argon2id 从你的主密码派生),无需注册账号即可完全离线使用。

我们收集的信息

  • 个人身份信息:无。 Cipher7 无需注册、无需登录账号,我们不收集你的姓名、手机号或邮箱(除非你主动来信联系)。
  • 保险箱内容(密码、账号、备注、TOTP、图标、标签等):仅存于你的设备,以加密形式保存。即使数据参与同步,传输与存储的也只是密文,我们无法解密。
  • 使用分析 / 追踪:无。 App 不集成第三方分析或广告 SDK,不追踪你的使用行为,不使用 IDFA。

你的保险箱数据

保险箱以行业标准算法加密后保存在本机(及你自己选择的 iCloud / 自托管服务器)。主密码与恢复码不会上传,也无法被我们或任何第三方找回。 这是零知识设计的代价,也是它的安全所在——请妥善保管恢复码(Emergency Kit)。

可选的同步与备份

以下功能默认可选、由你决定是否开启:

  • iCloud 加密备份:若开启,加密后的保险箱文件保存在你自己的 iCloud 账户中,受 Apple 隐私政策约束;我们无法读取。
  • 自托管同步:若你填入自己的服务器地址,App 会把加密密文同步到该服务器。服务器只存储密文,无法解密内容。
  • 导出 / 导入:你可随时导出加密文件自行备份。

共享功能

若你使用家庭 / 团队共享,被共享的凭据以端到端加密方式分享给指定成员。为标识共享成员,成员的邮箱仅对同一共享内的其他成员可见,不用于任何其他目的、不对外公开。

安全检查(数据泄露查询)

安全检查在判断密码是否出现在已知数据泄露时,采用 HIBP k-匿名机制:仅将密码哈希的前 5 位发送用于比对,完整密码永不离开你的设备。弱密码、重复使用的检测全部在本地完成。

第三方

  • 我们不出售、不交易你的任何数据。
  • 除你主动选用的 Apple iCloud(备份)外,App 不与第三方共享数据。
  • 安全检查使用 Have I Been Pwned 的 k-匿名接口,且不发送可识别你身份的信息。

数据保留与删除

所有数据都在你的掌控之中:

  • 删除 App 即删除本机数据;
  • 如开启 iCloud 备份,请在 iCloud 设置中删除对应备份;
  • 如使用自托管同步,请在你的服务器上删除保险箱文件。

儿童隐私

Cipher7 不面向 13 岁以下儿童,也不会有意收集儿童的个人信息。

政策变更

本政策如有更新,我们会修改本页并更新顶部「生效日期」。重大变更会在 App 内或本页显著提示。

联系我们

如对隐私有任何疑问,请邮件联系 e7coding@gmail.com请勿在邮件中发送你的主密码、恢复码或任何真实密码。

Overview

Cipher7 is a local-first, zero-knowledge password vault. Our core principle: we do not collect, upload, or have any ability to access your passwords or vault contents. All sensitive data is encrypted on your device (AES-256-GCM, with keys derived from your master password via Argon2id), and the app works fully offline with no account required.

Information we collect

  • Personally identifiable information: none. Cipher7 requires no registration or account. We do not collect your name, phone number, or email (unless you choose to email us).
  • Vault contents (passwords, accounts, notes, TOTP, icons, tags, etc.): stored only on your device, in encrypted form. Even when data is synced, only ciphertext is transmitted and stored — we cannot decrypt it.
  • Analytics / tracking: none. The app contains no third-party analytics or advertising SDKs, does not track your behavior, and does not use the IDFA.

Your vault data

Your vault is encrypted with industry-standard algorithms and stored locally (and on the iCloud / self-hosted server you choose). Your master password and recovery code are never uploaded and cannot be recovered by us or any third party. That is the trade-off — and the strength — of zero-knowledge design. Please keep your recovery code (Emergency Kit) safe.

Optional sync & backup

The following are optional and entirely under your control:

  • iCloud encrypted backup: if enabled, the encrypted vault file is stored in your own iCloud account, governed by Apple’s Privacy Policy; we cannot read it.
  • Self-hosted sync: if you enter your own server address, the app syncs encrypted ciphertext to that server. The server stores only ciphertext and cannot decrypt contents.
  • Export / import: you may export an encrypted file for your own backup at any time.

Sharing

If you use family / team sharing, selected credentials are shared with specified members using end-to-end encryption. To identify members, a member’s email is visible only to other members of the same share, is used for no other purpose, and is never made public.

Security checks (breach lookup)

When checking whether a password appears in a known breach, Cipher7 uses HIBP k-anonymity: only the first 5 characters of a password hash are sent for comparison, and the full password never leaves your device. Weak-password and reuse detection run entirely on-device.

Third parties

  • We do not sell or trade any of your data.
  • Apart from Apple iCloud (backup) which you opt into, the app shares no data with third parties.
  • Security checks use the k-anonymity API of Have I Been Pwned and send no information that identifies you.

Data retention & deletion

All data is under your control:

  • Deleting the app removes on-device data;
  • If iCloud backup is enabled, delete the corresponding backup in iCloud settings;
  • If self-hosted sync is used, delete the vault file on your server.

Children’s privacy

Cipher7 is not directed to children under 13 and does not knowingly collect personal information from children.

Changes to this policy

If this policy changes, we will update this page and the “Effective date” above. Material changes will be highlighted in the app or on this page.

Contact us

For any privacy questions, email e7coding@gmail.com. Never send your master password, recovery code, or any real passwords by email.

© 2026 e7coding.

分享