Maskey — Privacy Policy

Maskey — Privacy Policy

J
Joy
June 29, 2026 · 3 min read

Maskey privacy policy: local-first zero-knowledge architecture, device-only storage, optional sync, sharing, security checks, and contact information.

系列:Maskey 3 / 3
  1. 1 Maskey — Your Passwords Belong to You
  2. 2 Maskey — Support
  3. 3 Maskey — Privacy Policy 当前
  • Effective date: 2026-06-29
  • Applies to: Maskey for iOS
  • Contact: e7coding@gmail.com

Overview

Maskey is a local-first, zero-knowledge password vault. Our core principle: we do not collect, upload, or have any ability to access your passwords or vault contents. All sensitive data is encrypted on your device with AES-256-GCM, with keys derived from your master password via Argon2id. The app works fully offline with no account required.

Information we collect

  • Personally identifiable information: none. Maskey requires no registration or account. We do not collect your name, phone number, or email unless you choose to email us.
  • Vault contents: passwords, accounts, notes, TOTP, icons, tags, and related data are stored only on your device in encrypted form. Even when data is synced, only ciphertext is transmitted and stored. We cannot decrypt it.
  • Analytics and tracking: none. The app contains no third-party analytics or advertising SDKs, does not track your behavior, and does not use the IDFA.

Your vault data

Your vault is encrypted with industry-standard algorithms and stored locally, and optionally in the iCloud or self-hosted server you choose. Your master password and recovery code are never uploaded and cannot be recovered by us or any third party. This is the trade-off and the strength of zero-knowledge design. Please keep your recovery code, also called the Emergency Kit, safe.

Optional sync and backup

The following features are optional and entirely under your control:

  • iCloud encrypted backup: if enabled, the encrypted vault file is stored in your own iCloud account, governed by Apple’s Privacy Policy. We cannot read it.
  • Self-hosted sync: if you enter your own server address, the app syncs encrypted ciphertext to that server. The server stores only ciphertext and cannot decrypt contents.
  • Export and import: you may export an encrypted file for your own backup at any time.

Sharing

If you use family or team sharing, selected credentials are shared with specified members using end-to-end encryption. To identify members, a member’s email is visible only to other members of the same share, is used for no other purpose, and is never made public.

Security checks

When checking whether a password appears in a known breach, Maskey uses HIBP k-anonymity: only the first 5 characters of a password hash are sent for comparison, and the full password never leaves your device. Weak-password and reuse detection run entirely on-device.

Third parties

  • We do not sell or trade any of your data.
  • Apart from Apple iCloud backup, which you opt into, the app shares no data with third parties.
  • Security checks use the k-anonymity API of Have I Been Pwned and send no information that identifies you.

Data retention and deletion

All data is under your control:

  • Deleting the app removes on-device data.
  • If iCloud backup is enabled, delete the corresponding backup in iCloud settings.
  • If self-hosted sync is used, delete the vault file on your server.

Children’s privacy

Maskey is not directed to children under 13 and does not knowingly collect personal information from children.

Changes to this policy

If this policy changes, we will update this page and the effective date above. Material changes will be highlighted in the app or on this page.

Contact us

For any privacy questions, email e7coding@gmail.com. Never send your master password, recovery code, or any real passwords by email.


© 2026 e7coding.

Share