Legal
Privacy Policy
VaultMesh is designed so your private vault data stays on your own devices and remains encrypted end to end.
Last updated: April 22, 2026
This Privacy Policy describes how VaultMesh products process data, including mobile and desktop apps, extension integration, and optional sync relay usage.
1. Privacy Model
VaultMesh is designed as a local-first, end-to-end encrypted password manager. Vault content is encrypted on your device before sync and is decrypted only on your trusted devices.
2. Data We Do Not Access in Plaintext
VaultMesh is built so relay operators and transport infrastructure cannot read your secrets in plaintext. This includes:
- Master password
- Passwords, notes, and credential fields stored in your vault
- Recovery keys and private key material in plaintext
- Biometric templates (handled by your operating system)
3. Data Processed to Provide Sync
To deliver sync and pairing, VaultMesh processes encrypted payloads and limited protocol metadata needed for routing and consistency.
- Encrypted sync data: vault entries and state updates are transmitted as encrypted payloads.
- Protocol metadata: vault identifiers, device identifiers, sequence/version metadata, and session/auth tokens are used to deliver sync correctly.
- Network metadata: when using relay transport, network-level metadata such as IP address and request timing may be visible to the relay operator and infrastructure providers.
4. Local Storage on Your Devices
VaultMesh stores encrypted vault data locally on your devices. Some non-secret operational metadata is also stored locally to support app startup, pairing, and sync configuration.
5. Relay Behavior and Retention
Relay is an optional transport component for cross-network sync.
- Relay may temporarily buffer encrypted sync payloads for delivery.
- Relay may maintain short-lived session state for pairing and authentication flows.
- Relay is not a plaintext trust source for vault contents.
6. Permissions and Device Features
- Camera: used for scanning pairing QR codes.
- Biometric unlock: Face ID / fingerprint prompts are managed by OS APIs.
- Network and local network: used for direct device discovery/sync and optional relay sync.
7. Analytics and Tracking
VaultMesh core product flows do not use advertising SDKs or behavior-tracking analytics to profile users. We do not sell your personal data.
App distribution platforms and operating systems may process limited technical data under their own policies.
8. Your Control Choices
- You can use VaultMesh locally without enabling sync.
- You can choose relay configuration appropriate for your environment.
- You can remove local app data by deleting your vault files and app storage on your devices.
9. Children's Privacy
VaultMesh is not directed to children under 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy over time. Changes will be posted on this page with a revised effective date.
11. Contact
If you have questions about this Privacy Policy, contact:
free.huoshan@gmail.com