Privacy Policy - VaultMesh

Last updated: April 22, 2026

This Privacy Policy describes how VaultMesh products process data, including mobile and desktop apps, extension integration, and optional sync relay usage.

1. Privacy Model

VaultMesh is designed as a local-first, end-to-end encrypted password manager. Vault content is encrypted on your device before sync and is decrypted only on your trusted devices.

2. Data We Do Not Access in Plaintext

VaultMesh is built so relay operators and transport infrastructure cannot read your secrets in plaintext. This includes:

Master password
Passwords, notes, and credential fields stored in your vault
Recovery keys and private key material in plaintext
Biometric templates (handled by your operating system)

3. Data Processed to Provide Sync

To deliver sync and pairing, VaultMesh processes encrypted payloads and limited protocol metadata needed for routing and consistency.

Encrypted sync data: vault entries and state updates are transmitted as encrypted payloads.
Protocol metadata: vault identifiers, device identifiers, sequence/version metadata, and session/auth tokens are used to deliver sync correctly.
Network metadata: when using relay transport, network-level metadata such as IP address and request timing may be visible to relay operators and infrastructure providers.

4. Local Storage on Your Devices

VaultMesh stores encrypted vault data locally on your devices. Some non-secret operational metadata is also stored locally to support app startup, pairing, and sync configuration.

5. Relay Behavior and Retention

Relay is an optional transport component for cross-network sync.

Relay may temporarily buffer encrypted sync payloads for delivery.
Relay may maintain short-lived session state for pairing and authentication flows.
Relay is not a plaintext trust source for vault contents.

6. Permissions and Device Features

Camera: used for scanning pairing QR codes.
Biometric unlock: Face ID and fingerprint prompts are managed by OS APIs.
Network and local network: used for direct device discovery/sync and optional relay sync.

7. Analytics and Tracking

VaultMesh core product flows do not use advertising SDKs or behavior-tracking analytics to profile users. We do not sell your personal data.

App distribution platforms and operating systems may process limited technical data under their own policies.

8. Your Control Choices

You can use VaultMesh locally without enabling sync.
You can choose relay configuration appropriate for your environment.
You can remove local app data by deleting vault files and app storage on your devices.

9. Children's Privacy

VaultMesh is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy over time. Changes will be posted on this page with a revised effective date.

11. Contact

If you have questions about this Privacy Policy, contact vaultmesh.support@gmail.com.