Privacy Policy
Last updated: April 10, 2026
1. Zero Data Collection
NeuroKey is an offline-first password management utility. We do not collect, transmit, or store any of your personal data, passwords, or master keys on external servers. All data you enter into NeuroKey is encrypted locally on your device using AES-256 encryption.
2. Biometric Data
If you choose to enable FaceID, TouchID, or Android Biometrics, NeuroKey uses your device's native hardware security module (Secure Enclave / Keystore) to verify your identity. NeuroKey never collects, reads, or has access to your raw biometric data.
3. Breach Radar (HaveIBeenPwned)
When using the Breach Radar feature, NeuroKey utilizes the k-Anonymity protocol. Only the first 5 characters of a SHA-1 hashed password are transmitted to the HaveIBeenPwned API. Your full password is never transmitted, and a 5-character prefix is mathematically impossible to reverse-engineer.
4. Third-Party Access
Because your vault data never leaves your device, we do not share, sell, or trade your information with any third parties. There is no server infrastructure to breach.
5. Contact Us
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at ayoub.edahlouli@gmail.com.