Privacy Policy

Effective date: March 20, 2026 · Last updated: March 20, 2026

Introduction

Maicro Credential Vault ("the Software") is designed to store zero information about you. This policy explains what data the Software does and does not collect, and why.

Information we do not collect

The Software does not collect, transmit, or store any of the following:

Your master password or any derivative of it
Your vault contents (credentials, notes, or any stored data)
Usage analytics or telemetry
Crash reports to external services
Device identifiers or fingerprints
IP addresses, location data, or browsing history
Cookies, tracking pixels, or advertising identifiers

Zero-knowledge architecture

We cannot access your vault data. This is not a policy choice — it is an architectural impossibility. Your data is encrypted on your device before it ever leaves. We do not hold decryption keys. No one does except you.

All encryption and decryption occurs locally on your device using AES-256-GCM. Your master password derives the encryption key via Argon2id on your device. The key is never transmitted or stored. Even if our systems were compromised, there would be nothing to take — we hold no user data, no keys, and no vault files.

Cloud sync and user-owned storage

The Software offers optional cloud sync through your own Google Drive or Dropbox account. When you enable sync:

Your encrypted .safe file is stored in your own cloud storage account, not ours.
The company never sees, accesses, or stores the encrypted file.
Authentication with Google Drive or Dropbox is handled directly between your device and the cloud provider. We do not proxy, intercept, or store your cloud storage credentials.
You can unlink cloud sync at any time. The encrypted file remains in your cloud storage under your control.

Local data storage

The Software stores your encrypted vault file locally on your device. Application settings (such as auto-lock timing and theme preference) are stored locally. No data is transmitted to Maicro or any third party.

No analytics or tracking

The Software contains no analytics frameworks, no tracking scripts, no telemetry endpoints, and no crash reporting services. We do not know how many times you open the app, which features you use, or whether the app crashes. This is intentional.

Third-party services

The only third-party services the Software interacts with are cloud storage providers (Google Drive and Dropbox), and only when you explicitly enable sync. These interactions are governed by the respective provider's terms and privacy policies:

Google Drive: governed by Google's Privacy Policy and Terms of Service
Dropbox: governed by Dropbox's Privacy Policy and Terms of Service

GDPR and CCPA compliance

The Software is compliant with GDPR and CCPA by architecture. No server-side data processing occurs. No personal data is collected, stored, or transmitted to Maicro. Because we hold no user data, there is nothing to delete, export, or report. Data processing agreements are not applicable because no data processing takes place.

Children's privacy

The Software does not collect personal information from anyone, including children under the age of 13. Because the Software collects no data, no special provisions for children's data are required.

Changes to this privacy policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Because we collect no user data, we have no means to notify you directly — we recommend checking this page periodically.

Contact information

For questions about this Privacy Policy, contact us at privacy@maicro.app.