Skip to content
Krypsis
EN PL

How Krypsis protects your data

No marketing here — just how it actually works. If you read cryptography for a living, this should make sense. If you don’t, it should still be honest and clear.

  1. What we encrypt

    Everything in the vault: photos, videos, documents, their thumbnails, and their metadata. Each file is encrypted with its own random key, so no two files share a secret.

  2. The cipher

    ChaCha20-Poly1305, via Apple’s CryptoKit. It’s the same authenticated-encryption construction used by modern TLS and by Apple’s own iCloud Keychain — a careful, mainstream choice, not something we invented.

  3. Where the key comes from

    Your encryption key is derived from your PIN using PBKDF2 with 100,000 iterations. We don’t store your PIN, and we never see it. It exists only on your device, only while you’re using the app.

  4. What we cannot do

    We cannot reset your PIN. There is no master key, no recovery code, and no backdoor — not for us, not for anyone. If you forget your PIN and have no backup, the data is gone. That is the cost of real encryption, and we won’t pretend otherwise.

  5. What leaves your device

    Almost nothing. Anonymous crash reports are opt-in and off by default. Your App Store purchase transaction ID is handled to validate your purchase. Both are described in full in our Privacy Policy .

  6. The threat model

    Krypsis protects against someone who has your unlocked phone but does not know your PIN. It does not protect against an attacker who has both. There is no silent capture, no remote wipe, and no panic button — those are different products, and pretending otherwise would be dishonest.

  7. Open-source roadmap

    We plan to open-source the cryptographic core after launch. For now the binary is what you install, and the documentation is the audit trail. We won’t call Krypsis “open source” or “audited” until those things are genuinely true.