Skip to main content

Privacy

KeyNest Privacy Policy

KeyNest stores and processes password and 2FA vault data locally on the user's device.

Last updated: June 23, 2026.

KeyNest is a local-first password and 2FA vault. The app is designed to keep password entries, 2FA secrets, notes, and encrypted backups under the user’s control on their own device.

Data Storage and Processing

KeyNest stores vault data locally on the device. Password entries, 2FA secrets, notes, and related account metadata are encrypted before being saved.

The developer does not operate a server for collecting vault data, passwords, 2FA secrets, master passwords, backup files, biometric data, or app analytics.

Master Password

The master password is used locally to derive encryption keys. It is not uploaded, not sent to the developer, and not stored in plaintext. The developer cannot recover a forgotten master password.

Biometric Unlock

Biometric unlock uses the operating system authentication UI and device-protected storage. KeyNest does not receive raw fingerprint or biometric data.

Camera Permission

Camera access is used only to scan 2FA QR codes, such as otpauth:// codes from authenticator apps. Camera frames are processed for scanning and are not collected by the developer.

Backup and Restore

Users can export and import encrypted backups. Backup files are created, selected, stored, and shared only when the user chooses to do so. Encrypted backups may still be attacked offline if someone obtains the backup file and the master password is weak, so users should keep backups private.

LAN restore temporarily opens a local upload page on the user’s local network when the user enables it. The local restore session is protected by a one-time code and is closed after success, failure, timeout, or user cancellation.

Clipboard and QR Transfer

When the user copies a username, password, or 2FA code, KeyNest schedules clipboard cleanup after a short delay. Other apps, keyboards, or clipboard managers may still read clipboard contents before cleanup.

QR transfer is temporary, but it can still be exposed by shoulder surfing, photos, screen recording, or screen sharing.

Network Access

KeyNest includes network access for user-initiated LAN restore. The app does not use developer-operated servers, ads, analytics SDKs, remote logging, or cloud sync.

Data Sharing and Sale

The developer does not sell user data and does not share user vault data with third parties.

Data Deletion

Deleting the app or clearing app data removes the local vault from that device. Exported backup files remain wherever the user saved or shared them and must be deleted separately by the user.

Contact

For privacy or support questions, contact brendenaudrina6287@gmail.com.