> LEGAL_DOCUMENT

PRIVACY POLICY

Nu11VLT by Dro1d Labs Limited

Last Updated: January 2026

TL;DR

ZERO KNOWLEDGE ZERO CLOUD ZERO TRACKING

We can't see your photos. We can't decrypt your photos. We don't know what you store. Nu11VLT uses zero-knowledge encryption where everything happens locally on your device. No cloud sync. No servers. No analytics. Your photos never leave your iPhone.

1. Information We DON'T Collect

Nu11VLT is designed with a zero-knowledge architecture. This means we literally cannot see your data, even if we wanted to.

  • Your photos (they're encrypted locally)
  • Your encryption keys (stored in iOS Keychain)
  • Photo metadata or EXIF data
  • Personal information (name, email, location)
  • Device identifiers or analytics
  • Usage statistics or telemetry
  • Crash reports or diagnostics
  • Browsing history or app behavior

// TECHNICAL_NOTE

Your photos are encrypted with ChaCha20-Poly1305 using 256-bit keys that never leave your device. We don't have access to those keys. We can't decrypt your photos. Period.

2. How Nu11VLT Works

Nu11VLT operates entirely on your device:

  • Photos are encrypted locally using ChaCha20-Poly1305 AEAD
  • Encryption keys are stored in iOS Keychain (hardware-backed)
  • Encrypted files are saved to your device's Documents directory
  • No network requests are made (100% offline)
  • No data is sent to our servers (we don't have servers)

Think of Nu11VLT as a vault that only you have the key to. We designed the vault, but we can't open it. Only your device can.

3. Local Storage

All data stored by Nu11VLT remains on your device:

  • Encrypted photos (.n11 files in Documents/Nu11Vault and Documents/Nu11Fade)
  • Encryption keys (iOS Keychain with hardware protection)
  • App preferences (theme, settings - stored in UserDefaults)
  • SwiftData database (photo metadata like date added, expiry timers)

No cloud storage. No iCloud sync. No remote servers.

// BACKUP_NOTE

Your encrypted vault is excluded from iCloud backup for security. Use the in-app Encrypted Backup feature to create password-protected .nu11vlt files.

4. Face ID / Touch ID

Nu11VLT uses iOS Local Authentication framework for biometric unlock:

  • Face ID/Touch ID data never leaves your device
  • We don't store biometric templates
  • We don't have access to your biometric data
  • iOS handles all biometric authentication locally

Your face/fingerprint data is stored in the Secure Enclave on your device. Apple doesn't share it with apps. We couldn't access it even if we tried.

5. Password & PIN Security

Nu11VLT uses state-of-the-art password hashing:

  • All PINs are hashed with Argon2id (memory-hard algorithm)
  • Argon2id is the winner of the Password Hashing Competition (2015)
  • Specifically designed to resist GPU/ASIC cracking farms
  • PIN hashes are stored in iOS Keychain (not UserDefaults)
  • We never store or transmit your actual PIN

Argon2id is used by Signal, 1Password, and Bitwarden. It's the gold standard for password protection.

6. Encrypted Backups

Nu11VLT's backup feature uses double encryption:

  • Your photos are already encrypted (ChaCha20-Poly1305)
  • When you create a backup, we add a second encryption layer (AES-256-GCM)
  • Backup password is derived using Argon2id with moderate parameters
  • Password is never stored (not even hashed)
  • Backup files (.nu11vlt) can be stored anywhere you choose

We never see your backup password. If you forget it, the backup cannot be recovered. Not by us. Not by anyone.

7. Third-Party Services

Nu11VLT uses minimal third-party services:

RevenueCat (In-App Purchases)

Handles Pro subscription/purchase verification. Collects anonymous purchase receipts only.

RevenueCat Privacy Policy →

That's it. No analytics SDKs. No crash reporters. No ad networks. No tracking pixels.

8. What Happens During a Wipe

When you trigger Skeleton Switch (dead man's switch) or manual wipe:

  • All encryption keys are permanently deleted from Keychain
  • All encrypted photo files are deleted from disk
  • All SwiftData entries are wiped
  • Optional: NIST 800-88 single-pass random overwrite (Pro feature)
  • No recovery is possible (by design)

This is permanent and irreversible. We cannot help you recover wiped data. Make encrypted backups.

9. Children's Privacy

Nu11VLT does not knowingly collect data from anyone—including children under 13. Since we use zero-knowledge encryption and collect no personal information, Nu11VLT is safe for all ages.

10. Your Rights

Since we don't collect your data, there's nothing to:

  • Request (we don't have it)
  • Delete (it doesn't exist on our side)
  • Export (it's already on your device)
  • Correct (we never stored it)
  • Transfer (it never left your device)

Your privacy is protected by design, not by promise.

11. Changes to This Policy

If we ever change how Nu11VLT handles data (we won't), we'll update this page and notify users via an app update with a clear changelog.

12. Contact Us

Questions about this privacy policy? Reach out:

nu11vlt@dro1d.org

Dro1d Labs Limited
Company Number: 767623
Registered in Ireland

> THE BOTTOM LINE

Nu11VLT uses zero-knowledge encryption. We can't see your photos. We can't decrypt your vault.
We don't track you. We don't collect data. We don't have servers.
Your photos. Your device. Your privacy. Always.