Privacy Policy

Your passkeys stay on your device unless you say otherwise.

Passkey Manager is an Android credential provider. This policy explains, plainly, what data the app holds, where it lives, and the one case in which something leaves your phone.

App  Passkey Manager (net.ymstk.passkeep) Effective  13 July 2026

We run no servers and collect nothing. The app has no analytics, no ads, no tracking, and no accounts. Your credentials are stored in the app's private, OS-protected storage on your device. The only data that ever leaves your phone is a passkey you explicitly choose to back up — and it is encrypted before it goes.

01 What the app stores

Passkey Manager holds only what it needs to act as your authenticator. Everything below is kept in the app's private storage sandbox, which the Android operating system isolates from other apps.

Data map — what is kept, and whether it leaves the device
DataWhere it livesLeaves device?
Passkeys (private keys & metadata) Private app storage on your device (vault.json) Stays local
Relying-party names & usernames Alongside each passkey, on device Stays local
Backup grant tokens Encrypted preferences on device Stays local
A backed-up passkey Sealed, then uploaded to your configured backup service Only if you back up

The app does not collect your name, email, contacts, location, device identifiers, or any usage or diagnostic telemetry.

02 Biometrics

Before creating or using a passkey, the app asks Android to verify you with your device's screen lock or biometric (fingerprint or face). This check is performed entirely by the Android operating system. The app never receives, stores, or transmits your fingerprint, face, or PIN — it only learns whether the OS confirmed you.

03 Optional backup & cross-device signing

The app can be built to work with an external backup service so that a passkey can be recovered or used to sign in from another device. This feature is optional and only active when the app is configured for it.

How your data is protected

When you back up a passkey, its private key is encrypted on your device before upload, using a sealed-box scheme (libsodium crypto_box_seal). It travels only over encrypted HTTPS connections.

What the backup service can see

This is a key-escrow design, not zero-knowledge. The backup service holds the decryption key and is therefore able to decrypt a passkey you have entrusted to it — that is what makes recovery and cross-device signing possible. The backup service is operated separately from this app, under its own terms and privacy policy. Only passkeys you explicitly choose to back up are ever sent to it.

Deleting a backed-up passkey

Deleting a credential in the app removes it from your device and instructs the backup service to revoke its stored copy.

04 Sharing with relying parties

When you sign in to an app or website (a "relying party") with a passkey, the app produces a cryptographic signature and sends it to that party through Android's Credential Manager — this is the normal WebAuthn/passkey sign-in flow. Your private key is never shared; only a signature and the public credential information the sign-in requires. The app shares your passkeys with no one else.

05 Data retention & deletion

Because the app keeps no account and no server-side profile, there is nothing on our side to request the deletion of.

06 Children

Passkey Manager is a general-purpose security tool and is not directed at children. It knowingly collects no personal information from anyone, including children.

07 Changes to this policy

If this policy changes, the revised version will carry a new effective date. Material changes will be reflected in the app or its distribution listing.

08 Contact

Questions about this policy or the app's handling of data can be sent to support@ymstk.net.