Terms of Service

By downloading, installing, or using Secure Vault ("the App"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use the App.

Secure Vault is a password manager application that provides:

• Secure storage for passwords, notes, bank details, and other sensitive information
• AES-256-CBC encryption with HMAC-SHA256 integrity verification (Encrypt-then-MAC)
• Biometric authentication (Face ID, Touch ID, Fingerprint)
• TOTP authenticator for two-factor authentication codes
• Password health reports with breach detection via Have I Been Pwned
• End-to-end encrypted cloud synchronization via Firebase
• Password generation tools
• Import and export functionality (JSON, CSV, and password-protected PDF)
• Recovery key for account recovery if master password is lost
• Auto-lock protection when app goes to background

To use the App, you must create an account using a valid email address and set a master password. You must verify your email address before completing registration. A recovery key is generated during registration for account recovery. You are responsible for maintaining the security of your master password, recovery key, and for all activities under your account.

You agree to:

• Provide accurate and complete registration information
• Maintain the security of your master password and biometric access
• Not share your account credentials with others
• Notify us immediately of any unauthorized access
• Use the App only for lawful purposes
• Keep your device and operating system updated for security

For enhanced security, Secure Vault enforces a single-device login policy. Only one device can be actively logged into your account at a time. Logging in from a new device will automatically sign out any previously active sessions.

• All vault data is encrypted using AES-256-CBC with HMAC-SHA256 integrity verification
• Encryption keys are derived from your master password using PBKDF2 (600,000 iterations) and HKDF stretching
• Your master password is never stored or sent to the server — only a derived auth hash is transmitted
• We implement zero-knowledge architecture — we cannot access your encrypted data
• Biometric data is processed locally on your device and never transmitted

You may NOT use Secure Vault to:

• Store illegal content or information related to illegal activities
• Attempt to reverse engineer, decompile, or hack the App
• Interfere with or disrupt the App's services
• Violate any applicable laws or regulations

The App, including its design, features, and content, is protected by copyright and other intellectual property laws. You may not copy, modify, distribute, or create derivative works without our written consent.

The App integrates with third-party services:

• Firebase (authentication and encrypted cloud storage)
• Have I Been Pwned (password breach detection via k-Anonymity API — only a partial hash prefix is sent)
• Resend (transactional email delivery for verification and password hints)

While we implement robust security measures, you acknowledge that:

• You are responsible for maintaining backups of your data
• Loss of both your master password and recovery key will result in permanent data loss
• We cannot recover encrypted data without your master password or recovery key

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• The App is provided "AS IS" without warranties of any kind
• We are not liable for any data loss, security breaches beyond our reasonable control, or damages arising from your use of the App
• Our total liability shall not exceed the amount you paid for the App

• You may delete your account at any time through the App
• We may suspend or terminate your access for violations of these terms
• Upon termination, your encrypted data may be deleted from our servers

We reserve the right to modify these terms at any time. Continued use of the App after changes constitutes acceptance of the modified terms. We will notify users of significant changes through the App.

For questions about these Terms of Service, please contact us at: securevault-support@imshyam.in