NexusVault Privacy Policy

Effective date: May 20, 2026

This Privacy Policy describes how NexusVault (“the App”), developed by xiles (“we”, “us”), handles information when you use the App on iPhone or iPad. By using NexusVault, you agree to the practices described here.

Summary

• No NexusVault server. We do not operate a backend that stores your vault data.
• Your data stays on your device in an encrypted local database, unless you turn on iCloud sync (see below).
• We do not sell your data and we do not use your vault contents for advertising.
• Optional diagnostics — you can send anonymous crash and error reports to help improve the App (on by default; you can turn this off in Settings).

Information you store in the App

NexusVault lets you create vaults and items (for example passwords, payment card details, license numbers, secure notes, and custom fields). This information is provided by you and is encrypted on your device before it is written to local storage. We do not have access to your master password, your vault contents, or the keys needed to decrypt them.

Where your data is stored

On your device

Vault data is stored in an encrypted database in the App’s sandbox on your iPhone or iPad. Auto-backup snapshots, when created, are also kept on the device only and are encrypted with your vault master key.

iCloud sync (optional)

If you enable iCloud sync, your vault data is synchronized through Apple’s CloudKit into your private iCloud database associated with your Apple ID. Sync is handled by Apple’s infrastructure; we do not receive a copy of your synced data on our servers. Your app unlock password (wrapped master key) may sync so that your other devices can unlock the same vault with the same password. You can turn iCloud sync off or erase iCloud vault data from within the App.

Use of iCloud is subject to Apple’s Privacy Policy and your Apple ID terms.

Backups and exports you control

You may export encrypted .nvault backup files or, from advanced settings, a plain JSON export. Those files are created by you and shared or stored wherever you choose (for example Files, email, or another cloud service). We do not receive those files unless you send them to us separately (for example by email for support). Encrypted backups use a separate password that you choose at export time; it is not sent to us.

Diagnostics and crash reporting

To improve stability, NexusVault can send anonymous crash and diagnostic reports through Google Firebase Crashlytics when the feature is enabled. Reports may include technical information such as device model, OS version, App version, and error codes or stack traces. Vault contents, passwords, and decrypted field values are never included.

You can disable this at any time in Settings → Diagnostics → Send Crash & Diagnostic Reports. When disabled, new reports are not uploaded.

Firebase’s handling of data is described in Google Firebase Privacy and Security. The App’s privacy manifest declares that we do not use tracking as defined by Apple, and we do not declare collection of data types for App Privacy labels beyond what is described in this policy.

In-app purchases

NexusVault Pro is sold as a one-time in-app purchase through Apple’s App Store. Payment and purchase history are processed by Apple; we do not receive your payment card details. Entitlement status is verified on your device using StoreKit.

Biometric unlock

If you enable Face ID or Touch ID, the App stores the vault master key in the device Secure Enclave / Keychain with biometric protection so you can unlock without typing your password. Biometric data is processed by iOS; we do not collect or store it.

Notifications

If you allow notifications, the App may schedule local reminders (for example item expiry dates). Notification content is generated on your device. You can turn notifications off in iOS Settings.

Website analytics

This privacy policy page and other pages on xiles.app may use Google Analytics to understand general site traffic. That applies to the website only, not to vault data inside the App.

Children

NexusVault is not directed at children under 13 (or the minimum age required in your country). We do not knowingly collect personal information from children.

Data retention and deletion

Data remains on your device until you delete it, erase all data from Settings, or uninstall the App. Trashed items and vaults are kept for a limited retention period before permanent deletion, as described in the App. Erasing iCloud vault data removes synced copies from your iCloud account when sync completes.

Your choices

• Turn off iCloud sync or erase iCloud vault data in Settings.
• Disable crash and diagnostic reporting in Settings.
• Export encrypted backups and store them outside the device.
• Delete the App and, if needed, erase iCloud data first so copies are not left in iCloud.

Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top will change when we do. Continued use of the App after changes means you accept the updated policy.

Contact

If you have questions about this Privacy Policy or NexusVault, contact us at nexusvault@xiles.app.

← Back to NexusVault