Recoverable
The secret can be read back by the app on your device. This is what makes graduated hints possible — a partial clue, an input check, a reveal. Best for things you are actively learning.
The security model
KeyRote is a memory trainer, so the safest place for a secret is your own head. While it lives in the app, here is exactly where it sits, how it is split apart, and how you can confirm none of it ever goes anywhere.
KeyRote does not have an account, a server, or a sync service. Everything happens on your iPhone. There is no network call to make, because there is nowhere for your secrets to go.
You do not have to take our word for it. iOS keeps a record of every connection an app makes, and you can read KeyRote’s for yourself.
Verify it yourself
A secret in KeyRote is stored apart from anything that says what it is. The value and its label live in two different places, each with its own random identifier, so neither half points to the other without the app itself.
The secret value
iOS Keychain
The actual PIN, passcode or password is held in the system Keychain — the same hardware-backed store iOS uses for its own credentials.
id · 7f2a…c19
The label & progress
A separate on-device database
The name you gave it, when you added it, and how your practice is going live in a local metadata database — with no copy of the secret itself.
id · 4b9e…a02
Each side carries its own independent identifier. Pick up one database on its own and there is no thread back to the other — only KeyRote, running on your unlocked phone, can bring the two together.
For each secret you add, you decide how it is kept:
The secret can be read back by the app on your device. This is what makes graduated hints possible — a partial clue, an input check, a reveal. Best for things you are actively learning.
The secret is stored as a one-way hash. KeyRote can check whether what you typed is right, but it can never turn the hash back into the secret. No one — not even KeyRote — can reveal it.
KeyRote opens behind your phone’s own authentication — your biometrics or your device passcode. It leans on the protections already built into iOS rather than inventing its own, so the lock on your secrets is the same lock you already trust.
That’s the whole story. The rest is up to your memory.