Last updated: January 15, 2026
Draft — pending final legal review. Contact email below is a placeholder.
KeyRote is built on a simple principle: your data stays on your device. We believe the best way to protect your privacy is to never have access to your data in the first place.
Passwords, password metadata (titles, usernames, notes, practice statistics, reminder schedules), app settings, and practice history are stored exclusively on your device. None of it is transmitted to any server, cloud service, or third party.
Default (hints enabled): password is encrypted and stored in your device's Keychain, can be revealed with device authentication, and provides hints during practice.
Hints and reveal disabled: password is hashed and cannot be recovered by anyone, including KeyRote. No hints or reveal available — maximum security at the cost of convenience.
You can delete any password or all app data at any time within the app. Deleting KeyRote removes its on-device database; encrypted Keychain entries may persist but are no longer linked to any app data. Passwords stored with hints disabled are permanently unrecoverable once deleted.
KeyRote does not integrate with, share data with, or use any third-party services, including analytics, crash reporting, advertising, cloud storage, or authentication services.
KeyRote does not knowingly collect data from anyone, including children under 13. Since all data stays on the device and we don't collect information, we comply with COPPA by design.
Since we don't collect, store, or process your personal data on our systems, you have complete control over your data on your device. There's no data to request, export, or have us delete — it's all local.
Questions about this policy or KeyRote's privacy practices: support@keyrote.app
The bottom line: KeyRote never sees, transmits, or stores your data anywhere except on your device.