0102030405

Security model · Local-first by design

How Krypt
protects your data.

Most password managers ask you to trust their servers. Krypt removes the servers entirely. Your passwords, files, notes, and 2FA codes are encrypted locally and stay on your iPhone.

The basic idea

No server means
no server breach.

Krypt does not operate a cloud vault, sync service, or account database. There is no central collection of user vaults for an attacker to steal.

No cloud vaultYour vault is stored locally on your device, not on Krypt servers.

No account requiredNo email address or online login is needed to create a vault.

No automatic syncYour data does not move in the background. You decide when to export a backup.

No central breach targetThere is no hosted vault database containing everyone’s secrets.

What happens locally

Encryption before
storage.

Your vault is encrypted on your iPhone.

Krypt encrypts vault contents before they are stored on the device. Passwords, secure notes, files, and 2FA secrets are kept inside an encrypted local vault rather than uploaded to a server.

•AES-256-GCM authenticated encryption
•PBKDF2-SHA256 key derivation
•310,000 PBKDF2 iterations

PIN-derived encryption keys are generated using PBKDF2-SHA256 with 310,000 iterations, following OWASP guidance current at the time of implementation.

Built with Apple security frameworks.

Krypt uses native iOS security capabilities, including Apple’s cryptography, biometric unlock infrastructure, and on-device Keychain storage, instead of sending vault data to external services for processing.

Encryption keys, PIN hashes, and cryptographic salts are stored using Apple’s Keychain on the device. Face ID and Touch ID are used for convenient access when enabled. They do not create a cloud account and do not upload your vault.

Data flow: simple by design.

The safest server is the one that never receives your data. Krypt’s security model is intentionally boring: encrypt locally, store locally, and avoid unnecessary network exposure.

Your dataPasswords
Files
Notes
2FA codes

→

EncryptionAES-256-GCM
PBKDF2-SHA256
Local processing

→

Your iPhoneEncrypted vault
No cloud sync
No account

Technical summary

The details, without
the hand-waving.

What Krypt uses under the hood.

Security claims should be specific. Krypt’s public security model is intentionally limited to concrete implementation details rather than vague phrases like “military-grade” or “bank-level” encryption.

Encryption	AES-256-GCM authenticated encryption
Key derivation	PBKDF2-SHA256
Iterations	310,000
Derived key size	256-bit
Key storage	Apple Keychain on device
Cloud sync	None
User accounts	None
Telemetry	None

Honest limitations

What Krypt does
not protect against.

A forgotten PIN.

There is no recovery link because there is no server-side account. If you forget your PIN and do not have a usable backup, Krypt cannot recover your vault for you.

A lost device without backup.

Offline-first security means you are responsible for your own backup. Export an encrypted backup and store it somewhere safe if the data matters.

An already unlocked phone.

No vault can protect secrets that are visible on an unlocked, compromised, or actively controlled device. Krypt reduces cloud and account exposure, but it does not replace basic device security.

Independent security audit.

Krypt has not yet undergone an independent third-party security audit. It is an independent product under active development, built around a local-first architecture where vault data remains on the user’s device. As Krypt grows, an external review is a natural next step.

Own your data

A private vault
without a cloud account.

Download on the App Store

How Kryptprotects your data.

No server meansno server breach.

Encryption beforestorage.