Privacy
Policy.

TL;DR: You'safe with us.

This policy applies to all information collected or submitted to Clandestine's website and our apps for iPhone, iPad and Mac.

How we store information you enter in the app

All sensitive information you save in Clandestine is stored in encrypted form. The only data we store in plain text is the following:

A random identifier (UUID) for each secret.
A number that relates to the position your secret has when sorted alphabetically.
A number that relates to the position your secret has when sorted by most used.

Everything else (the names secrets, the usernames and passwords, the passwords, the card information, the notes) is stored in encrypted form. If you have iCloud sync enabled, the information described above is stored on Apple's iCloud servers.

What that means is that all your secrets are safe and only you can access them with your password. What Apple sees on their iCloud servers is scrambled eggs, basically.

How we store information on this website

We don't.

We don't actively collect usage information, run analytics or do anything with any data. This website does not use cookies.

The services we use to run this website might store some data. For example, Vercel uses your IP address to serve our website from a destination that is geographically close to you. Please refer to their privacy policies:

Vercel

Information usage

We don't share any of the data with outside parties.

We may disclose your information in response to subpoenas, court orders, or other legal requirements, to exercise our legal rights or defend against legal claims, to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, violations of our policies, or to protect our rights and property.

Security of your data in the app

Clandestine follows the current standards in encryption to keep your data safe. Specifically, we use the following cryptographic techniques to securely encrypt and store your data:

Encryption of your secrets: The Advanced Encryption Standard (AES) Galois Counter Mode (GCM) cipher suite.
Key derivation from your master password: SHA-512 HMAC-based key derivation
Hashing of your password: SHA-512 hashing
Storing your encrypted master password to enable biometric unlock: Apple Secure Keychain

All of the above is implemented using Apple's CryptoKit framework. We don't use any third party library to handle encryption.

Third party links

In our app, we only include links to this website. For the links you store in your secrets in Clandestine, third party privacy policies might apply. We are not responsible for those.

Your consent

By using our site or our app, you consent to our privacy policy.

Contacting us

If you have questions regarding this privacy policy, you may email us at privacy@clandestine-app.com

Changes to this policy

If we decide to change our privacy policy, we will post those changes on this page. Summary of changes so far:

2022-10-22: Initial version

PrivacyPolicy.