Your credentials, notes, and secure images are stored locally on your device with military grade encryption. We do not store your sensitive data on our servers - only your encrypted email for authentication purposes. Your data remains on your device until you manually delete it.

During device synchronization (triggered manually), your data is encrypted end-to-end using military-grade encryption. The data is only temporarily held during the sync process and is immediately deleted after successful transfer/sync. Transit time is within a matter of seconds.

Device sync uses temporary OTP codes that expire quickly. Your data is encrypted before leaving your device, transferred/synced securely, and the temporary data is deleted immediately after successful sync. No permanent copies are made.

Yes! SecBoss allows syncing your vault across devices, but the number of devices depends on your plan.

Free Plan: You can sync across up to 2 devices.
Pro Plan: You can sync across unlimited devices.

Each device must be authenticated with your master password and temporary OTP codes. Your data remains encrypted during sync, and temporary data are deleted immediately after the process.

Yes. You can access, add, edit, delete, and search your stored passwords, notes, and images without an internet connection. Internet is only required for account registration and login, subscription validation, managing devices or account settings in the Member Portal, and syncing between devices. Your vault data always remains stored locally on your device.

We only store your email address for future upgrade purposes. All your passwords, notes, images and personal information remain encrypted and stored locally on your device. We never have access to your actual credentials.

Yes. SecBoss is designed with privacy in mind. Since all sensitive data remains encrypted and stored locally, and only your email is stored for authentication purposes, the app aligns with GDPR, CCPA, and other privacy-focused regulations.

Your master password is never stored anywhere. It's used to derive encryption keys locally on your device. Even we cannot recover your master password - that's why the recovery phrase is so important.

The recovery phrase is your only way to restore access if you forget your master password. It's encrypted and stored locally. Keep it safe and never share it.

Biometric login is a convenience feature that unlocks your locally stored encryption key. It cannot be bypassed without your biometric data or master password. The encryption key itself remains protected at all times.

Your data is encrypted, making it extremely difficult to access without your master password. However, you should change any critical passwords as an extra precaution. Use your recovery phrase to restore your vault on a new device. The Pro plan includes a remote data wipe feature that can be used to wipe your data on a lost device.

Session timeouts can be customized in settings. Default is 5 minutes of inactivity. After timeout, you'll need to re-enter your master password or use biometric authentication to unlock your vault again.

When you copy passwords, they're temporarily stored in your device clipboard. For security, use the "Clear Clipboard" feature after pasting. On Android 10+, the system may show notifications when clipboard is accessed.

Yes, you can export your vault data through the Export/Import feature in the menu. Exported data maintains encryption for security. This is useful for backups or transferring to another device.

No. SecBoss updates are designed to preserve your locally stored data. Always ensure your vault is backed up using the Export feature before major updates as an extra precaution.

If your Pro subscription expires and is not renewed, your account will automatically downgrade to the Free plan. Your vault and stored records will remain intact, but Free plan limitations will apply, such as device sync limits and restricted access to Export/Import features. No stored records will be deleted unless you manually remove them.

If you lose both your master password and recovery phrase, your data cannot be recovered - this is by design for maximum security. Always keep your recovery phrase in a secure location separate from your device.