Privacy Policy
Updated: May 14, 2026
This Privacy Policy describes the technical measures SecBoss employs to ensure your data remains private.
While SecBoss is built on a "Never the Cloud" philosophy, we collect minimal information for authentication and provide a secure conduit for multi-device synchronization.
1. Information We Collect & Process
We practice strict data minimization.
We practice strict data minimization.
- Email Address: Collected for account authentication and unique identification. This is stored securely to manage your access and security alerts.
- Encrypted Sync Data: To allow you to manually sync your vault across devices, SecBoss transmits your encrypted database through our servers.
- Transit Only: This data is held temporarily solely to facilitate the transfer between your authorized devices.
- No Long-Term Storage: We do not keep permanent copies of your vault on our servers. Once the sync is successful, the data is purged from our relay.
2. Data Encryption & Zero-Access Architecture
SecBoss utilizes a "Zero-Knowledge" security model for your sensitive information.
SecBoss utilizes a "Zero-Knowledge" security model for your sensitive information.
- End-to-End Encryption: Your vault is encrypted locally using AES-256 before it ever leaves your device for syncing.
- No Server-Side Keys: We do not hold your Master Password or encryption keys. Consequently, even while your data is in transit through our servers, it remains an unreadable "ciphertext" that we cannot decrypt.
- Local Sovereignty: Your primary database remains on your hardware.
3. How We Use Your Email
Your email address is used strictly for:
Your email address is used strictly for:
- Authentication: Verifying your identity during the login and sync authorization process.
- Support: Responding to technical inquiries or bug reports you submit.
- Security Notifications: Informing you of critical security updates.
4. Device Permissions Disclosure
To provide functionality, SecBoss requests the following system-level permissions:
To provide functionality, SecBoss requests the following system-level permissions:
- Biometric Hardware: To facilitate local unlocking. The app receives a "success/fail" token from the OS; it never sees or stores your actual biometric data.
- Network Access: Required to facilitate the encrypted sync process and check for software updates.
- File System Access: Required to manage the encrypted database file locally on your device.
- Camera Access: Required for QR scanning purposes.
- Location Access (Bluetooth): Required for offline sharing with nearby devices.
- Push Notifications: Required to inform you of important updates and alerts.
5. Data Retention & Your Rights
- Account Deletion: You may request the deletion of your account and email from our authentication records.
- Transient Data: Encrypted sync packets are automatically deleted after the synchronization window expires.
- Vault Erasure: You exercise the "Right to Erasure" by deleting the app or database file from your device.
6. Compliance
We handle your information in accordance with the Philippine Data Privacy Act of 2012. We do not sell, rent, or share your email or your encrypted traffic with third-party advertisers or data brokers.
We handle your information in accordance with the Philippine Data Privacy Act of 2012. We do not sell, rent, or share your email or your encrypted traffic with third-party advertisers or data brokers.