API Vault
Secure API Key Manager
Privacy Policy
Last updated: June 9, 2026
API Vault ("the App") is developed and operated by the Golden Physics Project
(Daniel Toupin, goldenphysicsproject@gmail.com).
This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
- Account information: email address and password (hashed) when you register.
- API keys and labels you save in your vault — stored encrypted on your device and, for paid plans, synced to Firebase Firestore under your account.
- Marketing preference: whether you opted in to receive product updates (opt-in only at registration).
- Purchase records: subscription or lifetime purchase status via Google Play Billing (we never see your payment details).
- Usage analytics: anonymized crash reports and performance data via Firebase Analytics (can be disabled in Settings).
2. Biometric Data
Biometric authentication (fingerprint / face) is processed entirely on your device using the
Android BiometricPrompt API. Biometric data never leaves your device and is never transmitted to us.
3. How We Use Your Data
- Authenticate you and sync your vault across devices (paid plans).
- Send product updates and research news if you opted in (you may unsubscribe at any time).
- Improve app stability and performance using anonymized analytics.
- Verify subscription status via Google Play.
4. Data Storage & Security
- All API keys are encrypted with AES-256-GCM using Android's hardware-backed Keystore before being saved locally or synced.
- Cloud sync uses Firebase Firestore with security rules that allow only you to read or write your own data.
- We do not sell, rent, or share your personal data with third parties for advertising.
5. Third-Party Services
- Google Firebase (Authentication, Firestore, Analytics) — Firebase Privacy
- Google Play Billing — manages subscription and one-time purchases.
6. Data Retention & Deletion
Your account and vault data are retained as long as your account is active.
To delete your account and all associated data, email us at
goldenphysicsproject@gmail.com
and we will remove it within 30 days.
7. Children's Privacy
The App is not directed to children under 13. We do not knowingly collect data from children.
8. Your Rights (GDPR / PIPEDA)
- Access, correct, or delete the personal data we hold about you.
- Withdraw marketing consent at any time.
- File a complaint with your local data protection authority.
To exercise any of these rights, contact goldenphysicsproject@gmail.com.
9. Changes to This Policy
We may update this policy. The "Last updated" date at the top will reflect any changes. Continued use of the App after changes constitutes acceptance.