Frequently asked questions
Everything you might want to know about how Kryptos handles your data, your backups, and your money.
Privacy & security
Can the Kryptos team see my documents?
No. All data is encrypted locally on your device using AES-256. Android uses SQLCipher with keys stored in Android Keystore. The upcoming iOS version will use Apple's CryptoKit AES-GCM with the key stored in the iOS Keychain using ThisDeviceOnly protection. We have no servers that hold your plaintext data, and no way to decrypt it on our side.
What does "zero-knowledge" actually mean here?
It means the system is designed so that we have no knowledge of your vault contents — even if we wanted to look. Your data is encrypted before it leaves your device, and the only key that can decrypt it lives in Android Keystore today, with iOS Keychain support planned for the iPhone version.
Is my biometric data sent anywhere?
Never. Biometric matching happens entirely inside Android Biometric today, with Face ID and Touch ID planned for iOS. Kryptos only receives a yes/no signal that you authenticated successfully — never your fingerprint or face data.
What if my device is rooted or compromised?
SQLCipher, CryptoKit, Android Keystore, and the iOS Keychain raise the bar significantly, but no app can fully protect against a fully compromised device. If you suspect malware, jailbreak, root-level compromise, or device takeover, treat the secrets in your vault as exposed and rotate them.
Backup & restore
How does backup work if it's zero-knowledge?
Kryptos encrypts your entire vault into an opaque blob before upload. On Android, Drive backup uses the hidden AppData folder for Free users, while Pro can also back up to a visible "KryptosBackups" folder. The upcoming iOS version will support iCloud using a private CloudKit database or your own Google Drive. iCloud and Google Drive only see encrypted bytes — never the contents.
What happens if I lose my phone?
Sign in with the same Apple or Google account on a new device, install Kryptos, and restore from your chosen cloud backup. After re-authenticating with biometrics, your vault is back — without anyone in between ever decrypting it.
What if I forget my biometric / lose all access?
Because we never see your key, we cannot reset it. If you can no longer authenticate and have no working backup, the encrypted blob is unrecoverable. We strongly recommend keeping iCloud or Drive backup turned on.
Can I export my data?
Yes. Pro users can back up to the visible "KryptosBackups" folder in Google Drive, which makes the encrypted backup blob easy to copy off-device for safekeeping. The upcoming iOS version will also support iCloud private CloudKit backup.
Scanning & documents
Which documents support NFC?
On Android, modern electronic passports following the ICAO 9303 spec (read via JMRTD) and contactless EMV payment cards can be read when the chip exposes supported data. The upcoming iOS version will not include NFC document reading.
How accurate is the OCR scanner?
OCR uses Google ML Kit on Android. The upcoming iOS version will use VisionKit with Live Text, with parsing for common document formats. You can always edit any extracted field before saving.
Are my scans uploaded for OCR?
No. Text recognition runs entirely on-device through Google ML Kit on Android, and will run through VisionKit / Live Text in the upcoming iOS version. Your camera frames are processed locally and discarded.
What document types are supported?
Passports, driver's licences, national IDs, payment cards, API keys, secure notes, and tax numbers — each with its own purpose-built card UI and field set.
Can I share an entry with someone else?
Yes. Open an entry, tap Share entry, and Kryptos shows a QR code that another Kryptos user can scan to import the entry into their own vault. This works across Android and iOS. The transfer is user-initiated and does not require a Kryptos server to hold your vault data.
Pricing & Pro
How much does Kryptos cost?
The app is free to download and use for up to 10 entries, with no ads. Kryptos Pro is a one-time purchase of $1.99 that removes the entry limit and unlocks the rest of the Pro features. Pay once, own it forever — there are no subscriptions or recurring fees.
What counts as an "entry"?
Each item you save in your vault is one entry — a passport, a payment card, a driver's licence, an API key, a note, a tax number, and so on. Free covers your first 10; Pro removes the cap entirely.
What do I get with Pro?
Pro removes the 10-entry limit, unlocks backup to a visible "KryptosBackups" folder in Drive where supported (easier to manage and copy elsewhere), priority support, and any future Pro-tier features at no additional cost.
Is the Pro purchase transferable across devices?
Yes — Pro is tied to the store account used for purchase, such as Google Play on Android and Apple ID when the iOS version launches. Installing on another device with the same store account restores your purchase automatically.
Will the price ever change to a subscription?
No. Pro is and will remain a one-time purchase. If we add features that are too costly to bundle in, we'd consider a separate paid add-on — never converting your existing Pro into a subscription.
Accounts & multi-user
Can my partner and I share a single device?
Yes. Kryptos supports multiple signed-in accounts on the same device, using Google accounts on Android. The upcoming iOS version will support Sign in with Apple or Google. Each account has its own fully isolated, separately encrypted vault. Switching accounts switches vaults — they cannot see each other.
Can I use Kryptos without a cloud account?
You can use the local vault without backup. Backup & restore require signing in with the cloud provider you choose, such as Apple for iCloud or Google for Drive, so the encrypted blob has somewhere to live.