Frequently asked questions

No. All data is encrypted locally on your device using SQLCipher (AES-256). The encryption key is derived from your authentication and stored in the Android Keystore — backed by hardware on supported devices. We have no servers that hold your plaintext data, and no way to decrypt it on our side.

It means the system is designed so that we have no knowledge of your vault contents — even if we wanted to look. Your data is encrypted before it leaves your device, and the only key that can decrypt it lives in the Android Keystore on your phone.

Never. Biometric matching happens entirely inside the Android Biometric framework on your device. Kryptos only receives a yes/no signal that you authenticated successfully — never your fingerprint or face data.

SQLCipher and the Android Keystore raise the bar significantly, but no app can fully protect against a fully compromised device. If you suspect malware or root-level compromise, treat the secrets in your vault as exposed and rotate them.

Kryptos encrypts your entire vault into an opaque blob and uploads it to your Google Drive. Free users get the hidden AppData folder; Pro users can also back up to a visible "KryptosBackups" folder. Google Drive only sees encrypted bytes — never the contents.

Sign in with the same Google account on a new Android device, install Kryptos, and restore from Drive. After re-authenticating with biometrics, your vault is back — without anyone in between ever decrypting it.

Because we never see your key, we cannot reset it. If you can no longer authenticate and have no working backup, the encrypted blob is unrecoverable. We strongly recommend keeping Drive backup turned on.

Yes. Pro users can back up to the visible "KryptosBackups" folder in Google Drive, which makes the encrypted backup blob easy to copy off-device for safekeeping.

Modern electronic passports following the ICAO 9303 spec (read via JMRTD) and contactless EMV payment cards. NFC reading depends on the chip in the document — not every issuer exposes the same data.

OCR uses Google ML Kit, with locale-aware parsing that does extra work for Malaysian documents (MyKad, Malaysian driver's licence, passport) and common international formats. You can always edit any extracted field before saving.

No. ML Kit's text recognition runs entirely on-device. Your camera frames are processed locally and discarded.

Passports, driver's licences, national IDs, payment cards, API keys, secure notes, and tax numbers — each with its own purpose-built card UI and field set.

The app is free to download and use for up to 10 entries, with no ads. Kryptos Pro is a one-time purchase of $1.99 that removes the entry limit and unlocks the rest of the Pro features. Pay once, own it forever — there are no subscriptions or recurring fees.

Each item you save in your vault is one entry — a passport, a payment card, a driver's licence, an API key, a note, a tax number, and so on. Free covers your first 10; Pro removes the cap entirely.

Pro removes the 10-entry limit, unlocks backup to a visible "KryptosBackups" folder in Drive (easier to manage and copy elsewhere), priority support, and any future Pro-tier features at no additional cost.

Yes — Pro is tied to your Google Play account, so installing on another device with the same account restores your purchase automatically.

No. Pro is and will remain a one-time purchase. If we add features that are too costly to bundle in, we'd consider a separate paid add-on — never converting your existing Pro into a subscription.

Yes. Kryptos supports multiple Google accounts on the same device, each with its own fully isolated, separately encrypted database. Switching accounts switches vaults — they cannot see each other.

You can use the local vault without backup. Backup & restore require signing in with Google Drive so the encrypted blob has somewhere to live.