Effective March 27, 2026

CryptKB Privacy Policy

This Privacy Policy applies to the CryptKB iOS app, CryptKB Keyboard, CryptKB Messages, and this website at cryptboard.midstate.agency.

Short version: the app encrypts and decrypts locally on device. The app does not include analytics, advertising SDKs, or backend message delivery. Optional saved conversation passwords are off by default and stored only in the protected system keychain behind Face ID or device passcode.

1. Information the app processes

CryptKB may locally process the following information on your device:

Plaintext that you type into CryptKB’s keyboard or the main app playground.
Password input that you provide for encryption or decryption.
Generated ciphertext payloads in the format CRYPTBOARD:v1:....
Non-sensitive preferences such as theme, haptics, and preview behavior.
A short-lived Messages conversation scope hint used only to support optional saved password reuse.

2. What the app does not collect

No account registration.
No analytics or telemetry SDKs.
No advertising identifiers.
No remote message storage or relay service.
No intentional network calls from the iOS app or extensions.

3. Password handling

By default, passwords are transient only and are kept in memory for the current action or keyboard session. They are not stored in UserDefaults, App Group defaults, log files, the clipboard, or any remote service.

If you explicitly enable saved conversation passwords in the main app, CryptKB stores that password only in the protected Apple keychain using device-only protection and user-presence requirements. In practice, that means Face ID or device passcode is required before the saved password can be reused.

CryptKB does not claim that raw password strings are stored inside Secure Enclave memory. The actual protection model is a protected keychain item gated by Secure Enclave-backed device authentication.

4. Full Access for the custom keyboard

On iOS, third-party keyboards can request Full Access. CryptKB requests Full Access only so the keyboard can read shared non-sensitive settings from the main app through the App Group container.

Full Access is not used for analytics, remote logging, or background sync in this app. If Full Access is disabled, the keyboard still works locally, but shared settings may fall back to local defaults inside the extension sandbox.

5. Messages extension behavior

CryptKB Messages can stage native CryptKB bubbles and decrypt selected CryptKB bubbles locally in a popup. It does not add a custom long-press decrypt action to ordinary iMessage bubbles, because Apple does not expose that capability to third-party developers.

6. Website data

This website is hosted on Cloudflare Pages. Like most websites, Cloudflare may process standard request metadata such as IP address, browser information, and timing data as part of serving and protecting the site. That website traffic is separate from the app’s offline behavior.

The website exists to describe the product, publish this privacy policy, and provide support links. It is not used to transport your encrypted messages or recover passwords.

7. Data retention

Plaintext, ciphertext, and passwords in the keyboard are intended to remain transient.
Optional saved conversation passwords remain until you delete them or remove the app data from the device.
You can review and delete one, many, or all saved passwords from the main app after device-owner authentication.

8. Your choices

You can choose not to enable Full Access.
You can keep password persistence off, which is the default behavior.
You can clear or delete saved conversation passwords at any time from the app.

9. Children’s privacy

CryptKB is a general-purpose utility app and is not directed to children under 13.

10. Changes to this policy

If this policy changes materially, the updated version will be published on this page with a revised effective date.

11. Contact

For privacy questions or support, contact contactus@midstate.agency.