Home Privacy Support Terms Download on the App Store

Privacy Policy

TL;DR — We collect nothing because there's no server.

MyCardsandDocs runs entirely on your iPhone. No account, no cloud sync, no analytics, no third-party SDKs. Your vault never leaves the device.

1. Information we collect

None. The app does not transmit any data off your device. We have no servers to receive it.

2. Information stored on your device

Cards, documents, passwords, notes, and metadata are stored in your iPhone's encrypted sandbox. The encryption key is derived from your 6-digit PIN using SHA-256 (100,000 iterations) and stored in Apple's Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly. Encrypted document files live inside the app's Documents/vault_files/ directory using AES-GCM.

3. Camera, photos, biometrics

These permissions are used only inside the app, for card and document scanning. Captured images are encrypted on disk; we never transmit them.

4. Backups (.mcd files)

When you choose Settings → Export Vault, an AES-GCM-encrypted file is written to a location you pick (Files app, iCloud Drive, AirDrop). The encryption password is one you set in that moment, separate from your PIN. We can't read these files.

5. Crash logs

We do not include any third-party analytics or crash reporting SDK. Apple may collect anonymised crash reports if you have Share with App Developers enabled in iOS Settings. We receive these as part of App Store Connect but they contain no vault contents.

6. Children's privacy

The app rating is 4+. We do not knowingly process any personal data of children because we do not process personal data at all.

7. Changes to this policy

Updates are posted to this page. The change date is visible at the bottom.

8. Contact

Questions: support@mcd.vkfolio.work

Last updated: 13 May 2026. Effective: 13 May 2026.