Security · Privacy
Six layers between your valuables and everyone else.
An inventory app for sensitive valuables must do more than "store things in the cloud". Vault leans on Apple\'s security stack — Secure Enclave, Keychain, biometric binding — and deliberately leaves out everything else.
Face ID / Touch ID
Biometric unlock on every launch. Apple's Secure Enclave validates the biometrics in hardware.
Auto-lock
The moment the app moves to the background, it re-locks — even after seconds.
Screenshot blur
Screen recording is detected; sensitive content stays obscured during capture.
Apple platform protection
SwiftData, Keychain and iOS file protection keep your inventory inside Apple's security model.
iCloud is optional
CloudKit Sync can be disabled during onboarding or later in Settings.
No app tracking
No analytics SDKs, no PII-leaking crash reporters, and no advertising IDs in the app. The website uses cookieless Umami Analytics.
Local-first — usually local-only
All inventory data lives in SwiftData, Apple\'s on-device database. When iCloud Sync is enabled, your data flows only through your personal iCloud container — encrypted by Apple, inaccessible to third parties. You can disable Sync during onboarding or later in Settings.
Apple security stack
Vault relies on Apple\'s device passcode, biometric unlock, Keychain and file protection model. Access stays tied to the device security controls you already use.
No app tracking, no telemetry
The app contains no analytics SDKs, no advertising trackers, and no PII-leaking crash reporters. The website you are reading uses self-hosted fonts (no Google Fonts CDN) and sets no cookies. For aggregated page statistics and key CTA clicks, we use self-hosted Umami Analytics — cookieless, without fingerprinting, and without cross-site tracking.
Protection against screen capture
iOS allows screen recording. The app detects this state and blurs sensitive content while a recording runs — useful when someone "just glances" at your screen while you happen to be sharing.
Frequently asked questions
Where is my inventory data stored, technically?
In SwiftData — Apple's local database — on the device. With iCloud Sync enabled it is additionally mirrored to your personal iCloud container, encrypted by Apple and inaccessible to third parties.
How is access protected?
The app uses your device passcode and biometric unlock. It also locks automatically when it moves to the background.
Is there a server that sees my data?
No. There is an optional Cloudflare Worker for sending PDF reports by email — it only receives the finished PDF you actively send, and logs only delivery metadata. Inventory contents are never uploaded.
What if my iPhone is stolen?
The app sits behind your device passcode and Face ID. Without biometrics or code, nobody gets in. With iCloud Sync on, your inventory is immediately available on the next device.
Is the app GDPR-compliant?
Yes. The data controller (Art. 4(7) GDPR) is Lukas Osterheider, Germany. The app processes inventory data locally; iCloud Sync uses your personal Apple iCloud container when enabled. See the Privacy Policy for details.
Document what matters. Prove what you own.
Try Vault Documentation free, then $2.99/month or $19.99/year. Stored locally, optional iCloud Sync, with no ad tracking.