Security and Privacy

Every file stored in Privara — photos, videos, notes, contacts, and documents — is encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode). This is the same encryption standard used by governments and financial institutions worldwide.

A 256-bit master key is generated on your device and stored in the iOS Keychain, protected by the Secure Enclave. Large files like videos are encrypted in 4 MB chunks, allowing efficient streaming without decrypting the entire file. Each chunk gets its own unique nonce, ensuring every encryption operation is unique.

Privara maintains two completely separate vaults: your real vault and a decoy vault. Each vault has its own passcode, its own data, and its own encryption. There is no visible indication that a second vault exists.

When you enter the decoy passcode, the app opens the decoy vault with its own content — you can even add innocent photos to make it look realistic. When you enter your real passcode, the app opens your actual private vault. An outside observer cannot tell which vault is the "real" one.

When someone enters an incorrect passcode three times, Privara silently activates break-in detection. The app captures a photo using the front camera and, if you've granted location permission, logs the GPS coordinates of the device.

This data is encrypted and stored within your vault — it is never sent to any server. You'll receive a push notification approximately 15 minutes after the failed attempt. You can review all break-in reports in Settings, including the captured photo, timestamp, and location on a map.

The Escape PIN is an optional 6-digit code that, when entered on the lock screen, permanently and irrecoverably destroys your real vault. All encrypted files are wiped, all encryption keys are destroyed, and the app seamlessly opens the decoy vault as if nothing happened.

This feature is designed for extreme situations where you need to ensure your private data cannot be accessed. The destruction is immediate and cannot be undone — not by you, not by us, not by anyone.

Privara offers multiple ways to automatically lock your vault. Auto-Lock can be set to 30 seconds, 1 minute, 5 minutes, or never — the vault locks after the specified period of inactivity.

Face-Down Lock uses the accelerometer to detect when your device is placed face-down and immediately locks the vault. Shake to Lock detects a shake gesture and locks instantly. Both features can be toggled independently in Settings.

Privara monitors for screen recording and screenshot attempts while the vault is open. If the system is recording the screen, the app can detect it and obscure vault content to protect your privacy.

This prevents sensitive content from being captured by screen recording tools or inadvertent screenshots. No data about these events is sent externally — detection and response happen entirely on-device.

When Privara decrypts data for viewing, it actively zeroes the memory after use to prevent sensitive data from lingering in RAM. Decrypted content is overwritten with zeros before the memory is released.

All encrypted files are stored with NSFileProtectionComplete, which means they are inaccessible when the device is locked — even to the operating system. This provides an additional layer of hardware-backed protection beyond the app's own encryption.