Privacy Policy

Effective May 2, 2026

Keys is a credential manager that runs on your devices. Your secrets are encrypted on-device with a key derived from a passphrase only you know. They sync through your own iCloud account, end-to-end encrypted. We run no servers that hold your data, and Keys ships with no analytics or telemetry of any kind. The rest of this page goes through the details.

Who runs Keys

Keys is developed and published by Abokado Labs, a small dev shop. Contact: hello@abokadolabs.com. There are no third-party operators with access to anything described below.

What Keys stores

Keys stores the credentials you choose to put into it: API keys, passwords, OAuth tokens, SSH keys, certificates, connection strings, and your notes about them. It also stores any tags, project labels, environment labels, attachments, and revision history that you create.

Every credential field is encrypted on your device before it is written to disk. The encryption key is derived from your passphrase using a memory-hard key-derivation function and is never transmitted off your device. Apple never sees the key, and neither does Abokado Labs.

How sync works

Keys uses your personal iCloud account to sync your encrypted vault across your devices, via Apple's CloudKit. Apple's servers store and relay only the encrypted ciphertext — they cannot read the contents.

The sync container is private to your iCloud account; it is not shared with Abokado Labs or other users.
If you sign out of iCloud or disable iCloud Drive for Keys, sync stops; the encrypted data on each device remains.
If you uninstall Keys from a device, that device's local copy is removed by the system. Your iCloud copy is unaffected.

Authentication and biometrics

Keys can be unlocked with Face ID, Touch ID, Optic ID, or a system passphrase. Biometric matching is performed entirely by Apple's Local Authentication framework on the Secure Enclave; the underlying biometric data never leaves your device, and Keys never sees it. The biometric prompt is used only as a gate that releases the locally stored encryption material.

Optional AI extraction

Keys can extract credentials from text you paste, files you import, or screenshots you provide, using a hybrid pipeline:

Pattern-based extraction (regular expressions for known credential shapes) runs entirely on your device. No network call is made.
Optional metadata classification by a large language model is available if, and only if, you provide your own OpenRouter API key. If enabled, the input you submit for extraction is sent to OpenRouter (openrouter.ai/privacy) for processing. The LLM is asked to produce metadata (record name, service, kind); it is not used to generate or copy the secret values.
The LLM provider is, in this case, a third party you have chosen to use. Keys does not relay your traffic through any Abokado Labs endpoint.

You can disable the AI features entirely. Pattern-based extraction works offline.

Optional credential validation

Keys can verify whether a stored API key still authenticates against its provider (for example: OpenAI, Anthropic, GitHub). If you opt in, Keys sends a minimal authentication request directly from your device to the provider's API using the stored credential. The request goes to the provider, not to Abokado Labs. The result (alive / rejected / unknown) is cached locally. You can disable this per-record or globally.

Optional companion features

CLI tool. Keys ships an optional command-line interface that talks to the running app over a local Unix domain socket inside your user's App Group container. No network is involved.
SSH agent. Keys can act as an OpenSSH agent for keys you store inside it, again via a local socket. Signing happens inside the app; private key material is not exported.
Share extension. The macOS / iOS share extension lets you send selected text to Keys for ingestion. The text stays inside the App Group container and is processed by the same pipeline described above.

Clipboard handling

When you copy a credential, Keys writes it to the system clipboard with a hint that clipboard-history applications should not record it (the org.nspasteboard.ConcealedType convention used by Alfred, Raycast, Pastebot, and others). Keys also schedules an automatic clipboard-clear after a configurable timeout (default 30 seconds). On iOS, clipboard items are marked local-only, which prevents Universal Clipboard from mirroring them to other devices.

Analytics, telemetry, and crash reports

None. Keys does not include any analytics SDK, telemetry collection, crash-report collection, advertising identifier, attribution framework, or third-party tracking of any kind. The app makes no network requests on its own initiative; the only outbound traffic is the optional features described above (iCloud sync, AI extraction, credential validation), each of which you control.

Required-reason API declarations

Apple requires apps to declare why they call certain platform APIs even when those calls don't transmit data off-device. Keys' privacy manifest declares the following non-data-collection reasons, in line with App Store guidelines:

NSPrivacyAccessedAPICategoryUserDefaults — for reading and writing user preferences (CA92.1).
NSPrivacyAccessedAPICategoryFileTimestamp — for vault file metadata used by the local store (C617.1).
NSPrivacyAccessedAPICategoryDiskSpace — to detect low-disk situations before writing (85F4.1).
NSPrivacyAccessedAPICategorySystemBootTime — for the auto-lock idle timer (35F9.1).

None of these APIs transmit data off your device.

Children

Keys is not directed at children under 13. It does not knowingly collect any information from any user, of any age.

Your rights

Because Keys stores your data on your devices and in your iCloud account — not on any Abokado Labs server — the controls available to you are operating-system controls:

Access. Open the app on any of your devices.
Export. Use the in-app export feature to produce an encrypted backup.
Delete. Delete records inside the app, or uninstall the app and remove the iCloud container in iOS / macOS Settings → Apple ID → iCloud → Manage Storage.

Abokado Labs cannot retrieve, restore, decrypt, or delete your data on your behalf, because Abokado Labs has no copy and no key.

Changes to this policy

If this policy materially changes, the updated version will be published at this URL with a new effective date. Substantive changes will also be summarized in the app's release notes.

Contact

Questions about this policy: hello@abokadolabs.com.