Short version: DocVault has no user accounts and no company servers that store your
documents. Every file is encrypted and kept on your device. If you choose to turn on cloud backup,
your encrypted vault goes straight from your phone to your own Google Drive or iCloud — we never see it.
1. Who We Are
DocVault is developed and maintained by Zenerly, an independent software developer. You can contact us at app.zenerly@gmail.com.
Android package ID: app.zenerly.docvault.mobile
Google Play: play.google.com/store/apps/details?id=app.zenerly.docvault.mobile
iOS: coming soon.
2. Data We Collect
DocVault does not require an account, sign-up, or sign-in. There is no username, password, or profile of any kind tied to using the app. What exists instead:
- Your vault data (never transmitted, by default) — every document, thumbnail, folder, and piece of extracted text lives only on your device, encrypted, unless you personally choose to back it up (below).
- Optional cloud backup — if you connect Google Drive (Android) or iCloud (iOS), an encrypted backup archive is uploaded directly from your device to the hidden, app-private storage area of your own Drive/iCloud account. Zenerly's infrastructure is never in that path — we have no server that receives, stores, or can access this file.
- Google Sign-In (Android, only if you connect Google Drive) — Google's sign-in library shares your Google account email and an OAuth token with the app, scoped only to the
drive.appdata permission (hidden app storage, not your visible Drive files). This token is used solely to talk to your own Drive account from your device; Zenerly does not receive or store it.
- Early access mailing list — if you submit the "Request Early Access" form on this website, we collect the name and email you provide, to notify you when iOS access opens up. See Account & Data Deletion to have this removed at any time.
- Diagnostic data — none currently. DocVault does not integrate any analytics, advertising, or crash-reporting SDK as of this version.
3. Encryption & On-Device Storage
DocVault encrypts every document on your device with a random encryption key generated the first time you use the app, stored in your device's secure hardware keystore (Android Keystore / iOS Keychain) — never as plain text, never transmitted anywhere. This means:
- Nobody at Zenerly can open, view, or decrypt your document content — we have no copy and no key.
- Your app PIN is hashed and stored the same way; biometric unlock (fingerprint/Face ID) is verified entirely by your device's OS — DocVault only ever receives a pass/fail result, never raw biometric data.
- There is no password recovery. Since nothing is tied to a server account, a forgotten PIN with no working biometric can only be resolved by resetting the vault (Settings → Reset Vault), which permanently erases all local data. This is why a backup (local export or cloud sync) is strongly recommended.
- If you export a local backup or enable cloud backup, that archive is protected by a separate password you choose — one you must remember, since we hold no copy of it either.
4. App Permissions
DocVault requests the following device permissions:
- Camera — to scan physical documents.
- Photo library / storage — to import existing files and save exports.
- Biometric (fingerprint/Face ID) — to unlock the app, if you enable it.
- Notifications — for local expiry-date reminders generated entirely on your device (optional, configurable in Settings). No push notification server is involved.
- Internet — used only when you actively connect and use Google Drive/iCloud backup, or submit a form on this website. Browsing and using your vault day-to-day requires no connection at all.
5. Third-Party Services
DocVault currently shows no advertising and integrates no ad network, analytics, or crash-reporting SDK. The only third-party services involved are ones you explicitly opt into:
- Google Sign-In & Google Drive API — only if you connect Google Drive backup on Android. Governed by Google's Privacy Policy.
- Apple iCloud — only if you have iCloud enabled on iOS; DocVault uses your device's existing iCloud session, no separate sign-in.
Text recognition (OCR) for scanned documents runs fully on-device using an on-device ML model — no image or extracted text is ever sent to Zenerly or to Google for this purpose.
6. Sharing a Document
When you tap "Share" on a document, DocVault decrypts a copy and hands it to your device's native share sheet — the same mechanism used by any app to share a file to email, WhatsApp, Drive, or elsewhere. This is a one-time export you control; Zenerly's servers are never involved in this transfer, and no hosted link is created. (Revocable, expiring share links are a planned feature, not yet available in this version — if you see a "Secure Link" option in the app referencing this, it is not yet functional.)
7. Data Sharing With Third Parties
We do not sell, rent, or trade any data. Because DocVault has no backend server holding document content, there is essentially nothing of yours for us to share. The only information we hold at all is what's described in §2 (early-access signups, support emails you send us) — never disclosed to third parties except where required by valid legal process.
8. Data Retention & Deletion
Your vault data lives only on your device (and in your own Google Drive/iCloud, if you opted into backup) until you delete it yourself — instantly, via Settings → Reset Vault in the app, or by deleting the backup file from your own cloud storage. We hold no copy to retain or delete on our end. For early-access mailing list data or anything else you've sent us directly, see our Account & Data Deletion page.
9. Children's Privacy
DocVault is not directed at children under 13 (or under 16 in the EU) and, having no accounts, has no way to knowingly collect data from anyone by age. If you believe a child has submitted information through our website forms, contact us at app.zenerly@gmail.com and we will delete it.
10. GDPR — European Union Users
- Legal basis: legitimate interest (operating the website's early-access list) and consent (where you explicitly opt in, e.g. cloud backup).
- Data controller: Zenerly (app.zenerly@gmail.com).
- Your rights: access, correction, deletion, portability, and objection. For your on-device vault, these are entirely in your own hands via the app; for anything you've sent us directly, email us or use the deletion page below.
11. CCPA — California Residents
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in an updated "Last Updated" date above and, where required, notified via the app or store listing.
We aim to respond to all privacy inquiries within 5 business days.