1. Data Controller
The Data Controller for personal data is:
Mikesoft by Michael Gasperini
VAT ID: 02693140465
Email: info@mikesoft.it
Website: www.mikesoft.it
2. Nature of the Application
Keysoft is a mobile app for secure personal password management. It is built with a "privacy by design" and "offline first" approach, which means all data stays exclusively on the user's device.
3. Categories of Processed Data
3.1 Locally stored data
The application stores credentials, notes, and information voluntarily entered exclusively on the user's device.
3.2 Technical data
The application may access technical operating system data necessary for operation (e.g., Android/iOS version) but does not collect them for statistical purposes.
4. Legal Basis for Processing
The processing of personal data is based on the user's consent (Art. 6, para. 1, lit. a GDPR) and on the performance of the agreement relating to the use of the application (Art. 6, para. 1, lit. b GDPR).
5. Purpose of Processing
Personal data is processed exclusively to provide the password management service, ensure data security via encryption, and enable local backup.
6. Data Sharing and Transfer
NO PERSONAL DATA IS TRANSMITTED, SHARED, OR TRANSFERRED outside the user's device. The application uses internet connectivity exclusively to receive automatic updates via the Expo Updates service (expo.dev). No sensitive data, passwords, or personal information is sent to external servers.
No data transfers to third countries or international organizations are performed.
7. Data Retention
Personal data is retained on the user's device until the user decides to delete it or uninstall the application.
There are no automatic backups on external servers. Responsibility for backups rests entirely with the user.
8. Rights of the Data Subject
Under the GDPR, the user has the right to access, rectify, and delete their data directly through the app's features.
For privacy-related questions, contact: info@mikesoft.it
9. Data Deletion
You can delete your data in one of the following ways:
Method 1: App Reset (Recommended)
From the app settings, select the reset/delete data option.
⚠️ Note: This operation is irreversible. Ensure you have exported any important passwords before proceeding.
Method 2: Uninstalling the App
Uninstalling the app removes the local database (standard iOS and Android behavior).
Method 3: Clear Cache and Data (Android Only)
From system settings > Apps > Keysoft > Storage > Clear Data.
Before deleting data, we strongly recommend exporting your passwords if you intend to keep them.
Once data is deleted, it cannot be recovered in any way as no copy exists on our servers.
10. Security Measures
The application implements strong security measures, including AES-256 encryption for the local database and Argon2 hashing for the Master Password. The internet permission present in the manifest is used exclusively for OTA updates via Expo Updates and is never used to transmit user data.
11. Minors' Data Processing
The application is not intended for minors under 16. We do not knowingly collect personal data from minors under 16.
12. Third-Party Services
Keysoft DOES NOT use third-party analytics services, advertising networks, or tracking tools. The application does not integrate external profiling SDKs.
All notifications are LOCAL ONLY and generated directly by the device. No data is sent to external notification services.
Expo Updates (by Expo / EAS): the app uses this service to receive over-the-air updates without going through the Play Store. During update checks, the following is sent to Expo's server: app version, platform (Android/iOS), and runtime version. No personal data, passwords, or credentials are transmitted. Expo privacy policy: expo.dev/privacy
13. Permissions and Specific Features
Biometric Authentication
Purpose: Enable authentication via fingerprint/Face ID as an alternative to PIN.
Data usage: Only cryptographic hashes are stored locally, never the actual biometric data. The OS manages biometric data securely.
Local Notifications
Purpose: Display local security alerts (weak passwords, auto-lock warnings, backup reminders).
Data usage: All notifications are generated and displayed locally. No data is sent to external servers.
File/Storage Access
Purpose: Required for Backup and Restore features (Import/Export).
Data usage: The app accesses only files explicitly selected by the user. Exported files are encrypted if the user chooses to protect them with a password.
Screen Protection (Flag Secure)
Purpose: Protect sensitive information from screenshots and screen recordings.
Data usage: This permission does not access or store any data. It only prevents the OS from capturing screen content when the app is active.
Camera and Photo Gallery
Purpose: Allow the user to choose a personal profile picture from the gallery or camera.
Data usage: The app only accesses images explicitly selected by the user. Images are saved locally as a profile avatar and are never transmitted to external servers.
Clipboard
Purpose: Copy passwords to the clipboard for quick use in other apps.
Data usage: The password is temporarily copied to the clipboard and automatically cleared after 60 seconds (default setting). The app does not read clipboard content from third-party apps.
Network Permission: the internet permission is present in the manifest and is used exclusively by the Expo Updates service to receive automatic app updates. No personal data or passwords are transmitted over the network.
14. User Responsibility
Given the offline and local nature of the application, the user is solely responsible for safeguarding the Master Password and backups.
⚠️ Important: The developer cannot recover lost or forgotten data, as no copy exists on external servers.
15. Cookies and Tracking
Keysoft DOES NOT use cookies, web beacons, pixels, or other tracking technologies. The application does not collect telemetry, analytics, or usage statistics.
16. GDPR Compliance
This application is designed to comply with the General Data Protection Regulation (EU) 2016/679.
17. Right to Complain
Users have the right to lodge a complaint with the supervisory authority if they believe their data protection rights have been violated.
Garante per la Protezione dei Dati Personali
Piazza Venezia, 11 - 00187 Roma, Italy
Website: www.garanteprivacy.it
18. Changes to Privacy Policy
We reserve the right to update this Privacy Policy. Material changes will be communicated through an app update and, where appropriate, a dedicated notice. Continued use of the application after those changes implies acceptance of the updated policy.