Last updated: June 17, 2026
This Privacy Policy explains how Locki ("the app", "we", "us") handles information when you use the app on Android or iOS. Locki is a password manager designed so that your data stays on your own device: we do not operate a server that stores your passwords, and you are not required to create an account or provide an email address to use the app.
Locki is developed and maintained by José Bueno, an independent developer (Android application ID
com.jomibusa.locki.android). For any questions about this policy or to exercise your rights,
you can contact us at jomibusadeveloper@gmail.com.
Locki distinguishes between data you create inside the app (which stays encrypted on your device) and limited technical data that integrated third-party services may process so the app can run reliably and remain free.
All of this information is stored exclusively on your device, inside a database encrypted with AES-256 (SQLCipher). The encryption key is protected by your operating system's secure storage (Android Keystore on Android, Keychain on iOS) and, if you enable it, by your fingerprint or face recognition. We do not transmit, sync, or store this information on our own or any third-party servers. Locki has no backend and no cloud database: there is no account system, email registration, or remote login of any kind.
If you enable fingerprint or face unlock, biometric verification is performed entirely by your device's operating system (BiometricPrompt on Android, Face ID/Touch ID on iOS). Locki never accesses, receives, or stores your biometric data; it only receives a simple "authentication succeeded" or "failed" result from the operating system.
Locki lets you export your vault to a file encrypted with a passphrase you choose, and later import it (replacing or merging your data). This file is saved to storage you select on your own device. Locki does not upload backups to any server or cloud service.
To keep the app stable and to fund its free version, we integrate the following Google services, which may process limited technical data under their own privacy policies:
The current version of the app includes the Firebase Analytics SDK, but Locki's code does not emit any custom analytics events.
The first time you open the app (in regions where applicable, such as the European Economic Area and the United Kingdom), you will be shown a Google consent form (UMP) where you can choose whether to allow personalized ads. You can change this choice at any time from the app's settings.
Locki requests only the following permissions:
Locki does not request access to your camera, microphone, location, contacts, calendar, or photo library. The Autofill feature is available but disabled by default, and only becomes active if you manually enable it in your device's system settings.
We do not sell or share the contents of your vault (passwords, usernames, notes) with anyone, under any circumstances. The only data that may be processed by third parties is the technical data described in section 2.4, and only by the service providers mentioned (Google Firebase, Google AdMob, Google Play Billing), under their own privacy policies:
We do not transfer information to third parties for our own commercial purposes beyond the services described in this policy.
Since all of your data is stored locally, you have full control over its retention: you can delete individual passwords, categories, or your entire vault from within the app, or uninstall the app, which permanently removes the encrypted database and any associated configuration files from your device. Crash reports sent to Firebase Crashlytics are retained according to Google's retention policies and do not contain the contents of your vault.
Locki is not directed at children under 13, and we do not knowingly collect information from children under that age. If we become aware that information from a child was collected without appropriate consent, we will delete it.
Because Locki does not maintain a user account or a remote database containing your personal information, you can exercise your rights of access, correction, or deletion directly within the app (by editing or deleting your data) or by uninstalling it. For any questions related to the technical data processed by the third-party services mentioned above, you can contact us at jomibusadeveloper@gmail.com or exercise your rights directly with Google through the links in section 5.
The third-party services we integrate (Google Firebase, AdMob, Play Billing) may process technical data on servers located outside your country of residence, including the United States, under the transfer mechanisms and safeguards described in Google's own privacy policies.
We may update this Privacy Policy to reflect changes to the app or applicable law. If we make significant changes, we will indicate this within the app or by updating the "Last updated" date on this document. We recommend reviewing this policy periodically.
If you have questions about this Privacy Policy or about how your data is handled, please contact us at: jomibusadeveloper@gmail.com