VaultPad

Privacy policy

Effective date: July 12, 2026

VaultPad is a local-first notes app. This policy is short because the honest answer to most privacy questions about VaultPad is: your data stays on your phone, and we never see it.

The summary

The rest of this document spells that out.

What VaultPad stores on your device

None of this is transmitted to us. There is no "us" to transmit it to — VaultPad runs entirely on your phone.

What leaves your device — only when you choose

AI providers (optional — requires your own API key)

If you add an API key for an AI provider, AI chats send your messages, the note you have open, and anything the AI reads with its tools (other notes you let it reach, and — if you granted calendar access — calendar events) to that provider, using your key. Nothing is sent outside AI features, and the app shows you this notice the first time you use each provider.

You choose the provider: Anthropic, OpenAI, Google (Gemini), or Deepseek. Your relationship with that provider is direct — governed by their terms and privacy policy, not ours, and we receive nothing from those conversations. Two provider-specific caveats the app also discloses:

Provider privacy policies: Anthropic · OpenAI · Google · Deepseek

You can mark any note "hide from AI" in its details panel: a hidden note is never sent to an AI provider — it is not injected into chats, and the AI cannot read, list, or edit it, in any chat mode. And you can remove your API key — and with it all AI features — at any time in Settings.

"Hide from AI" is not encryption. Your notes are plain text files by design — that's what makes them portable and permanently yours — and hiding a note from AI does not change that: the file still syncs to any provider you connected and rides your device backup like any other note. Please don't keep passwords, API keys, or similar secrets in notes; a notes app is not a password manager.

Sync providers (optional)

Android device backup

Like most Android apps, VaultPad participates in Android's Auto Backup, which backs your notes up to your Google account according to your device's backup settings — so your vault survives reinstalling the app or moving to a new phone. API keys and sign-in tokens are explicitly excluded from backups. This is Android's own backup system, controlled entirely in your device settings (Settings → Google → Backup), not by us.

Permissions VaultPad asks for

What we collect

Nothing. VaultPad sends no analytics, telemetry, usage statistics, or crash reports to us or to anyone else. We do not know how many notes you have, what's in them, which features you use, or that you use VaultPad at all.

If a future version ever adds any form of telemetry (for example, crash reporting), this policy will be updated first, the change will be called out in the app, and it will follow the same principle as everything above: your note content and keys are never included.

Data retention and deletion

We hold no data about you, so there is nothing for us to retain or delete. Your data lives in exactly three kinds of places, all yours:

Children

VaultPad is not directed at children under 13.

Changes to this policy

If this policy changes, the new version will be posted at this address with an updated effective date.

Contact

VaultPad is developed by an independent developer. Questions about this policy: feedback@vaultpadnotes.com.