1. Summary
Luban Lock (“we”, “our”, or “the app”) is designed as a local, offline private vault. We do not operate a cloud service that stores your photos, videos, audio, passwords, or vault contents. Your encrypted data remains on your device unless you explicitly export or create a local backup file.
2. Information we do not collect
We do not collect, sell, or rent:
- Your photos, videos, audio, albums, tags, or notes
- Your vault password, encryption keys, or biometric templates
- Usage analytics, advertising identifiers, or crash reports through our own servers
- Your contacts, messages, precise location, or browsing history
Because we do not host your vault, we cannot access, recover, or reset your password for you.
3. Data stored on your device
The app stores the following locally on your phone:
- Encrypted media files and thumbnails in the app’s private storage
- Albums, metadata, and app preferences in a local database
- Encrypted backup files you create (saved on-device or in Files)
- Intrusion alert records and optional front-camera snapshots (if you enable Intrusion Alert)
- Password recovery data: a security question, salted hash of your answer, and encrypted key-wrap material (if you enable Password Recovery)
- Decoy vault data: a separate encrypted container with its own media and metadata (if you enable Decoy Password with Luban Lock Pro)
Encryption uses industry-standard algorithms (including AES-256). Keys are derived from your password and protected with the device’s secure storage (Keychain on iOS). The decoy vault uses separate encryption keys and storage from your primary vault.
3.1 Decoy password (Luban Lock Pro)
If you enable the decoy password, the app maintains a second encrypted vault isolated from your primary vault. Decoy media, albums, and settings are stored only on your device. We cannot see which password you entered or what either vault contains.
3.2 Password recovery
If you set up Password Recovery, your security question and a salted cryptographic hash of your answer are stored locally. Your answer is never sent to our servers. Successful recovery uses your answer to decrypt a locally stored key-wrap and reset your vault password. If you forget both your password and recovery answer, we cannot restore access.
3.3 Intrusion alert snapshots
When Intrusion Alert is enabled and the wrong-password threshold is reached, the app may capture a photo using the front camera. Images and timestamps are stored in app-private storage on your device. You can review and delete intrusion records in Settings. We do not upload these images.
4. Device permissions
Luban Lock requests only permissions needed for features you use:
- Photos library — import media into your vault and export decrypted copies back to Photos
- Camera — capture photos/videos into the vault; optional intrusion snapshot on wrong password
- Microphone — record audio into the vault
- Face ID / Touch ID — optional biometric unlock (processed by iOS; we do not receive biometric data)
Deleting originals from the system Photos library requires an additional iOS confirmation dialog controlled by Apple, not by us.
5. Subscriptions and payments
Luban Lock Pro subscriptions and lifetime purchases are processed by Apple via the App Store. We use RevenueCat to validate subscription status and deliver premium features. RevenueCat may receive an anonymous app user identifier and purchase receipts as described in RevenueCat’s Privacy Policy.
We do not receive your full payment card details.
6. Network use
Core vault features work offline. Limited network access may occur when:
- Loading subscription products or validating purchases (RevenueCat / App Store)
- Opening links you choose (e.g. this website, Terms, Privacy, or email feedback)
- Resolving place names from photo GPS metadata via Apple’s geocoding services (if coordinates exist)
We do not upload your vault media to our servers.
7. Third-party services
- Apple App Store — distribution and in-app purchases
- RevenueCat — subscription management
The app does not include third-party advertising SDKs or social tracking SDKs.
8. Children’s privacy
Luban Lock is not directed at children under 13. We do not knowingly collect personal information from children.
9. Data retention and deletion
Your vault data remains on your device until you delete items, reset the vault, or uninstall the app. Uninstalling removes app-private data subject to iOS behavior. Encrypted backups you saved elsewhere are your responsibility to manage.
10. International users
This policy is provided in English for our international app build. Because data is stored locally on your device, cross-border transfer by us does not apply to your vault contents.
11. Changes
We may update this policy from time to time. The latest version will be posted at https://lubanlock.app/privacy. Material changes may also be noted in the app.
12. Contact
Questions about this policy: [email protected]. We aim to respond within 7 business days.