IronKey Password Manager — Privacy Policy

Effective Date: March 17, 2026

Privacy at a Glance

IronKey Password Manager is designed from the ground up to protect your privacy. We collect zero personal data. Your passwords are encrypted with military-grade AES-256 encryption and stored exclusively on your device. Nothing is ever transmitted, uploaded, or shared with anyone — including us.

1. Who We Are

IronKey Password Manager ("IronKey", "the App", "we", "us", or "our") is developed and published by SmallBird Tech. This Privacy Policy explains how the App handles — or more accurately, does not handle — your information.

2. Information We Collect

Short answer: We collect nothing. IronKey operates entirely offline on your device. We have no servers, no accounts, no analytics, and no way to access your data.

We Do NOT Collect:

Passwords, usernames, or any vault data
Your name, email address, or phone number
Device identifiers or advertising IDs
Location data
Usage analytics or telemetry
Crash reports
Browsing history
Contacts or call logs
Any personally identifiable information (PII)

3. How Your Data Is Stored

All data you enter into IronKey is stored locally on your device only, in an encrypted database. Here is how your data is protected:

Security Layer	Implementation
Encryption Algorithm	AES-256-GCM (NIST-approved)
Key Storage	Android Hardware-Backed Keystore
PIN Security	PBKDF2-HMAC-SHA256 (100,000 iterations)
Data Location	Device local storage only
Cloud Backup	Explicitly blocked
Device Transfer	Explicitly blocked
Network Access	None (no internet permission used for vault data)

Your encryption key is generated inside Android's hardware-backed Keystore and cannot be extracted — not by other apps, not by us, and not by anyone with physical access to your device.

4. Internet & Network Usage

IronKey uses network access solely for the following purpose:

Google Play Billing: To process the optional one-time in-app purchase for the Pro upgrade. This communication occurs exclusively between your device and Google Play services. We do not operate or interact with any server in this process.

No vault data, passwords, personal information, or usage data is ever transmitted over the network.

5. Google Play Billing

If you choose to purchase IronKey Pro, the transaction is handled entirely by Google Play. We receive only:

A purchase confirmation token (stored locally on your device to verify Pro status)
No payment details, billing address, or financial information

Google's handling of your payment data is governed by Google's Privacy Policy.

6. Biometric Data

IronKey supports biometric authentication (fingerprint and face recognition). Biometric data is:

Processed entirely by Android's system-level BiometricPrompt API
Never accessed, stored, or transmitted by IronKey
Managed exclusively by your device's secure hardware

7. Third-Party Services

IronKey does not integrate any of the following:

Analytics services (no Google Analytics, Firebase Analytics, etc.)
Advertising SDKs or ad networks
Crash reporting services
Social media SDKs
Tracking pixels or attribution tools
Cloud storage or sync services

The only third-party integration is Google Play Billing Library for processing the optional Pro upgrade purchase.

8. Data Sharing

We do not share, sell, rent, trade, or disclose any user data to any third party. Since we collect no data, there is nothing to share.

9. Data Retention & Deletion

Since all data is stored locally on your device:

Uninstalling IronKey permanently deletes all vault data and encryption keys
Clearing app data in Android Settings permanently deletes all vault data
We retain no data on any server, so there is nothing for us to delete
Deleted data cannot be recovered by us or anyone else

10. Children's Privacy

IronKey does not knowingly collect any personal information from anyone, including children under 13. Since the App collects no data whatsoever, it is compliant with COPPA (Children's Online Privacy Protection Act), GDPR-K, and equivalent regulations.

11. International Users

Because IronKey stores all data locally on your device and transmits no data to external servers, it complies with:

GDPR (European Union General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
LGPD (Brazil's General Data Protection Law)
KVKK (Turkey's Personal Data Protection Law)

No cross-border data transfer occurs because no data leaves your device.

12. Security

We take security seriously. IronKey employs:

AES-256-GCM encryption with hardware-backed key storage
PBKDF2 key stretching with 100,000 iterations for PIN hashing
Randomized initialization vectors (IV) per encryption operation
128-bit GCM authentication tags for tamper detection
Brute-force protection with progressive lockout
Auto-lock after inactivity timeout
Clipboard auto-clear after 30 seconds
Cloud backup and device transfer fully blocked

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective Date" at the top of this page and notify users through the App or our website. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Your Rights

Since IronKey collects no personal data, traditional data subject rights (access, rectification, erasure, portability) are inherently satisfied — there is no data held by us to access, correct, delete, or transfer. You have full control over your data on your device at all times.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the App's privacy practices, please contact us:

SmallBird Tech

[email protected]

🔒 IronKey Password Manager