Last updated: April 17, 2026
CypherAir does not collect data. The app has no network access and runs locally by design.
CypherAir has no network access path in the app. It cannot send data to a CypherAir server because there are no user accounts, no cloud sync, no backend services, and no analytics endpoints. It is designed to work entirely offline, including in airplane mode.
We do not collect, store, transmit, or process any user data. There are no analytics, no crash reporters, no tracking pixels, no telemetry of any kind.
CypherAir does not request camera, photo library, contacts, location, microphone, notification, or network access. File input and output use system document pickers and the Share Sheet. Face ID / Touch ID is used only for local authentication, with the system usage description required by Apple platforms.
Your encryption keys, contacts' public keys, preferences, and temporary decrypted content stay on your device by default. Private-key material and app data use separate local protection paths: private keys are protected with Secure Enclave wrapping and stored through the Keychain, while contacts, key metadata, and protected settings open through ProtectedData only after local app unlock. ProtectedData uses a device-bound root secret for its local domains, keeps domain keys session-local, and clears them again when the app relocks. When you choose, you can export passphrase-protected private-key backups, public keys, encrypted files, signatures, or revocation certificates through system sharing and export flows.
There are no user accounts, no cloud sync, no servers, and no backend infrastructure. CypherAir is a purely local application.
CypherAir is licensed under the GNU General Public License v3 (GPLv3). The source code is publicly available for audit and verification.
If you have questions about this privacy policy, please open an issue on our GitHub repository.