Legal document

ChromVoid Privacy Policy

Last updated: May 13, 2026

This Privacy Policy explains how ChromVoid LLC ("ChromVoid," "we," "us," or "our") handles information when you use ChromVoid apps, browser extensions, websites, relay services, waitlist forms, checkout, licensing, and support channels.

ChromVoid is designed as a local-first encrypted vault. ChromVoid license accounts are used for license recovery, entitlement sync, and cross-platform Pro activation. They are not cloud vault accounts, and your vault data stays on your own devices. We do not sell personal data, do not run advertising tracking, and do not use your data to build advertising profiles.

If we publish a translated version of this policy, the English version is the source of truth unless we explicitly say otherwise.

1. Information ChromVoid does not collect

ChromVoid LLC does not collect, receive, or have access to:

  • Vault contents.
  • Master passwords.
  • Decrypted files.
  • Passkeys, passwords, OTP seeds, SSH keys, wallet secrets, or other stored secrets.
  • Biometric templates, face data, fingerprint data, or other biometric identifiers.
  • Local autofill secrets.
  • Browser extension secrets.
  • Local device vault data.

ChromVoid cannot decrypt your local vault for you. If you lose the local credentials, keys, or recovery material needed to open a vault, we generally cannot recover that vault.

2. Local-only processing

The following activity is designed to happen on your device and is not sent to ChromVoid LLC by default:

  • Vault encryption and decryption.
  • Password manager operations.
  • File encryption, file previews, mounted-vault operations, and local file access.
  • Autofill and credential provider flows, including local credential matching and OS-facing credential metadata.
  • Biometric unlock checks. Your device operating system handles biometric verification and ChromVoid receives only the local result needed to continue or block access.
  • Browser extension communication with the local ChromVoid app through localhost or a local gateway.
  • Browser extension origin or tab matching used locally to find relevant credentials.
  • Local passkey, SSH agent, wallet, and secret-management operations.

Some optional features may transmit encrypted or limited service data off the device, as described below.

3. Information we may collect

Waitlist, contact, and support

If you join the waitlist, contact us, or request support, we may process:

  • Email address.
  • Message content and support details you choose to send.
  • Source, campaign, or referrer values submitted with the form.
  • Hashed IP address or similar abuse-prevention metadata.
  • Timestamps and delivery status for emails we send.

Please do not send vault passwords, passkeys, recovery material, private keys, seed phrases, or decrypted vault contents in support messages.

Purchases and checkout

If you buy a ChromVoid license through our web checkout or another supported purchase channel, we may process:

  • Optional email address.
  • Purchase ID.
  • External payment provider ID.
  • Amount, currency, status, and timestamps.
  • Webhook or payment metadata needed to reconcile the order.
  • Generated license key.
  • Fraud-prevention, tax, accounting, and legal records related to the purchase.

Payment providers and app stores may process payment details under their own terms and privacy policies. ChromVoid does not use purchase data for advertising tracking.

Licensing and activation

To activate and maintain a Pro license, we may process:

  • License key.
  • Device fingerprint derived from the local ChromVoid Core instance.
  • Activation, status-check, deactivation, and renewal timestamps.
  • License status and entitlement metadata.
  • Account ID and account status when you use license account recovery or cross-platform entitlement sync.
  • Account session metadata, stored as hashed session tokens.
  • Recovery code metadata, stored as a hashed recovery code.
  • License-account binding, entitlement ID, product code, source, and sync state.

The device fingerprint is used for license integrity, fraud prevention, and service operation. It is not used for advertising.

When you claim or recover a web or desktop license through the ChromVoid website, your original license key may be used as proof that you control that purchase. If the key is accepted, ChromVoid may create or reset a license account, issue a new account session, and show a new recovery code once. We store only the hash of that recovery code. The recovery code is an account credential for license recovery and entitlement sync; it does not give ChromVoid access to local vault contents or secrets.

Relay and iOS wake services

If you use relay, remote, sync, peer-to-peer, or iOS background wake features, we may process limited service data such as:

  • Room IDs, session IDs, and peer IDs.
  • Transient encrypted relay traffic needed to connect devices or peers.
  • Presence and wake-state records.
  • Hashed IP logs or similar rate-limiting and abuse-prevention metadata.
  • APNS device token and related push-routing metadata when iOS wake is enabled.

Relay traffic is intended to be encrypted by the participating endpoints. Our relay infrastructure should not need decrypted vault contents or secrets to operate. However, relay systems may necessarily observe technical metadata such as connection timing, message size, IP-derived rate-limit keys, and routing identifiers.

Website analytics, metrics, and logs

We may process limited operational data to keep ChromVoid services secure and reliable, including:

  • Prometheus-style operational metrics.
  • Server logs, request timestamps, response codes, and rate-limit signals.
  • Self-hosted analytics events for pageviews, CTA clicks, downloads, and conversion measurement.

Our analytics posture is first-party and self-hosted where practical. We do not use analytics for third-party advertising, cross-site tracking, or PII enrichment. We avoid collecting analytics events that include vault contents, secrets, or support message content.

4. How we use information

We use the limited information described in this policy to:

  • Provide, secure, maintain, and debug ChromVoid services.
  • Operate waitlist, email, licensing, checkout, license account recovery, entitlement sync, relay, and wake features.
  • Deliver license keys and purchase-related messages.
  • Prevent abuse, fraud, replay, spam, and service overload.
  • Respond to support, privacy, and deletion requests.
  • Understand aggregate website and product funnel performance without advertising tracking.
  • Meet legal, tax, accounting, and compliance obligations.

5. How we share information

We do not sell your personal data.

We may share limited information with service providers that process data for ChromVoid and according to our instructions, including:

  • NOWPayments or another checkout provider for payment processing.
  • Apple Push Notification service (APNS) for iOS background wake notifications when enabled.
  • SMTP or email delivery providers for waitlist, support, and license emails.
  • Hosting, database, observability, and infrastructure providers.
  • App stores and platform providers when you download, buy, or manage ChromVoid through those platforms.
  • Self-hosted analytics infrastructure operated for ChromVoid.

We may also disclose information if required by law, to protect users or ChromVoid, to enforce our terms, or in connection with a merger, acquisition, financing, or sale of business assets. If such a transfer happens, the receiving party must honor this policy for the covered data unless users are notified of a different policy.

6. Retention

We keep information only for as long as reasonably needed for the purpose described in this policy, unless a longer period is required or permitted by law.

  • Waitlist email: kept until you unsubscribe, request deletion, or we no longer need the waitlist record.
  • Support messages: kept while needed to answer the request, maintain service quality, and protect against abuse.
  • Purchase and license records: kept while needed for license service, fraud prevention, support, tax, accounting, legal, and compliance obligations.
  • License activations: kept while needed to provide activation, deactivation, fraud prevention, and entitlement checks.
  • License account records, account sessions, recovery-code hashes, and entitlement bindings: kept while needed to provide recovery, entitlement sync, fraud prevention, support, security, dispute resolution, and license integrity.
  • Relay presence and wake state: designed to be short-lived, except APNS registrations or equivalent push-routing records kept while the feature is active.
  • Logs and metrics: minimized and rotated according to operational needs.
  • Backups: may persist for a limited period after deletion from active systems and are removed through normal backup rotation.

Deletion may be limited where we need to retain records for legal, tax, accounting, fraud-prevention, security, dispute-resolution, or active license-integrity reasons.

7. Security

ChromVoid is designed around local encryption and data minimization. We use technical and organizational measures intended to protect the limited service data we process, including encryption in transit where appropriate, access controls, least-necessary service logging, and separation between local vault contents and server-side service records.

No system is perfectly secure. You are responsible for protecting your devices, operating-system accounts, vault passwords, recovery materials, and local backups.

8. Your choices and rights

You can use local ChromVoid vault features without putting vault data into a ChromVoid account. A license account may be created or used when you claim or recover a license, sign in with a recovery code, sync a Pro entitlement across platforms, or activate Pro from an account entitlement. You may choose whether to join the waitlist, contact support, buy a license, activate Pro features, use license recovery, or enable relay and iOS wake features.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. To make a privacy request, email:

legal@chromvoid.com

We may need to verify your request before acting on it. We will respond as required by applicable law. If we cannot fully delete information because of legal obligations, fraud prevention, accounting, tax, dispute-resolution, or active license-integrity needs, we will explain the limitation where required.

9. Children

ChromVoid is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to ChromVoid, contact us at legal@chromvoid.com.

10. International processing

ChromVoid LLC and its service providers may process information in the United States and other countries where we or our providers operate. Data protection laws may differ from those in your country.

11. Changes to this policy

We may update this Privacy Policy when ChromVoid changes or when legal, operational, or platform requirements change. We will update the "Last updated" date when we make material changes.

This policy and related app-store privacy disclosures should be reviewed whenever ChromVoid adds or materially changes analytics, payments, crash reporting, accounts, cloud sync, relay persistence, advertising, or third-party SDKs that process user data.

12. Contact

ChromVoid LLC is responsible for this Privacy Policy.

Company details: ChromVoid LLC, tax identification number (INN) 00547251, state registration number 999.110.1581079, registered on May 7, 2026.

Privacy contact and deletion requests: legal@chromvoid.com

Primary public domain: https://chromvoid.com