A product of Eventum Digital Agency · Last updated 2026-06-27
AuraVault is built around a simple promise: your secrets stay yours.
Nothing. AuraVault has no account, no server, and no analytics. The developers never see, receive, or store any of your data.
All of your data is stored only on your device, encrypted with your master password using strong, industry-standard encryption (Argon2id + XChaCha20-Poly1305). Without your master password the stored file is unreadable to anyone — including us. Your master password and recovery key are never stored and never leave your device.
AuraVault works fully offline and makes no network connections by default. The only exception is an optional, off-by-default breach check (HaveIBeenPwned “Pwned Passwords”). When you explicitly enable and run it, only the first 5 characters of a password’s SHA-1 hash are sent — never the password, and never the full hash (k-anonymity). The request is not linked to your identity and we receive nothing.
No advertising, tracking, or third-party analytics. The optional breach check contacts the HaveIBeenPwned range API (privacy).
You can export an encrypted backup, delete entries, or delete the app and its data at any time.
Eventum Digital Agency — AuraVault@eventumdigital.com
UA: AuraVault не збирає жодних даних. Усе зберігається лише на вашому пристрої у зашифрованому вигляді й не вивантажується. Опційна перевірка зломів (вимкнена за замовчуванням) надсилає лише перші 5 символів хешу пароля — ніколи сам пароль.