Security

Kryven Legacy uses a zero-knowledge design — all entry content is end-to-end encrypted on your device before it syncs. Built on Apple's CoreData and CloudKit, your data lives in your iCloud account. Kryven has no servers, no accounts, and no access to your encryption keys or content.

Zero-Knowledge Design

Kryven has no servers and no user accounts. Your data lives entirely in your own Apple ecosystem — on your device and in your iCloud account. We have no ability to access, view, or decrypt your content, even if we wanted to. There is nothing on our end to breach.

Security in Layers

Protection is layered across your device and the Apple ecosystem:

  1. Your device passcode and biometrics protect physical access
  2. The app encrypts all content with AES-256-GCM before it leaves your device
  3. Encryption keys are stored in Apple Keychain, protected by your device hardware
  4. Encrypted data syncs through Apple CloudKit into your personal iCloud
  5. Shared groups use separate per-group keys — revoke access and the key is gone

For additional protection, you can enable Apple's Advanced Data Protection for iCloud, which extends end-to-end encryption to more iCloud data categories managed by Apple.

End-to-End Encrypted

All entry content is encrypted with AES-256-GCM on your device using Apple's CryptoKit framework before anything syncs. Encryption happens at the source — your device — and only authorized devices with the right keys can decrypt it. Four metadata fields (category, dates, favorite status) use Apple's standard CloudKit encryption rather than app-level E2EE.

Keychain-Protected Keys

Encryption keys are generated on your device and stored in Apple Keychain and iCloud Keychain — the same secure storage used by Apple's own apps. Keys sync across your signed-in Apple devices automatically and never leave the Apple ecosystem. Kryven never holds, sees, or has access to your keys.

Backup files are protected separately with PBKDF2-HMAC-SHA256 at 100,000 iterations using a password you choose.

Biometric-Locked Access

The app is locked behind Face ID, Touch ID, or your device passcode via Apple's LocalAuthentication framework. Auto-lock activates whenever the app is backgrounded. No one can open the app without your biometric or passcode — even with physical access to your device.

Built on Apple's Infrastructure

Kryven Legacy is built on Apple CloudKit and Core Data — the same frameworks powering Apple's own apps like Notes and Reminders. Sync, storage, and sharing all run through Apple's infrastructure. No third-party backends involved.

Sharing You Control

Shared groups use dedicated per-group encryption keys — separate from your personal keys. Only invited participants can decrypt shared content. You can revoke access at any time and it takes effect immediately. No Kryven account needed — sharing is managed through your Apple ID.

Guidance-First Design

Kryven Legacy is designed to store directions and references — what exists, where it is, who to contact — not raw credentials. This limits the sensitivity of what's stored while still giving loved ones everything they need to act.

Use Apple Passwords for passwords and passkeys. Use Kryven Vault for full documents and IDs. Use Kryven Legacy as the map.

For policy details, see Privacy and Terms. For common questions, see Support.

Ready to Get Started?

Start free with 10 entries on iPhone and iPad. Mac coming soon.

Download on the App Store View Pricing