Privacy Policy

Last updated: January 23, 2026

Overview

Osito is designed with privacy as a core principle. We believe your personal data belongs to you and only you. This policy explains how Osito handles your information.

Data Collection

We do not collect any of your data.

Osito does not:

• Collect analytics or usage data
• Track your behavior
• Use advertising identifiers
• Share data with third parties
• Store your data on our servers

Data Storage

All data you enter into Osito is:

• Encrypted on your device using AES-256-GCM encryption before being stored
• Stored locally on your device using encrypted SwiftData storage
• Synced via your private iCloud account if you have iCloud enabled (encrypted before upload)

Your encryption keys are stored in the Apple Keychain and never leave your devices. We have no ability to access, read, or decrypt your data.

iCloud Sync

If you enable iCloud sync, your encrypted vault data is stored in your private iCloud account using Apple's CloudKit service. This data is:

• Encrypted by Osito before leaving your device
• Further protected by Apple's iCloud encryption
• Only accessible by devices signed into your iCloud account

Apple's privacy policy governs their handling of iCloud data. We recommend reviewing Apple's Privacy Policy for details.

Vault Sharing

When you share a vault with others via iCloud, the vault's encryption key is securely transmitted through CloudKit's encrypted sharing mechanism. Only people you explicitly invite can access shared vaults.

Biometric Authentication

Osito supports Face ID, Touch ID, and Optic ID for authentication. Biometric data is processed entirely by Apple's secure enclave on your device. Osito never receives, stores, or transmits your biometric information.

Data Types Stored

Osito allows you to store the following types of information in your encrypted vaults:

• Secure notes
• Identity information (name, address, contact details)
• Identity documents (passport numbers, ID numbers)
• Bank account information
• Credit card information
• Custom fields

All of this data is encrypted and stored only on your devices and your private iCloud account.

Third-Party Services

Osito does not use any third-party analytics, crash reporting, or advertising services. The only external service used is Apple's iCloud/CloudKit for optional sync and sharing functionality.

Data Deletion

You can delete any data at any time within the app. Deleted items are removed from your device and, if iCloud sync is enabled, from your iCloud account. Due to our encryption architecture, we cannot recover deleted data.

Children's Privacy

Osito does not knowingly collect information from children under 13. The app is intended for general audiences.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy, please contact us at hello@tijs.org.