Privacy Policy
Last Updated: February 2026
1. Zero-Knowledge Architecture
Unlatch is constructed on a strict zero-knowledge foundation. This means we do not have access to your Master Password or the raw contents of your password vault. All encryption and decryption processes (utilizing AES-256) occur locally on your device before any data is transmitted to our servers. Your privacy is not just a promise; it is cryptographically enforced by our system design.
2. Information We Collect
Account Information
When you register for Unlatch, we collect your email address. This is strictly required to identify your account, send Multi-Factor Authentication (2FA) codes, and communicate critical security notices.
Security Metadata
To protect against unauthorized access, we automatically record the IP addresses of successful logins and authentication attempts. This metadata powers our 2FA bypass logic to keep your vault both secure and convenient.
3. Information We Do NOT Collect
Your Master Password: It is never sent to our servers in plaintext. It is hashed and salted client-side for authentication.
Vault Contents: The titles, usernames, passwords, and URLs stored in your vault are sent to us as AES-256 encrypted blobs. We have no mathematical way to view this data.
4. Data Storage and Retention
Your encrypted vault data is securely hosted on modern, compliant infrastructure. If you decide to close your account, all associated data, including your encrypted vault blobs, authentication metadata, and profile information, is permanently deleted from our primary servers.