Privacy policy for Keepass2Android

Who we are

Philipp Crocoll Wallonenstr. 4 76297 Stutensee Germany

is the author of Keepass2Android and Keepass2Android Offline.

What data is collected?

The contents of your password database is yours and is never collected by us. Keepass2Android stores this data on a location chosen by the user and encrypted in the Keepass database format. The app author does not have any access, neither to the files nor the contents. Depending on the user's choice of the storage location, the files may be stored on third-party servers like Dropbox or Google Drive.

Keepass2Android does not collect personal identifiable information. For debugging purposes, the user may activate creating a debug log. This collects data inside the app and is not accessible to any other app nor the author of the app, unless the user explicitly sends the debug log to the author. Debug logs usually do not contain personal identifiable information, except if such information is part of file or folder names. Debug logs will not be shared with third parties unless explicitly authorized by the sender.

What Android permissions are required?

Internet (Keepass2Android regular only): Required to allow the user to read/store password databases or key files on remote locations, e.g. Dropbox or via WebDav.
Contacts/Accounts (Keepass2Android regular only): Required by the Google Drive SDK. If you want to access files on Google Drive, you are prompted to select one of the Google Accounts on your phone to use. The permission is required to query the list of Google accounts on the device. Keepass2Android does not access your personal contacts.
Storage: Required to allow the user to read/store password databases or key files on the device locally.
Fingerprint/Biometric: Required if you want to use biometric unlock.
Vibrate: Required by the built-in keyboard (vibrate on key press)
Camera: Required for scanning OTP QR Codes
Foreground service: Required to keep the app alive for QuickUnlock (so you don't need to enter your full master password repeatedly)

What Google user data is accessed?

The app does not access data from the user's Google account unless explicitly requested by the user. If the user selects to open a file from (or store a file in) Google Drive, the app will query the list of files and folders on the user's Google Drive. This is required such that the user can select existing password database files stored in Google Drive, e.g. from PC programs.

The app does not store any file contents or file paths of files except the ones which the user selects to use.

The app does storethe file paths of files selected by the users for the purpose of displaying and for updating the file contents. The app also does store a cache copy in a local, app-internal folder of the file, such that the file can be accessed even when no internet connection is available.

How is this data protected from unauthorized access?

As stated above, copies of the user's file contents are stored in a local, app-internal folder. This folder is not accessible by external apps as enforced by the Android OS. Consequently, the data is protected. Note also that if the user selects Keepass2Android files (.kdbx), these are encrypted securely and only unlocked if the user enters the decryption password. No unencrypted version of the databases are stored.