You are the only one who can access your data. Our app is based on the concept of self-custody. which means that only you have access to your passwords and other authentication credentials. We strongly believe in non-custodial principles that are gaining popularity with rise of web3. By storing less of our personal information in the cloud, as a result, we believe that the world will become more democratic and less vulnerable to security incidents.

If you forget your master password. You can still access the app by using your biometrics (Face-ID / Touch-ID), provided you have activated biometry authentication in the app. If you only use a master password, we suggest writing it down or making a backup on a USB-stick or iCloud. However, if you have completely forgotten your master password, we cannot help you since there is no back-door to your data. This is intentional and by design to ensure the security of your data.

Our encryption methods solely rely on the native encryption API´s provided through Apple´s CryptoKit (external link). This includes ChaCha20 / Poly1305 and Diffie Hellman (external link), and salsa20 (external link). We ensure that all stored user-data, app-data is encrypted. Additionally, we encrypt all local network communication with E2EE (external link) (end-to-end-encryption). Furthermore, all data stays offline, so anyone attempting to gain access to your data would require physical access to your device and surpass the security measures you set up, such as master-password and biometric authentication.

The data is stored in an encrypted database on your device only. We never have access to any of your data or credentials. The private encryption keys are safely stored in your device's T2 hardware chip, also known as the Secure enclave (external link). You can access it only through a master password or biometric authentication. Currently, there are no known ways to hack or gain unauthorized access to the Secure Enclave. Any potential risks to the Secure Enclave would be quickly patched by Apple to ensure your data remains safe. Additionally, the app will soon support YUBI key (external link) as an added security measure.

To set a master password, navigate to the preferences menu in the app and select the security option. From there, click on the "Set Master Password" button and follow the on-screen instructions. Finally, make sure to turn on the "Activate Master Password" toggle.

To set a pin-code, navigate to the preferences menu in the app and select the security option. From there, click on the "Set Pin Code" button and follow the on-screen instructions. Finally, make sure to turn on the "Activate Pin Code" toggle.

To activate Face-ID / Touch-ID, navigate to the preferences menu in the app and select the security option. From there, toggle the "Active biometric authentication" toggle button and follow the on-screen instructions to finalize the activation.

We create a "secure-byte-array" by using nonce generator: Cryptographic nonce (external link) from Apple´s native encryption API, which we then use as the basis when generating passwords configured with the configuration "recipe" that you choose. This "config-recipe" uses a combination of characters, numbers, and words to create strong password that are difficult to brute force. The nonce data is generated using various entropy sources on your device, such as sound, motion, hardware fluctuations, and internet activity. These sources combined provide statistically strong entropy, which is crucial for creating strong passwords. Our goal is to add more entropy features that will inform you of the strength of your password in terms of the time it would take to brute force it. As quantum computing is becoming more prevalent, this feature will be more important than ever. We will also create statistical tools to verify the underlying entropy.

Sentry only store data on users devices. Internet communication can be monitored in apples App Privacy Report (external link) under "Settings -> Privacy". By default we only request data from industry standard NTP services (external link) and apples AppStore (In order to manage payment). If telemetry is activated (Opt-out) we send annonomized data regarding usage to google analytics (Errors and time used etc). We never send personal information.

BlueTooth doesn't have it´s own P2P communication framework for data transfers, so we created one that is highly secure and reliable. It's our secret sauce, but we can tell you that it works great, even when devices are in standby-mode. As a side note, the new official Bluetooth mesh framework is more suitable for short bursts of message relays to IOT devices, rather than as a communication layer for distributed databases and data transfers.

Yes, we do not use the default Bluetooth encryption as it can be difficult for users to activate and has been proven in the past to be insecure. Instead, we utilize the industry standard 256-bit End-to-End Encryption (external link) (E2EE) provided by Apple for setting up connections and transmitting data in the peer-to-peer network. Additionally, we have implemented a unique step where users must verify a confirmation code during the initial "handshake-process" when devices are added to prevent any potential Man-in-the-Middle attacks MITM (external link). This extra security measure is the first of it´s kind in the industry. We also use the confirm-code-handshake-protocol when users use our proprietary secure-quick-share feature to share account information with other users.

Yes, you can use it without an internet connection. As long as Bluetooth is enabled, all features will be fully functional.

Currently, we allow up to 8 devices to sync simultaneously. However, in the future, we plan to upgrade the communication protocol to support an unlimited number of devices.

To add more devices to sync with, go to preferences in the app and select devices. Tap the add button and follow the instructions in the wizard that appears. On the other device, go to preferences and select devices to set it to pairing mode. The process takes a few seconds and you will receive a an end-to-end-encrypted (external link) confirmation-code to ensure you are connecting to the intended device and to avoid any potential (man-in-the-middle) attack vectors MITM (external link).

To facilitate peer-to-peer communication, we use Bluetooth as it's the only network protocol that allows direct communication between multiple devices. Unlike WiFi, which requires a router to function properly. Many public wifi points also block inter-communication between devices. Bluetooth also supports connections in low-energy standby-mode, which means we can connect to devices even when they're in standby mode.

Unlike a cloud database, which store all data in one centralized location, a distributed database (external link) is a database structure that is designed to be spread out across multiple devices. Whenever these devices come into contact with one another, the databases automatically merge together. Each database on each device retains it´s own reversible history of all changes made. To further ensure the safety of the data, automatic database backups are built-in as a failsafe in case a database gets corrupted due to hardware failure or other events that may lead to database corruption.

To utilize the quick share feature, start by choosing the entry you wish to share. Next, locate and press the share button, which will prompt a popup with additional instructions. On the receiving device, tap the add button found on the main screen of the application, which will then prompt another popup. Locate and press the "receive entry" button at the bottom. The receiving device should now appear on the other device. Select it and follow the on-screen instructions. To ensure that the entry is sent to the correct recipient, ensure that the confirmation codes match.

You can recover your credentials from any device you own. Or recover from a USB stick / cloud based backup file. Password protected with your own personal password. We recommend using a strong password if you want to store a backup in the cloud.

First, export your accounts from your current credential manager to a file. Then, go to the preferences section of the app and select import accounts. Choose the file you just exported and follow the onscreen instructions. We support all major credential managers, including 1password, lastpassword, keeper, keychain, bitwarden, and more. In the future, we plan to support even more credential managers through the cvs format.

Currently, we only support exporting in clear-text-json-format. To do this, go to preferences and select "export data" without adding a password. The exported file will be saved as backup.data file and can be opened in any text reader app. We advise against using GPT to convert the data format since using GPT is not always secure. However, we are working on releasing better export options to support all major credential managers.

To store a backup in iCloud, go to the app's preferences and select "export." Choose a strong password that cannot be easily guessed or brute-forced in case someone gains access to the backup data file in the future. We suggest using a 12-24 word mnemonic phrase (external link), which you can generate from our app when you create a password for a login-entry. When prompted to choose a location to save the backup.data file, opt for a location in your iCloud space. It's important to ensure that you can still access iCloud in case you lose access to all your devices. You can recover most iCloud accounts through SMS, so make sure you have access to your personal phone number. It may also be wise to write down your iCloud password, as well as the password and OTP code for the email connected to your iCloud account. Keep in mind that iCloud and email access recovery schemes may change over time, so this recommendation could become outdated or modified in the future. In any case. With enough effort it should be possible to recover an iCloud account, you might have to prove identity with apple etc. To be safe, we recommend keeping a backup of your data offline on a USB drive, with or without a strong password. The level of recoverability is up to you, but most people will recover their data from any of the devices they own. It is rare to lose all your devices at the same time, but in case this happens. We will soon support additional devices like apple watch and apple vision. Rendering the need for extra backups as unimportant to the majority of users. You can also use other cloud endpoints, like dropbox or OneDrive etc. If you need help generating a secure mnemonic-phrase, you can do so when creating a password for a login entry in our app. In the future, we plan to let you easily generate these phrases during the export process.

To do this, you can use the macOS app and follow these steps: 1. go to preferences, 2. click the export button, 3. and when prompted, add a strong password or leave it blank if you prefer. 4. Then, select the USB stick as your destination and you´re all set. If you want to do the same process on an iPhone, you will need to have an iPhone 15 with usb-c, or use a USB stick that supports lightning-port or use a USB to lightning dongle. You can find the usb stick with lightning support here (external link) and for the dongle you can visit this link (external link)

If you want to remove all data from the app, there are a couple of options available to you. First, you can delete the app entirely, which will delete all data associated with it. Alternatively, you can go to the preferences of the app and press on the clear-all-data button to wipe the data from the app. Keep in mind that if you simply remove entries and empty the trash, the data will still be stored as "tombstone" entities in the database. While it is technically possible to recover this data, it would require access to the private key, which is currently not possible. We plan on improving our "data-purging-process" in the future.

To start, please ensure that you have cleared all previous entry data on all connected devices. This is to prevent any duplicate entries from being created. Once you have done this, navigate to the preferences section of the app and press the "import data" button. Choose your backup.data file and enter the password if you have set one before. Follow the onscreen instructions to complete the process. Please note that your history is not restored from backup files. In the future, we plan to integrate a data clearing feature into the import wizard and improve how we handle duplicates.

Every entry has a unique history from it´s creation date to the most recent change. To reverse a change, enter edit mode for the entry you want to undo. Then, click on the history button and a popup will appear with an overview of all changes. Find the change you want to recover, copy it, and paste it back into the entry.

To begin, open the Google Authenticator app and click on the "prefrences" button. From there, select "export" and choose the account you wish to transfer. Once selected, a QR code will appear. In our app, create a new entry and press the QR button to scan the code. If you're using a Mac, take a screenshot of the QR code and open it via the entry QR image button. It's important to note that Google Authenticator may prompt you to remove the account after showing the QR code. If you intend to remove the account, press "finish." If not, select the option to keep the account and then press "finish" or cancel the operation. Please note that we currently do not support batch import of multiple OTPs from Google Authenticator, but we will be adding this feature soon.

To add a new OTP code on a Mac, save the QR code image and then open it in a login-entry by pressing the OTP-image-button. For iOS, tap the OTP-camera-button in the login entry and scan the QR code. It's also a good idea to save the recovery QR code in an entry note in case the OTP provider requires additional verification in the future. Please note that we will be adding support for adding a OTP-QR-image-button to the iOS app soon.

There are three options. Firstly, scan an OTP-QR-code on your iPhone. Secondly, if you have the OTP-credential-URL, you can paste it into an OTP-entry-text-field when an entry is set to edit-mode. Lastly, if you only have a picture-based-OTP-QR-code, you can open this in the macOS app by clicking the QR-image.button, next to the OTP-entry-input-field. Note that support for adding OTP QR images for the iOS app will soon be available.

To export OTP codes from the app, set the entry view to "edit-mode" and copy the OTP-URL to your clipboard. You can then paste the OTP-credential into Google Authenticator or other OTP apps.

Firstly, navigate to the system-preferences on your iPhone. Then press the passwords and AutoFill button. After that, choose Sentry as your AutoFill provider. This will enable you to automatically fill in passwords in Safari and other compatible applications.

First, go to the system-preferences on your Mac and press on "Passwords - AutoFill." Next, select Sentry as your preferred AutoFill provider. By doing this, you'll be able to automatically fill in passwords on Safari and in other compatible applications.

There seems to be a disagreement between Apple and Google over password-management. Google is suggesting that users store their passwords in their own data-servers and use Chrome passwords. This has made it difficult for them to incorporate Apple´s macOS autofill API into the Chrome browser. To follow the progress of the implementation, you can click on this link: https://bugs.chromium.org/p/chromium/issues/detail?id=1170065 (external link) Autofill works in Chrome for iOS, but if nothing happens with the Apple-Google standoff soon, we may have to create our own AutoFill extension for Chrome for macOS. This will require installing an extension from the Chrome app store.

We use UpgradeAlert to remind users to update their apps. In iOS, this happens automatically unless you've turned off automatic app updates. However, in macOS it's not automatic by default unless you've turned it on. So, when there's an update available, we'll prompt you with a popup in the app that includes a direct link to the app store so you can update the app. You probably won't see this too often for iOS, because you should have already gotten the update. This feature requires the app to use Apple's app store API to check if there's an update available. If you'd like to disable this internet call, you can go to the app's Preferences and turn it off in the Privacy section. However, we encourage you to keep your apps updated because it'll keep them more secure and working well together. Sometimes we might upgrade our proprietary network protocol, and they won't always be backward compatible. If that happens, nothing bad will happen and we will inform you how to proceed, but it's better to stay updated and enjoy smooth operations now and in the future.

Our app uses Google Analytics to enhance it's performance by analyzing user behavior, detecting errors, and measuring session duration. This helps us identify areas that require improvement, such as compatibility issues with new OS updates. Please note that we only collect data related to user behaviour and do not gather any identifiers, personal information, passwords, or metadata. You can disable this feature by going to the preferences section and selecting the privacy option. Then press the telemetry toggle to off position.

The NTPTime (external link) feature improves the accuracy of database entries. However, if you keep your device clock accurate, it is safe to turn off this feature. When there is no centralized server, it is essential for devices to have the same time to ensure accuracy. Therefore, relying on a single source of truth, such as a NTP time service, is more precise in determining the time of an event. In the event entry time accidentally deviates significantly, it is always possible to recover new data in the history feature of an entry.

Yes, it's technically possible if you purchase the Lifetime package. This will limit communication with Apple's App Store server to just the initial purchase and never again. Unlike the subscription packages which will authenticate the licenses monthly / yearly. You'll need to restore the purchase on any future devices you add. This can be done during onboarding or in preferences later. If you migrate a device to a new device, the purchase will carry over and no connection to Apple's servers will be made. Unfortunately, we can't add export/import features for the purchase because it's not possible to verify the legitimacy of the purchase other than through apples servers. With the Lifetime package and by turning off other internet-based features in the app's preferences, you can effectively make the app completely offline.

We have plans to integrate a "2FA-recommendation-feature", haveibeenpwned.com auditing, web-fav-icon downloader integration for rare brand icons, and a password-recipe-recommendation feature. These features will require an internet-call to download data from the internet. However, they will be optional and can easily be disabled in the app's preferences section. Our focus is for the app to operate completely offline if the user wishes it to be and we will never intentionally compromise this for any other agendas.

You can go to the device preferences section, then select Privacy, and finally, click on App-Privacy. There, you can check which internet-services the app has called upon. Here is a link to App Privacy Report (external link) where you can learn more about app privacy.

If you have iCloud backup activated, your account data is currently stored in iCloud. However, we will soon be making it optional in the preferences. Rest assured that your data is encrypted and can only be accessed by your biometry or master-password.

We understand that GDPR and CCPA regulations are concerned with storing and processing user data outside of user devices. However, our product does not process any data in the cloud, so these concerns do not apply to us.

Your passwords and data are securely stored on the devices only you have access to. All data is transmitted through local Bluetooth peer-to-peer communication exclusively. No data is ever transferred or stored outside of your personal peer-to-peer network and local distributed database system. We use industry-standard 256-bit E2EE (external link) provided by Apple APIs to encrypt all data transmissions. The encryption keys are stored in the Secure enclave (external link) T2 hardware chip on your device, ensuring that only the app itself has access to the private keys used in the end-to-end encryption (E2EE) transfer protocol. The private key for E2EE is not accessible by the user and cannot be exported or imported.

We utilize two external open-source frameworks, namely TPInAppReceipt (external link) and SwiftDraw (external link). These libraries facilitate offline support for in-app purchases and allow for SVG rendering in the app. We did not develop these frameworks ourselves as they are complicated and will eventually be substituted by more modern ways of solving the underlying problems they solve. Our aim is to not depend on any external dependencies in our code at all. We have forked the repositories and pinned the specific code versions we use, thereby eliminating any risk of third-party supply chain attacks. We have inspected and verified all the code provided and made sure that they do what they intend to do. We do not use any closed-source third-party SDK's. All other frameworks are built in-house. We also opensource many of them.

Our code is securely stored in an enterprise account on GitHub (external link), which is protected by 2FA. We deploy our app using apple xCode-cloud (external link) integration, which is also protected by 2FA. We do not use any other continuous-integration tools for the app code, but we utilize various CI tools for our public open-source frameworks, including CodeBeat (external link) and Github actions (external link). To ensure safety, we do not grant external CI tools access to our GitHub organization account. The only tool that has access to our GitHub organization account is the Apple xCode cloud, which pulls code from GitHub during the deployment of new test-flight or app-store release.

We currently support Login-entry, Payment-Card-entry, WiFi-entry, and Secure-Note-entry. We are also planning to add more account types in the near future, including Seed-entry, which is ideal for storing Cryptocurrency wallet (external link) that are more secure when be kept offline.

Most users have multiple accounts, but only use a small fraction of them regularly. By archiving an entry (press the entry more-button to access this feature), you can still access the account without it appearing in your main list or AutoFill. If you decide to use the account regularly again, you can easily un-archive the entry the same way you archived it.

Our product does not require any sign-up and does not rely on a central server in the cloud. The app is completely self contained and works entirely offline without any need for remote server communication. In the unlikely event that we go out of business, our app will still be functional as 30% of the code is already open-source, and we will release the remaining 70% to a public repository under a suitable opensource license on GitHub. We would then aim to convert our company into an ideal organization so that we can continue to maintain our business account with Apple and keep the app updated through community support. All funds generated from this would go towards the maintainers and covering minimum operational costs. However, we do not anticipate going out of business as we are currently breaking even at around 3000 active users. Since day 1, we have automated as much as possible to make our operations as efficient and autonomous as possible. This includes automated tests, deployments, app-store-screenshots, release notes, code reviews, bug-checks, code-linting, code-security checkups, auditing, and other aspects of our organization. The only things that are not automated are coding and business development. At some point, we believe that our product will be self-sufficient and require minimal oversight from the maintainers.

Partly, we have made approximately 20-30% of our product´s source code available as open-source on our Sentryco GitHub page. You can inspect or use these frameworks in your own projects as they are licensed under the MIT license. The frameworks that are available as open-source include UpgradeAlert, Telemetry, Logger, DarkMode, CommonCell, WizardHelper, UserDefaultSugar, FileSugar, JSONSugar, Spatial, SVGWrapper, With, TestRunner, UITestSugar, KeyChainExport, Additionally, our Sentry website is also open-source. We have chosen not to release the entire codebase as open-source to prevent clones on the app-store that could mishandle user data and damage our reputation. However, we plan to release more open-source frameworks as they mature internally.

We're currently in the process of implementing this feature and we will announce support as soon as it's available.

We're currently in the process of implementing this feature and we will announce support as soon as it's available.

We strive to have our code audited by an external company specializing in security on a regular basis, preferably weekly. However, the cost and potential exposure of our company's intellectual property are concerns. We are looking forward to the availability of offline on-prem AI auditing service, which could potentially be used with low cost on every release we make, and verify builds publicly. This service will not risk leaking our company IP as it will be on-prem and offline. As soon as we have sufficient funding, we will engage an auditing company to verify that our current code is as secure as we believe it is. Our testing suite (external link) is continually expanding and improving with each release, covering more edge cases and features. You can also review all our open-source publicly on our Sentry Github account (external link), You can find out more about our thorough testing routines (external link). All our proprietary and public code is thoroughly tested, as can be seen in our public repositories. We also document our code extensively to ensure it is easy to maintain and avoid inserting mistakes in future updates. Our code quality is above the highest industry standard, as evidenced by our CodeBeat score in many of our opensource repositories, with near full score in most cases.

Yes. All database data, private encryption keys and user settings will automatically migrate between TestFlight and AppStore (and vis-verca)

In the app, go to the preferences section, then press the payments button, and finally press the refund purchase button. This will prompt a popup from apple that will take you the rest of the way. Refunds are processed by apple within 48 hours.

With online credential managers you will always be at risk of compromise if someone gets access to your master password, or someone with access to the the cloud leaks your data. As has often happened in the past: Hackers stole encrypted LastPass password vaults (external link)

Native apps are generally considered more secure than hybrid apps using electron or eeact-native because they run directly on the operating system, allowing them to leverage the built-in security features and permissions of the platform. This tighter integration with the OS provides better isolation from potential threats, as opposed to Electron apps, which rely on web technologies and a built-in browser engine, potentially exposing them to more - security vulnerabilities. Additionally, native apps can benefit from timely security updates and patches provided by the platform, further enhancing their security posture. Another benefit of native apps is that they - use less space and memory than non-native apps. Dedicated native apps are apps that are built for their native OS. And do not reply on native hybrid solutions like Apple Mac Catalyst. (external link)

When the time is right. It might be sooner or later

When the time is right. It might be sooner or later