Overview
Rook is a password manager designed around a single principle: your data belongs to you, not us. The app stores all vault data locally on your device using AES-256-GCM encryption with Argon2id key derivation. We do not operate any servers that receive, store, or process your passwords or personal information.
Data we collect
We collect nothing. Rook has no analytics, no crash reporting service, no telemetry, and no usage tracking. Here is a complete picture of where your data lives:
| Data | Where it's stored | Who can access it |
|---|---|---|
| Vault contents | Encrypted file on your device | Only you, via your master password |
| Master password | Never stored — used only to derive the vault key | Only you |
| Vault encryption key | iOS Keychain, protected by Secure Enclave | Only you |
| iCloud backup (optional) | iCloud Drive — encrypted ciphertext only | Only you (Apple cannot read it) |
| PIN unlock | Derived key in iOS Keychain | Only you |
Encryption
All vault data is encrypted on-device before being written to storage:
- Algorithm: AES-256-GCM (authenticated encryption with integrity verification).
- Key derivation: Argon2id (t=3, m=64 MiB, p=2) with a random per-vault salt — exceeds OWASP 2023 minimum parameters.
- Nonce: A unique random nonce per encryption operation, ensuring no two ciphertexts are alike.
- Biometric key storage: iOS Secure Enclave via the Keychain, protected by your device's biometric hardware.
Your master password is cleared from memory immediately after the vault key is derived. It is never written to disk, logged, or transmitted.
iCloud sync
iCloud sync is off by default. If you enable it in Settings, only the encrypted vault file (ciphertext) is uploaded to your personal iCloud Drive. The master password and encryption keys are never uploaded. Apple receives only an opaque blob it cannot decrypt.
Third-party services
Rook does not use any third-party SDKs, analytics platforms, advertising networks, or crash reporting services. The only network requests the app can make are to iCloud (when sync is enabled, via Apple's CloudKit APIs) and to Have I Been Pwned's password API (k-anonymity model — only the first 5 characters of a SHA-1 hash are sent, never the password itself).
Children
Rook does not knowingly collect information from anyone, including children under 13. Because we collect no data at all, the app is safe for use by anyone.
Changes to this policy
If we make material changes to this policy, we will update the effective date above and post the updated version here. Any substantive change will also be noted in the changelog.
Contact
If you have questions about this policy, email privacy@rookpass.com.