Last updated: January 28, 2026
Travel Document Vault (provided by Mustafa Hafeez) ("we" or "us" or "our") respects the privacy of our users ("user" or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application, Travel Document Vault (the "Application"). Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE APPLICATION.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted.
This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.
Introduction
Travel Document Vault is designed to provide a secure, local environment for managing your personal travel documents. Our philosophy is strict data isolation: we believe your sensitive documents belong solely to you, on your device. This Application operates without user accounts, cloud synchronization, or backend servers.
No Accounts & No Tracking
We operate with a strict privacy-first policy:
- No accounts: You do not create an account to use the Application.
- No tracking: We do not track your location, usage patterns, or document contents.
- No analytics by default: We do not collect behavioral analytics or usage data.
Information We Do NOT Collect
To be clear about our privacy-first approach, we do not collect:
- Personal identification information (name, email, phone number)
- Document images or scans
- Passport numbers, visa numbers, or other document identifiers
- Travel plans or itineraries
- Location data
- Usage analytics or behavioral data
- Advertising identifiers
Information Handling
All information entered into the Application - including document images, passport details, notes, and expiry dates - remains exclusively on your local device. The Application uses on-device Optical Character Recognition (OCR) technology solely to assist in data entry.
Assistive features: Optical character recognition and reminder features are assistive only. Detected dates and reminders should always be reviewed and verified by the user. The app does not verify documents or provide legal or travel advice.
Data Storage
All documents and related data are encrypted on disk locally on your device using AES-256-GCM encryption. The app scrambles your files before saving them to your device's storage. The app does not upload, sync, or back up documents to any server.
If you have iCloud Backup (iOS) or Google Backup (Android) enabled, your documents are included in your encrypted device backup. This is handled by your operating system, not by the app. When you export your vault, the backup is password-protected with AES-256-GCM encryption and PBKDF2 key derivation, ensuring your data remains encrypted even outside your device.
Data Retention
Your data persists on your device for as long as you choose to keep the Application installed. Since all data is stored locally:
- Data remains on your device until you manually delete it within the app or uninstall the Application
- Uninstalling the Application permanently deletes all associated data
- We cannot access, recover, or delete your data remotely
- You have full control over your data at all times
Data Sharing
Data export or sharing is strictly user-initiated. Information leaves the Application only when you explicitly interact with the system share sheet to send a document or detail. The Application performs no background transmission of data.
Third-Party Services
The Application (App) minimizes reliance on external services to preserve privacy. We do not use advertising networks or third-party analytics within the Application (App) to track user behavior.
Website Analytics: When you visit our public website (traveldocumentvault.com), we use anonymous analytics (Google Analytics) to understand site traffic and improve our marketing. This website analytics data is ONLY collected if you consent via our cookie banner. This data is aggregate only and is never linked to your personal data or your activity within the App.
Crash Reporting (Sentry)
The Application uses Sentry (sentry.io) for optional crash reporting to help us identify and fix critical application issues. When enabled, the Application automatically sends anonymous crash reports only when the app crashes completely and stops working.
Crash reports may include:
- Device type and model
- Operating system version
- Application version
- Anonymized crash stack traces
Crash reports never include:
- Document images or scans
- Document contents or metadata you've entered (names, numbers, dates, expiry info)
- OCR data or extracted text
- File contents or attachments
- Device IDs, email addresses, or personal identifiers
Manual error reporting: For non-fatal errors (export failures, feature issues), the app captures detailed error logs locally on your device. You can export these logs at any time via Settings > Data & Privacy > "Export Error Logs" and send them to us if you need support. Error logs never leave your device unless you explicitly export and share them.
You have full control: Crash reporting is opt-in and disabled by default. You can enable or disable it at any time in Settings > Data & Privacy > "Help Improve the App". All document storage and OCR processing remain entirely on the device and are never transmitted to Sentry or any external server, regardless of this setting.
Data processing location: Crash report data may be processed by Sentry, Inc. in the United States. Sentry maintains compliance with applicable data protection frameworks. You may opt out at any time by disabling crash reporting in Settings.
Biometric Authentication
The Application offers optional biometric authentication (Face ID, Touch ID, or fingerprint unlock) as a Pro feature for convenient app access.
Your biometric data never leaves your device. The Application uses your device's built-in Face ID or Touch ID. We never access, store, or process your biometric data. The Application only receives a simple "unlocked" or "locked" result from your device.
Requirements: To use biometric unlock, you must have Face ID or Touch ID already set up in your device settings. Biometric authentication is optional and can be disabled at any time in the Application's Settings.
Notifications
Expiry reminders are managed locally via the device's notification center. The scheduling and delivery of these alerts occur entirely on-device, ensuring that your travel plans and document expiry dates are not tracked externally. Notification content uses generic messages (e.g., "A document expires soon") and does not reveal passport numbers, visa details, or other sensitive information in the notification preview.
User Control
You retain complete autonomy over your data. You may add, modify, export, or permanently delete records at your discretion. As there are no user accounts or remote servers, deleting the Application from your device results in the immediate and permanent removal of all associated local data.
Children's Privacy
The Application is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Since the Application does not collect any personal information and stores all data locally on your device, there is no mechanism through which we could collect data from children.
If you are a parent or guardian and believe your child has provided information to us, please contact us at the email address below. However, please note that since we do not operate servers or collect data, we have no data to delete.
California Privacy Rights
California residents may have additional rights regarding their personal information under the California Consumer Privacy Act (CCPA). However, since we do not collect, sell, or share personal information, these provisions do not apply to our data practices. All data remains on your device under your exclusive control.
European Economic Area, UK & International Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or any jurisdiction with similar data protection laws, the following applies:
Data Controller: Mustafa Hafeez is the data controller for any personal data processed through the Application. Contact: support@traveldocumentvault.com
Legal Basis for Processing: To the limited extent that we process any personal data (crash reports via Sentry, if enabled), our legal basis is our legitimate interest in maintaining and improving the Application's stability and performance (Article 6(1)(f) GDPR). You may opt out of crash reporting at any time in the Application's Settings.
Your Rights: Under applicable data protection laws, you have the right to:
- Access any personal data we hold about you
- Rectification of inaccurate personal data
- Erasure ("right to be forgotten") of your personal data
- Restriction of processing
- Data portability
- Object to processing based on legitimate interests
- Lodge a complaint with your local data protection authority
Because the Application stores all document data exclusively on your device and we have no access to it, most of these rights are exercised directly by you through the Application (e.g., deleting data, exporting data). For crash report data processed by Sentry (if enabled), you may exercise your rights by contacting us at the email above or by disabling crash reporting in Settings.
International Transfers: Crash report data (if enabled) may be processed by Sentry in the United States. Sentry maintains appropriate safeguards for international data transfers. You may opt out at any time.