The case for Vaultaire

Privacy apps have a fatal flaw: they look like privacy apps.

A locked folder announces it's locked. A hidden gallery called “Calculator+” fools no one who's looking. Every “secure” photo vault on your iPhone shares the same problem: it proves you have something to hide.

When someone forces you to unlock your phone, whether that's a border agent, an abusive partner, or an authoritarian government, they see the app, they see the lock, and they don't stop until you open it.

Vaultaire doesn't hide your files behind a lock. It makes them cease to exist.

How encrypted photo storage should actually work

Draw a pattern on the grid. A vault opens with your private photos, videos, and documents, each file individually encrypted with AES-256-GCM using hardware-backed keys from Apple's Secure Enclave. Draw a different pattern, and a completely different vault opens. Different files, different encryption keys, different everything.

Enter the wrong pattern? No error message. No “incorrect password.” Just an empty vault. There is no observable difference between “wrong” and “empty.”

Every vault sits inside a pre-allocated block of encrypted noise. Whether you've stored zero files or five hundred, the data on disk looks identical. Forensic tools can't tell the difference. There is nothing to find because there is nothing that looks like something to find.

This is not a lock on a door. It's a wall where the door used to be.

Why zero-knowledge architecture matters

Most photo vault apps put a PIN screen in front of unencrypted files. If someone connects your phone to a computer, the files are right there, completely readable. That's not security. That's a curtain.

Vaultaire was built around a single principle: no one, not us, not Apple, not a forensic examiner, can prove your files exist. Privacy is not something we bolted on after the fact. It's how the app works at every layer.

No accounts. No email, no phone number, no identity to tie back to you. Nothing to subpoena.

No cloud dependency. Your files never leave your device unless you explicitly choose encrypted iCloud backup or encrypted vault sharing. Even then, the server only sees noise.

No biometrics. Face ID and fingerprints can be compelled by law enforcement. A pattern in your head can't be extracted. We left biometrics out on purpose.

No “forgot password.” No server knows your pattern. No email reset. No backdoor. A 12-word recovery phrase exists for those who want it, stored only on your device. There is no way in for anyone but you.

Your pattern goes through 600,000 rounds of PBKDF2 to derive a 256-bit encryption key. That key lives only in memory and gets wiped the moment the app locks. We never see it. We can't recover it. That's the point.

Who it's for

Journalists protecting sources where phone searches are routine. Activists carrying documentation under government surveillance. Domestic abuse survivors keeping evidence secure on a device they know is being monitored. Travelers crossing borders where device inspection is mandatory. Attorneys with privileged materials on personal phones.

And anyone who gets that privacy isn't about having something to hide. It's about having something worth protecting.

The duress vault

Designate any vault as a duress trigger. When that pattern is drawn under coercion, every other vault is silently and permanently destroyed. The duress vault opens normally. The person watching sees cooperation and an ordinary-looking vault with a few harmless photos. They have no way to know that anything else ever existed.

No other encrypted vault app does this.

What we won't build

We won't add biometric unlock, because it can be legally compelled. We won't add cloud-dependent storage, because it creates a target for subpoenas and breaches. We won't add analytics that track how you use the app. We won't add a backdoor dressed up as account recovery. We won't weaken the architecture for convenience.

Every decision in Vaultaire comes back to one thing: your private files stay yours, under any circumstance.