Privacy that matches the product philosophy.
OneLocked is built on the idea that your sensitive information should stay under your control. This page explains the main categories of information we handle and the privacy posture behind the service.
Information we collect
Account details
When you create an account, we collect the information needed to operate it, such as your email address and related account metadata.
Encrypted vault material
Vault contents are designed to be protected before sync. We store encrypted vault material and the operational metadata needed to support the product.
Operational signals
We may retain limited operational information such as session, device, or audit-related details that help keep the service functioning securely.
How we protect data
Zero-knowledge design
OneLocked is built around a zero-knowledge model intended to keep your master password on your device and reduce how much plaintext the server ever needs to know.
Encryption foundation
The platform uses modern encryption choices such as AES-256-GCM for vault protection and Argon2id for credential-related key derivation paths.
Secure infrastructure
Encrypted storage, secure connections, and a Rust-backed application foundation all contribute to the way OneLocked approaches platform security.
Storage & retention
Where data lives
Encrypted vault material and account-related data are stored in infrastructure used to operate the product and support continuity features such as backups.
How long we keep it
Your data is generally retained while your account remains active. When you delete your account, associated data is queued for permanent removal according to our retention process.
Third-party sharing
No data sales
We do not sell your personal information or your vault contents for advertising or marketing purposes.
Limited service providers
We may rely on carefully chosen service providers to help operate the product, but that does not change the underlying design goal of protecting sensitive vault data.
Legal requests
If required by law, we may disclose account-level information we actually possess. We cannot hand over plaintext vault contents we do not have the ability to read.
Your controls
Export and access
You can review account settings and use export-related options provided by the product when you need to move or inspect your data.
Account deletion
You can choose to delete your account, which starts the process of removing related data from active product systems.
Questions and requests
If you have privacy-related questions, contact us and we will help clarify what information we hold and how the product is designed to protect it.
Questions about your privacy?
Contact us at privacy@onelocked.com if you need clarification about this policy or how OneLocked handles the information it uses to operate the product.