Privacy Policy

Last updated: February 13, 2026

1. Data Controller

Stephan Bail
Prälaturhof 1
83629 Weyarn
Germany
Email: stephan@keyvault.studio

2. Overview

KeyVault Studio is designed with privacy in mind. We collect minimal data necessary to provide our service and never sell or share your personal information with third parties.

3. Data We Collect

3.1 Authentication Data

  • Microsoft Azure account credentials (stored securely in macOS Keychain)
  • Authentication tokens from Microsoft (encrypted and stored locally)
  • Azure subscription and tenant information

3.2 Application Data

  • User preferences and settings (stored locally on your device)
  • Key Vault access history (stored locally)
  • Error logs for debugging (stored locally, never transmitted)

3.3 Website Analytics

This website uses Counter.dev, a privacy-friendly, open-source analytics tool. Counter.dev collects only anonymous, aggregated data such as page views, referrer sources, and general browser/device information. It does not use cookies, does not collect IP addresses, and does not perform fingerprinting or cross-site tracking. No personal data is collected or stored.

3.4 App Analytics

The KeyVault Studio application does NOT collect:

  • Usage analytics or telemetry
  • Performance metrics
  • Crash reports (unless explicitly shared via TestFlight)

4. How We Use Your Data

Important: KeyVault Studio acts as a client application that connects directly to Microsoft Azure. Your authentication credentials are sent directly to Microsoft's authentication servers, not to our servers.

  • To authenticate you directly with Microsoft Azure services (credentials go directly to Microsoft)
  • To manage your Azure Key Vault resources through Microsoft's APIs
  • To save your application preferences locally on your device
  • To provide customer support when you explicitly request it

We do NOT have access to your Azure credentials or the contents of your Key Vaults. All communication happens directly between your device and Microsoft Azure.

5. Data Storage and Security

  • All sensitive data is stored locally on your device
  • Authentication tokens are encrypted using macOS Keychain
  • We use industry-standard encryption (AES-256)
  • No data is transmitted to our servers
  • All Azure communication uses Microsoft's secure APIs

6. Third-Party Services

Microsoft Azure

KeyVault Studio connects to Microsoft Azure services. Your interactions with Azure are governed by Microsoft's Privacy Policy.

Counter.dev (Website Analytics)

We use Counter.dev for anonymous website visitor statistics. Counter.dev is an open-source service that does not use cookies, does not collect personal data, and does not track users across websites. The legal basis is our legitimate interest in understanding website usage (Art. 6(1)(f) GDPR). For more information, see Counter.dev's Privacy Policy.

TestFlight (Beta only)

If you participate in our beta program, Apple TestFlight may collect crash logs and usage data according to Apple's Privacy Policy.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at stephan@keyvault.studio

8. Data Retention

All data is stored locally on your device and remains under your control. You can delete all app data at any time by:

  • Uninstalling the application
  • Using the "Clear All Data" option in settings
  • Removing stored credentials from macOS Keychain

9. Children's Privacy

KeyVault Studio is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Stephan Bail
Email: stephan@keyvault.studio
Address: Prälaturhof 1, 83629 Weyarn, Germany

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for data protection issues in Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: www.lda.bayern.de