top of page

# Privacy Policy of Veilix

 

This page is used to inform users regarding our policies with the collection,

use, and disclosure of personal information if anyone decides to use our

Service, the **Veilix** iOS application.

 

If you choose to use our Service, then you agree to the practices described in

this policy. In short: **Veilix does not collect, transmit, or store personal

information on any server.** Everything happens on your device.

 

The terms used in this Privacy Policy have the same meanings as in our Terms

and Conditions, unless otherwise defined here.

 

## Information Collection and Use

 

Veilix does not require an account. We do not ask for, collect, or transmit any

personally identifiable information. We do not have user profiles, email

sign-ups, contact lists, or any other identity-bound feature.

 

All steganographic operations — selecting an image, embedding a message or

file, encrypting with your password, decoding an existing image — run

**entirely on your device**. The plaintext of your message, your password, and

the file you embed never leave the device through Veilix.

 

## Local Storage

 

Veilix uses Apple's standard `UserDefaults` to remember your app preferences

between launches:

 

- Whether the "share as a file" reminder should be skipped.

- Whether the onboarding tour has been completed.

- Your chosen carrier-image size policy.

- A counter of failed decode attempts and the timestamp until which decoding

  is rate-limited (used to slow down password-guessing attacks).

 

These values are app preferences, not personal data, and they never leave the

device.

 

Temporary files (PNG exports and decoded files prepared for the share sheet)

are written to the iOS temporary directory and are removed when the share

sheet is dismissed, or by the operating system when it reclaims disk space.

 

## Cryptography

 

When you choose to encrypt, Veilix derives a key from your password using

**PBKDF2-HMAC-SHA256** with 200,000 iterations and a random per-encoding salt,

then encrypts the payload with **AES-256-GCM** or **ChaCha20-Poly1305**

(authenticated encryption) using a random nonce. The cryptographic primitives

are provided by Apple's CryptoKit framework.

 

**Your password is never stored, never transmitted, and is not recoverable.**

If you forget it, the encrypted content cannot be retrieved by anyone —

including the Veilix authors.

 

If you tap the copy-password button, Veilix places the password on the iOS

system pasteboard with an automatic 60-second expiration, after which iOS

clears it.

 

## Permissions

 

Veilix requests the following iOS permissions, and only when relevant:

 

- **Camera** — only when you tap *Take a photo*. The captured image is never

  uploaded; it is used as the carrier image for embedding.

- **Photos library** — not required. Veilix uses Apple's modern

  `PHPickerViewController`, which runs in a separate system process. We never

  receive direct read access to your photo library.

- **Files** — only when you explicitly choose a file via the Files picker.

 

Veilix does not request, and does not need, network access. The app does not

include any networking code.

 

## Image Metadata

 

When Veilix exports an encoded image, it rebuilds the image from raw pixel

data. As a side effect, **EXIF metadata is stripped** — including location,

device model, and timestamps — to protect your privacy against accidental

disclosure through metadata.

 

## Service Providers

 

Veilix does not employ third-party analytics services, advertising networks,

crash reporters, or any other SDK that transmits data off the device.

 

## Security

 

Your data never leaves your device through Veilix, so the security model

rests on:

 

- Apple's CryptoKit implementations of AES-GCM, ChaCha20-Poly1305, HMAC, and

  SHA-256.

- PBKDF2 key derivation with a high iteration count, designed to slow down

  password-guessing attacks.

- Per-encoding random salt and nonce, so the same password produces different

  ciphertext every time.

- An exponential lock-out counter that persists across app launches: after a

  few wrong password attempts in a row, decoding is paused for 30 seconds,

  then 1 minute, then 10 minutes.

 

That said, no security system is absolute. The strength of your encrypted

content depends on the strength of your password. We recommend using long,

unique passphrases.

 

## Sharing of Encoded Images

 

When you export an encoded image and share it through the system share sheet,

the destination app (Mail, Files, AirDrop, Messages, etc.) takes over. Veilix

has no control over what happens to the file once you hand it off, including:

 

- Whether the receiving app or service re-compresses the image (some

  messengers do, which destroys the hidden content).

- Whether the receiving service uploads the file to its own cloud.

- Any privacy policy of the recipient app.

 

Veilix shows a reminder before each share to suggest channels that preserve

file bytes (Save to Files, AirDrop, Mail attachment) and warn against

re-compressing channels.

 

## Children's Privacy

 

Veilix does not address anyone under the age of 13. We do not collect any

personal identifiable information from anyone, including children.

 

## Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. We will notify you of any

changes by updating the policy distributed with new versions of the Veilix

app and on the policy's hosted location. Changes are effective immediately

once posted.

 

## Contact Us

 

If you have any questions or suggestions about this Privacy Policy, do not

hesitate to contact us at: **<your-contact-email-here>**

 

---

 

*Last updated: 17 May 2026*

© 2018 VideoHub Control. Landing page created on Wix.com

bottom of page