LocnLock legal
Privacy Policy
Effective: 3 July 2026
1. Overview
This policy describes how Rahman Mubarok handles information in connection with the LocnLock website and desktop application.
LocnLock is designed as an offline, local-first application. The desktop app does not require a LocnLock account, cloud backend, or synchronization service.
2. Desktop application data
Projects, entries, settings, and vault backups are stored on locations selected or controlled by the user on their own device. Project names, entry keys, values, and notes, all account fields, and saved links and files are encrypted at rest with AES-256-GCM. Environment labels, the sensitive flag, display order, timestamps, and relationships remain local plaintext metadata.
The current application does not send vault content, usage telemetry, crash reports, or analytics to Rahman Mubarok.
3. Website data
The current website does not use marketing cookies, advertising trackers, or product analytics. Standard hosting infrastructure may still process technical request data such as IP address, user agent, requested URL, and timestamps for security and delivery purposes.
If you join the macOS waitlist, the email address you submit is processed by EmailOctopus, our email service provider, under its own privacy policy, solely to notify you when the macOS version becomes available. The address is not shared further or used for any other purpose, and you can unsubscribe from any message.
This policy must be updated if analytics, additional mailing forms, customer support forms, or other hosted services are added.
4. Purchases and support
LocnLock is purchased through the Microsoft Store. Microsoft processes billing, transaction, tax, and fraud-prevention information under its own privacy policy; Rahman Mubarok does not receive payment card data.
Information voluntarily sent in a support request may be used to answer that request and maintain necessary business records. Users should not send passwords, tokens, vault exports, or other secrets in support messages.
5. Retention, rights, and contact
Local vault data remains under the user's control. Retention periods and privacy request procedures for website, purchase, and support records must be finalized based on the operator's legal obligations and service providers.
Privacy questions may be directed to [email protected].