FILE A0 / ABOUT
A small team building a serious privacy tool.
AppVault is a single-purpose iPhone app built by Vastflow, a small product studio. We do not raise venture capital. We do not run an ad network. We do not sell user data because we do not collect user data. This page explains the rest.
UPDATED · 2026-05-16 · REVIEWED BY APPVAULT
PRINCIPLES
The five rules we wrote down before the first commit.
1. No account, no email, no recovery.
Every photo vault breach since 2014 has been an account-database breach. The cryptography held; the metadata did not. We decided the only way to win that argument is to not run an account database. The trade-off is that we cannot recover a forgotten pattern — and we are willing to lose that argument every time it comes up.
2. No servers we cannot afford to shut down tomorrow.
AppVault has zero infrastructure that holds customer data. The website serves static HTML. There is no API, no admin panel, no logging pipeline. If Vastflow disappears tomorrow, your installed copy of AppVault keeps working exactly as it does today — because there is nothing to disappear with.
3. No advertising inside a privacy product.
Advertising SDKs are network-connected, data-exfiltrating binaries running inside the app. Even when the SDK is well-behaved, the surface exists. We chose to fund the product directly through paid tiers instead. The free tier covers a single small vault; the paid tiers fund development.
4. No claims we cannot link to a primary source.
Every cryptographic statement on this site — "AES-256-GCM", "PBKDF2 with 600,000 iterations", "Secure Enclave-bound" — points to a NIST publication, an IETF RFC, an Apple Platform Security page, or an OWASP recommendation. If we cannot link a claim to a primary source, we do not make the claim.
5. No marketing that overstates the threat model.
AppVault defends against shoulder-surfing, lost or stolen devices, customs and border inspections, and the half-second when someone borrows your phone. It does not defend against a coerced unlock, a jailbroken device, or a state-level adversary holding both your device and your wrists. We say so on the Security page in plain English, because a privacy product that overstates its threat model is the one you should not trust.
HOW WE FUND
One product, four tiers, no advertising.
AppVault Pro is $1.99 per month, $9.99 per year (with a 7-day free trial), or $29.99 as a one-time lifetime purchase. Apple takes its standard cut; the rest funds engineering, design, customer support, and the eventual third-party cryptographic audit. We have no other revenue source. We do not sell aggregated data because there is no aggregated data to sell.
The free tier (one vault, 25 files) is a real free tier — not a time-limited trial. We expect a meaningful share of installs to live there forever, and that is fine.
How we hire
Vastflow hires slowly and only in roles that move the product. Engineering, design, support. We do not have a growth team, a partnerships team, or a content marketing team. When the team grows, it will show up first as faster feature shipping and longer guide articles, not as more email in your inbox.
How to reach us
Four email addresses are listed on the Contact page, each routed to a real person. Response time is typically same-day during European business hours, always within five business days.
GET STARTED
Seal the vault.
Free to download. The first vault is free, forever. Upgrade only when you outgrow it.