Home | Security | Privacy Policy | Terms & Disclaimer

Privacy Policy for Login Passkey Manager

Last Updated: November 15, 2025
Effective Date: November 15, 2025
TL;DR: We don't collect your data. We don't transmit your data. We don't store your data on servers. Everything stays on your device and your personal NFC card. That's our commitment to your privacy.

Introduction

Phenomenal Aktiebolag ("we," "our," or "us") operates the Login Passkey Manager mobile application (the "App"). This Privacy Policy explains how we handle information in connection with your use of our App.

Our Commitment: We are committed to protecting your privacy. This App is designed with privacy as a core principle - we do not collect, transmit, or store any personal data on our servers.

Information We Collect

Data Stored on Your NFC Card (Required)

The App stores the following data on your personal MIFARE DESFire EV3 NFC card:

Important: All passkey data is protected by PIN-based access control using AES-128 authentication. The encryption key is derived from your PIN with PBKDF2-HMAC-SHA256 at 600,000 iterations (configurable up to 2,000,000) and bound to the card UID, then used to authenticate with the card. While a session is active, passkeys are held in memory only; nothing about them persists on the device.

Data Stored Locally on Your Device

The App stores the following data on your device:

What is not stored on disk: Your passkeys are not persisted on the device. They live in RAM during an active session only, each private key envelope-encrypted with AES-256-GCM under a non-exportable, hardware-backed (when supported) Android Keystore wrapping key. The cache is cleared on logout, app close, session expiry, or after 3 failed PIN attempts.

What We DO NOT Collect

We explicitly DO NOT collect, access, or transmit:

No Cloud Storage: This App does not use cloud storage or any remote servers for credential storage.

How We Use Data

Data on your NFC card and in the in-memory session cache is used solely for:

  1. Passkey Management: Storing and retrieving your passkeys for authentication
  2. App Functionality: Providing the core features of the application
  3. NFC Card Storage: Your NFC card is the primary (and only persistent) storage location for all passkeys
  4. In-Memory Session Cache: Loaded into RAM after PIN verification so signing operations are fast; cleared when the session ends

Data Sharing and Third Parties

We do not share any data with third parties. Period.

Permissions Explained

Required Permissions

1. NFC Permission

2. Credential Manager

3. Internet Permission

4. Network State

No Sensitive Permissions

The App does NOT request:

Data Security

Encryption

Access Control

Data Retention and Deletion

Retention

Data is retained on your device until you:

Deletion

You can delete your data at any time:

  1. Individual Passkeys: Delete specific passkeys within the app
  2. All Data: Uninstall the app or clear app data in Android settings
  3. NFC Backup: Physically destroy your NFC card or overwrite it

Immediate Effect: All deletions are permanent and immediate. There is no recovery mechanism because there are no backups on our servers.

Children's Privacy

This App is not directed to children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect information from children.

Your Rights

Since we do not collect or store any personal data on our servers, traditional data rights (access, portability, erasure requests) are not applicable. You have complete control over your data because it exists only on your device and your personal NFC card.

Your Control

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

International Users

This App is designed to work internationally. Since all data is stored locally on your device:

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Phenomenal Aktiebolag
Email: support@phenomenal.se
Website: https://phenomenal.se

For security vulnerabilities, please contact us at support@phenomenal.se.

Disclaimer

This App is provided "AS IS" without warranty of any kind. We are not responsible for lost, stolen, or compromised credentials. You are solely responsible for:

For complete terms and conditions, please read our full Terms & Disclaimer.