Terms & Disclaimer

Version: 1.0
Effective Date: October 25, 2025
Last Updated: November 15, 2025
⚠️ Important Information About Credential Security

This application stores authentication credentials (passkeys) on your personal NFC card and maintains an encrypted cache on your device.

YOUR RESPONSIBILITY

By using this application, you acknowledge and accept full responsibility for:

COMPANY LIABILITY LIMITATIONS

Phenomenal Aktiebolag is NOT responsible for:

SECURITY RECOMMENDATIONS

We strongly recommend the following security practices:

HARDWARE REQUIREMENTS

This application requires:

SOFTWARE "AS IS" WARRANTY DISCLAIMER

This application is provided "AS IS" without warranty of any kind, either express or implied, including but not limited to:

DATA STORAGE MODEL

Primary Storage: All passkeys are stored on your personal MIFARE DESFire EV3 NFC card with PIN-protected access control. The encryption key is derived from your PIN with PBKDF2-HMAC-SHA256 (600,000+ iterations, card UID as salt) and used to authenticate with the card’s AES-128 application keys.

In-Memory Session Cache: Passkeys loaded from the card are held in RAM only for the active session. Each private key is envelope-encrypted with AES-256-GCM using a non-exportable Android Keystore wrapping key. Nothing about a passkey persists on the device’s disk.

No Cloud Storage: No data is transmitted to or stored on any cloud servers or remote systems.

USER ACCEPTANCE

By using this application, you acknowledge that you:

UPDATES TO TERMS

We may update these terms from time to time. When we make material changes:

GOVERNING LAW

These terms are governed by the laws of Sweden. Any disputes shall be resolved in Swedish courts.

CONTACT INFORMATION

If you have questions about these terms:

Phenomenal Aktiebolag
Email: support@phenomenal.se
Website: https://phenomenal.se

RELATED DOCUMENTS