AgePony PGPony ↗ download
Privacy Policy · Last updated June 18, 2026

Privacy.

The short version: AgePony collects nothing. Below is the long version, including the one specific place your device touches the network and what that means.

The short version

No accounts. No servers. No telemetry. No analytics. No crash reporters. No advertising. No third-party tracking.

Every byte of your vault — identities, recipients, notes, settings — stays on your device, encrypted at rest. AgePony makes exactly one kind of network request, only when you explicitly ask it to: fetching a GitHub user's public SSH keys so you can encrypt to them. If that's all you needed to know, you can stop reading here.

What we collect

Nothing. There is no AgePony server. There is no account creation, no sign-in, no email gathering. There are no analytics SDKs, advertising SDKs, or third-party crash reporters in the app.

We do not know who is using AgePony, how often, what files you encrypt, or to whom. We could not tell you any of those things if we wanted to, because the information has never left your device and was never sent to us in the first place.

What stays on your device

AgePony stores everything locally in the app's sandbox:

  • Your identities (private keys) live in an encrypted vault file. They are never transmitted anywhere.
  • Saved recipients (other people's public keys) live in the same vault file.
  • Notes store their titles in the vault and encrypt their bodies separately with per-note passphrases via scrypt.
  • The vault master key lives in the platform keystore — iOS Keychain, or the Android Keystore — accessible only after biometric authentication.
  • The vault file itself is encrypted at rest using ChaCha20-Poly1305 with the master key.
  • Secure Enclave signing keys (where used) are generated in hardware and are non-exportable; they never leave the device.

If device backup is enabled, the encrypted vault file may be included in your platform backup (iCloud Backup or the Android equivalent). The file remains encrypted; the keystore master key syncs only if you have that platform feature enabled, and the platform vendor cannot read either.

Network activity

AgePony makes one type of optional, user-initiated network request: when you type a GitHub username in the recipient picker and tap fetch, AgePony makes an HTTPS request to https://github.com/<username>.keys to retrieve that user's public SSH keys.

GitHub may log this request as part of normal server operations; see GitHub's privacy statement for details. AgePony itself does not store the request, the response, or any analytics about it.

That's it. No other network requests, ever. No telemetry. No update checks. No license validation. No "phone home" of any kind. You can run AgePony in airplane mode and the only thing that won't work is fetching GitHub keys.

Permissions AgePony requests

  • Biometric authentication (Face ID / Touch ID / fingerprint): used to unlock your vault. Biometric data never leaves your device; the platform handles authentication and reports only success or failure back to AgePony.
  • Camera: used only when you tap the QR button to scan a public key. QR codes are read in-process; the camera feed is not saved, transmitted, or shared. AgePony does not access your photo library.
  • NFC: used only when you tap a FIDO security key to sign. The exchange happens locally between phone and key.

Third-party services

github.com — only when you explicitly fetch a user's public keys via the recipient picker. AgePony has no other relationship with GitHub.

Platform cryptography and authentication frameworks (Apple's CryptoKit and LocalAuthentication; Android's equivalents) are built into the operating system. No data leaves your device through these APIs.

That's the entire list. No analytics SDKs, advertising SDKs, third-party crash reporters, or any other external services.

Children's privacy

AgePony is rated for general audiences and does not collect data from anyone, including children. There are no in-app purchases, no advertising, and no user-generated content visible to other users.

Your rights and choices

Because nothing about you is ever transmitted to us, there is nothing for us to delete on request — we don't have anything to begin with.

To remove all your AgePony data from your device: open the app, go to Settings, and tap Reset Vault. This deletes the master key from the keystore and removes the encrypted vault file. Alternatively, delete the app; any orphaned keystore item can be cleared by reinstalling and choosing "Reset and start over" on the Locked screen.

Changes to this policy

If this policy changes materially, we'll update the "Last updated" date at the top. There is no email list to notify you, since we don't have your email.

Contact

Questions about privacy or this policy: NorseHorse@norsehor.se