How MYKI Works

What information does MYKI store?

MYKI locally stores passwords, cards, notes, government IDs and any custom category that you create.

  • Your browsing data is not recorded
  • Your keystrokes and mouse movements are not logged
  • We store an encrypted version of the phone number you signed up with in order to allow you to restore your data to a new device, to be able to send you notifications and to enable credential sharing between users.

We collect anonymized analytics and usage information in order to improve our services. This information is used in order to provide us with aggregate information to know what features to focus on the most and which features we need to improve.

Example of information includes:

  • How many users come from advertisements that we run
  • How many users properly go through the initial onboarding
  • How many users purchase pro features
  • How many users use the share passwords feature
  • How many users use MYKI on more than one device
  • How many users are backing up their vaults properly

All of this usage information can be disabled from our privacy center page in the MYKI app. Opting out of usage analytics will stop sharing any usage information.

Where does MYKI store the password vault?

MYKI stores your password vault locally across devices that you have MYKI installed on.

Your vault is synced in an end-to-end encrypted manner across different MYKI applications.

Our relay servers are used to sync your encrypted vault between different devices.

How does MYKI secure data in motion?

End-to-end encryption between devices that you have enrolled

  • All traffic is over HTTPS
  • RSA2048 is used to encrypt an AES-256 key that is used to encrypt relayed data. Any message emitted is also digitally signed.
  • The Key exchange happens by scanning a QR code
  • Shared Passwords are AES-256 encrypted with a random key which is encrypted using RSA-2048

Why should I trust MYKI?

We are Cyber Essentials certified and GDPR ready and abide by strict rules when it comes to managing the access that our engineers have to our relay servers and app update mechanisms.