How MYKI Works

What information does MYKI store?

MYKI locally stores passwords, cards, notes, government IDs and any custom category that you create.

  • Your browsing data is not recorded
  • Your keystrokes and mouse movements are not logged
  • No account metadata is stored in our servers
  • We store a hashed version of the phone number you signed up with in order to allow you to restore your data to a new device along with the app version to support backwards compatibility.

We collect anonymized analytics and usage information in order to improve our services. This information is used in order to provide us with aggregate information to know what features to focus on the most and which features we need to improve.

Example of information includes:

  • How many users come from advertisements that we run
  • How many users properly go through the initial onboarding
  • How many users purchase pro features
  • How many users use the share passwords feature
  • How many users use MYKI on more than one device
  • How many users are backing up their vaults properly

All of this usage information can be disabled from our privacy center page in the MYKI app. Opting out of usage analytics will stop sharing any usage information.

Where does MYKI store the password vault?

MYKI only stores sensitive data locally across devices that you have MYKI installed on.

  • MYKI does not hold a copy in the cloud
  • Your vault is seamlessly synced P2P across MYKI-enabled devices.

How does MYKI secure data in motion?

End-to-end encryption between devices that you have enrolled

  • All traffic is over HTTPS
  • RSA2048 is used to encrypt an AES-256 key that is used to encrypt relayed data. Any message emitted is also digitally signed.
  • The Key exchange happens by scanning a QR code
  • Shared Passwords are AES-256 encrypted with a random key which is encrypted using RSA-2048

Why should I trust MYKI?

MYKI only stores your data locally across devices that you manage.

We don't use the cloud to store your passwords. In the eventuality that our servers are compromised, your critical information remains safe.

We are Cyber Essentials certified and GDPR ready and abide by the strictest rules when it comes to managing the access that our engineers have to our relay servers and app update mechanisms.