Data Protection & Security

Last updated: August 18, 2025

Our core promise

Alimonyfy protects everything you enter with end-to-end encryption (E2EE). Your data is encrypted on your device before it leaves your device, and only your signed-in devices can decrypt it. Not even Alimonyfy—or any third party—can read your entries in transit or at rest on our servers. This is sometimes called “zero-knowledge” or “zero-access” encryption.

What E2EE means in practice

• We can’t see your content. Forms, numbers, notes, and documents you create are encrypted with keys that never leave your devices. Our servers store only ciphertext. Industry leaders describe this as “we can’t read your messages/files,” which is exactly the property E2EE provides.
• Only you hold the keys. Encryption keys are created and kept on your trusted devices. This approach mirrors how platforms like Apple’s Advanced Data Protection work: devices retain sole access to the keys for end-to-end encrypted data.
• If you lose access, we can’t unlock it for you. Because we never see your keys, we can’t recover encrypted content if you lose your device(s) and recovery credentials. This is a known trade-off in true zero-knowledge systems (for example, 1Password can’t recover a lost Secret Key).

What we encrypt

• Case data you enter (income, expenses, assets/debts, proposals)
• Drafts, notes, attachments you add in the app
• Generated files that remain inside the app’s secure storage

All of the above are encrypted on your device before syncing.

What we don’t collect

• No plaintext content. We never log or index your case content, numbers, or documents in plaintext.
• No third-party ad trackers. We don’t share or sell your data to advertisers.
• No human access to your content. Because of E2EE, our staff can’t view it even for support.

Limited technical and billing data

To operate the service, we process minimal metadata such as: subscription status, app version, crash diagnostics (scrubbed of content), and coarse event telemetry (e.g., “created a case” vs. the case’s contents). None of this includes your encrypted content.

Exports, sharing, and backups (important)

• PDF exports or files you choose to share leave the E2EE scope once you send or store them outside the app (email, cloud drives, printers, etc.). Treat exports like any sensitive document.
• Cloud backups of your device (if enabled) may include encrypted app data; whether those backups are themselves end-to-end encrypted depends on your platform settings (e.g., Apple’s Advanced Data Protection enables E2EE for iCloud backups).

Legal requests

Because we cannot decrypt user content, we can only produce limited account metadata in response to valid legal process. Encrypted content remains unintelligible without your keys.

Your responsibilities

E2EE protects you only if you protect your devices and credentials. Use a strong passcode/biometrics, keep OS updates current, and don’t share recovery secrets. (As with other zero-knowledge services, if you lose your keys, we cannot recover your encrypted content.)

Our security practices (overview)

• Modern, vetted cryptography for encryption and authentication
• Keys generated and stored on device; servers never hold raw decryption keys
• Defense-in-depth: TLS in transit, hardened infrastructure, and strict access controls even though servers see only ciphertext
• Independent security reviews and rapid patching of vulnerabilities
• Coordinated disclosure program (email: support@oststudio.dev)

Changes to this page

If we make material changes to our data protection approach, we’ll update this page and, when appropriate, notify you in-app.