Last Updated: March 2026 · Effective Date: February 2026
The Short Version
We collect nothing. We know nothing about you. We have no way to identify you. Your portfolio lives on your phone. Nowhere else.
Nothing. No accounts, no email addresses, no names, no device identifiers, no usage analytics, no crash reports, no telemetry. We have no database of users and no servers that store user data.
App Store Privacy Label: We declare "Data Not Collected" for all categories.
Legal basis (GDPR): Darkfolio does not process personal data. No legal basis for processing is required because no processing occurs.
None of this data is backed up to iCloud or included in iTunes backups. It exists only on your device.
Darkfolio needs current prices to show your portfolio value. Here's how we get them without learning anything about you — and how you can prove it.
Most portfolio apps say "we respect your privacy." We say: don't trust us — verify it yourself.
Darkfolio makes two privacy claims. Both are verifiable using a free app and a web browser.
The server sees only that someone requested prices, when, and their IP address (unless Tor is enabled). It processes no user data and is configured not to retain request logs.
The app contacts up to three domains. You'll always see the first; the other two sync less often.
prices.getdarkfolio.app
Live prices (every refresh)
history.getdarkfolio.app
Sparkline trends (once daily)
archive.getdarkfolio.app
Chart archive (when updated)
Each domain serves the complete dataset for its purpose — prices, history, or archive — for every asset in the universe, identical for every user. You can open any of them in a browser to see what the server publishes. The app includes direct links in Settings › Verify.
But browsing a URL only shows you what the server offers. To see what the app actually sends and receives, you need a network inspection tool.
A network inspection tool shows you every request any app on your phone makes. We use Proxyman (free on the App Store) in this guide, but any similar tool works.
*.getdarkfolio.app to your SSL Proxying list. This single wildcard covers all three domains and stays within Proxyman's free tier.
On a fresh install, your first pull-to-refresh triggers all three requests at once. On an existing install, you'll see prices immediately; history syncs once daily and the archive syncs when updated.
If you use Tor, re-enable it now and pull to refresh in Darkfolio. Then check Proxyman.
You can also check Darkfolio's Activity Log (Settings › Activity Log). A shield icon on each request confirms it was routed through Tor.
Another option: open iOS's App Privacy Report (Settings › Privacy & Security). With Tor on, you'll see unfamiliar IP addresses instead of *.getdarkfolio.app domains — those are Tor relay nodes, not our server.
The server sends everything to everyone. It has no way to determine your holdings.
Proxyman installs a root certificate and a local VPN to inspect traffic. Once you're done verifying, remove both:
Our proxy server aggregates prices from public market data sources. These requests are made server-side, not by your device. The data sources never see your device, your IP address, or any information about you. We do not sell, share, or disclose user data to any third party, because we do not collect any.
Darkfolio uses standard iOS frameworks:
We do not use iCloud, push notifications, or any analytics, crash reporting, or telemetry services.
All data is stored locally on your device. We have no servers that store user data, so there is no server-side retention period.
On your device, data is retained as follows:
When you uninstall the app, iOS removes all app data. Keychain entries are device-only and excluded from backups.
Delete All Data in Settings permanently erases everything — all encrypted vaults, cached prices, alerts, Keychain entries, and preferences. This is immediate and irreversible. We have no backup of your data and no way to recover it.
Individual portfolios, watchlists, and alerts can also be deleted independently through the app. If you delete the app itself, all data is removed by iOS. Keychain entries are marked "This Device Only" and are never included in iCloud or device backups.
Since Darkfolio collects no personal data, there is no consent to grant or revoke. No user data is transmitted to our servers or any third party. The app functions entirely without data collection, so there is no consent mechanism because none is needed.
Rights of access (Article 15), rectification (Article 16), erasure (Article 17), and portability (Article 20) do not apply to our servers — we hold no user data to access, correct, erase, or transfer. All data resides on your device under your control.
We do not sell, share, or disclose personal information to third parties. There is no personal information to opt out of selling because we do not collect any.
All connections use HTTPS. Our own price domains (*.getdarkfolio.app) intentionally do not use certificate pinning — this allows you to inspect all traffic with tools like Proxyman. Standard iOS TLS validation still applies. Third-party API domains used server-side have additional certificate pinning.
When Tor is enabled, traffic is routed through the Tor network to a hidden service endpoint using Tor's own layered encryption.
The app connects only to our price CDN, Apple's subscription services (which do not route through Tor), and — when Tor is enabled — the Tor network.
All sensitive data is encrypted on your device:
We use PIN-only authentication by default — no biometrics.
Auto-wipe is available as an opt-in feature: all local data is erased after 5 consecutive failed PIN attempts. When Ghost Mode is active, auto-wipe is enabled automatically.
Alert data is encrypted with a device-specific key (not your PIN) so alerts can work in the background. A disclosure is shown in the app when you create your first alert.
When you have price alerts enabled, the app periodically refreshes prices in the background using iOS's standard task scheduler. Background refreshes use the same blind pricing architecture — all 7,000+ prices are fetched, not just your alerts. If Tor is enabled, background refreshes wait for a Tor connection and never fall back to a direct connection.
Background refresh is only active when you have at least one price alert.
Ghost Mode gives you a second PIN that opens a completely separate encrypted vault — its own portfolios, watchlists, encryption key, and settings. Both vaults use AES-256-GCM encryption, identical file structures, identical storage formats, and are padded to the same size on disk. File names are neutral. Keychain entries exist for both PINs on every installation. Security metadata is itself encrypted. Nothing on the device labels one vault "primary" and the other "secondary."
Every Darkfolio installation creates both vault files the first time you open the app, whether or not Ghost Mode is enabled. This is a structural property of the app, not a feature you toggle into existence.
The app opens the second vault. Settings shows App Lock as on and Ghost Mode as off — the toggle is visible but appears inactive. The app looks and behaves exactly as it would for someone who has never enabled Ghost Mode. Even someone who knows Darkfolio has a Ghost Mode feature cannot tell from the device that it's active.
From inside the second PIN's space, you can turn App Lock off entirely. The app then opens freely with no lock screen. This is useful if someone expects to see your phone unlocked. Turn App Lock back on later, enter your first PIN, and your original space is right where you left it. Neither vault is affected by the other's App Lock state.
If you toggle Ghost Mode on while inside the second space, you are prompted to set a PIN for the first space. Doing so erases or overwrites the data in the other vault and creates a fresh, empty space behind the new PIN — effectively reversing which vault you consider "primary." The app doesn't care. Both vaults are architecturally identical. The distinction between them exists only in your intentions, which are not stored on the device.
There is no "real" vault and "decoy" vault at the technical level. Which space holds your actual portfolio and which holds a decoy — or whether both hold real data — is entirely up to you. This is particularly relevant for cryptocurrency users who may want a plausible secondary wallet visible in one space while keeping their primary holdings in the other. Either vault can serve either purpose.
When Ghost Mode is active, auto-wipe is enabled automatically: 5 consecutive failed PIN attempts erase all local data from both vaults. This cannot be disabled while Ghost Mode is on.
Either PIN can reset the other vault. From whichever space you can access, go to Settings to set a new PIN for the other space. Resetting creates a fresh vault — previous data in that space is gone.
No security measure is absolute. Ghost Mode is designed to raise the bar significantly for anyone attempting to determine your holdings — or whether the feature is active at all.
Pro users can route all price requests through the Tor network. Darkfolio includes a built-in Tor client — no external apps or configuration required.
When Tor is enabled:
When Tor is enabled, the app will not fall back to a direct connection — if Tor can't connect, prices won't refresh until it does. We will never silently expose your IP address.
Tor is not a complete anonymity solution. It protects your IP address from our server but does not protect against all forms of network analysis. Tor requires a Pro subscription or an active trial.
Our widgets and Control Center controls provide actions only — toggle Quiet Mode, refresh prices. No prices, symbols, values, or portfolio information are ever displayed on any widget or control.
Siri Shortcuts support actions like refreshing prices and toggling Quiet Mode. We do not support shortcuts that return portfolio data — Siri responses pass through Apple's servers, so we chose not to send financial data through that path.
We don't claim perfection. Some limitations worth noting:
*.getdarkfolio.app. Enabling Tor eliminates both of these.Darkfolio is not directed at children under 13. Since the app collects no data whatsoever, there is no mechanism through which children's data could be gathered.
Darkfolio processes no personal data on any server. There are no cross-border data transfers because all data remains on your device, regardless of your location. The app is available in 20 languages but stores nothing remotely — the same privacy guarantees apply to every user worldwide.
If we update this policy, we'll update the "Last Updated" date. Since we collect no data, material changes are unlikely.
| Question | Answer |
|---|---|
| Do you collect my email? | No. |
| Do you track what I do? | No. |
| Can you see my portfolio? | No — blind pricing makes this impossible. |
| Do you sell data? | We have no data to sell. |
| Do you use analytics? | No. |
| Do you share data with advertisers? | No. |
| What if someone requests my data? | We have no data to give them. |
| What happens if your server is hacked? | They get public asset prices. Nothing about you. |
| What if I delete the app? | Everything is gone. We have nothing to retain. |
Track everything. Reveal nothing.