Encryption
Your data is yours. We can't read it even if we wanted to.
Every receipt, wallet entry, journal entry, trip, and preference you sync to the cloud is encrypted on your device before it ever leaves your phone. Our servers only store scrambled ciphertext. No one at Koink — not even database administrators — can read your data.
How It Works
A unique key is generated for you
When you first sign in with Google, Koink generates a random 256-bit encryption key on your device. This key is yours alone and is the only thing that can unlock your data.
Data is encrypted before upload
Every time you save a receipt, write a journal entry, or update your wallet, the data is encrypted on your device using AES-256-GCM before being sent to our servers. The server receives — and stores — only encrypted ciphertext.
Decryption happens only on your device
When you open the app, encrypted data is downloaded from the cloud and decrypted locally on your phone. The decrypted version never touches our servers.
Works across devices
Your encryption key is stored securely on your device (protected by your passcode) and securely synced to our server so you can sign in on a new device and access your data seamlessly.
Technical Details
Encryption Algorithm
Koink uses AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode). This is the same encryption standard used by:
- Major cloud platforms and operating systems
- End-to-end encrypted messaging apps
- Banks and financial institutions worldwide
- Government and military-grade security systems
AES-256-GCM provides both confidentiality (no one can read the data) and integrity (no one can tamper with it without detection).
Key Generation
Each user's encryption key is a cryptographically random 256-bit key generated using the platform's secure random number generator.
Encryption Format
Each piece of data is encrypted with a fresh random 12-byte nonce (initialization vector). The output format is:
The unique nonce per encryption ensures that even identical data produces completely different ciphertext every time.
Key Storage
- On device: Stored in your device's secure keystore, protected by your passcode and hardware-level security. The key is accessible only after the device is unlocked.
- On server: A copy is stored in a dedicated, access-controlled database table so new devices can retrieve it. Only your authenticated session can access your key.
What's Encrypted
| Data Type | Encrypted at Rest | Why |
|---|---|---|
| Receipts | Yes | Personal financial data |
| Wallet entries | Yes | Income, expenses, debts |
| Wallet settings | Yes | Budget amounts |
| Journal entries | Yes | Personal reflections and thoughts |
| Journals | Yes | Journal names and metadata |
| Trips | Yes | Trip details and spending |
| Trip settings | Yes | Active trip preferences |
| Split contacts | Yes | Names of people you split with |
| Split sessions | Yes | Bill splitting details |
| Theme settings | Yes | Preferences synced to cloud |
| Receipt images | No | Stored in private user-scoped cloud bucket with access control; not E2E encrypted to allow direct image serving |
| Shared splits (group trips) | No | Must be readable by all group members |
Account Deletion
When you delete your account, your encryption key is permanently destroyed — both from your device and from our servers. All encrypted cloud data is also deleted. Since the key no longer exists, even if any data fragments remained, they would be permanently unreadable.
Frequently Asked Questions
Can Koink employees read my data?
No. Your data is encrypted before it reaches our servers. Even with full database access, all an administrator would see is base64-encoded ciphertext — meaningless without your encryption key.
What happens if I sign in on a new phone?
Your encryption key is securely retrieved from our server (accessible only with your authenticated session) and stored in the new device's secure keystore. Your data is then decrypted locally as usual.
Is this the same encryption banks use?
Yes. AES-256 is the gold standard for symmetric encryption. It's approved by the U.S. National Institute of Standards and Technology (NIST) and used by governments, banks, and security-focused apps worldwide.
What about data in transit?
All network communication uses HTTPS/TLS, so your data is encrypted twice — once by our end-to-end encryption and again by the transport layer. Even if someone intercepted the network traffic, they would see encrypted data inside an encrypted connection.
For complete details on how we collect, use, and protect your information, see our Privacy Policy.