AEU ECC App
Privacy Policy
Last Updated: 2026-02-15
Version: 1.0.0
1. Introduction and Legal Scope
This Privacy Policy ("Policy") is a legally binding agreement that governs the collection, use, storage, and protection of information in connection with the AEU ECC and AEU Authenticator applications ("App", "Software") and all related services.
This Policy applies to all services provided under the following brands, trademarks, and trade names, all of which are owned by or licensed to Sokol Alickaj: AEU, AEU Cloud, AEU-App, AEU-DNS, AEU-i, AEU ECC, AEU Authenticator, and any derivative or affiliated brands (collectively "AEU Services", "we", "us", "our").
BY DOWNLOADING, INSTALLING, COPYING, OR OTHERWISE USING THE SOFTWARE, YOU ("USER", "YOU", "YOUR") ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE LEGALLY BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE ALL USE OF THE SOFTWARE AND DELETE ALL COPIES IN YOUR POSSESSION.
2. Copyright Notice and Intellectual Property
COPYRIGHT © 2026 SOKOL ALICKAJ. ALL RIGHTS RESERVED.
2.1 PROPRIETARY SOFTWARE:
The AEU ECC and AEU Authenticator applications, including but not limited to their source code, object code, algorithms, architecture, user interface designs, graphics, icons, documentation, and all associated intellectual property, is the exclusive property of Sokol Alickaj and is protected by international copyright laws, trade secret laws, and other intellectual property rights.
2.2 RESTRICTIONS:
You may NOT, without prior written authorization from Sokol Alickaj:
• Copy, reproduce, or duplicate the Software or any portion thereof
• Modify, adapt, translate, or create derivative works
• Reverse engineer, decompile, disassemble, or attempt to derive source code
• Distribute, sublicense, lease, rent, or lend the Software
• Remove, alter, or obscure any copyright, trademark, or proprietary notices
• Use the Software for commercial purposes without a license
• Transfer the Software to any third party
2.3 THIRD-PARTY COMPONENTS:
The Software may incorporate open-source libraries and frameworks, each subject to their respective licenses:
• Flutter Framework - Copyright Google LLC, BSD 3-Clause License
• Dart Programming Language - Copyright Google LLC, BSD 3-Clause License
• PointyCastle Cryptography - MIT License
• Various Flutter plugins - Subject to their respective licenses
These third-party components remain the property of their respective owners. Their inclusion does not grant any rights to the proprietary portions of AEU ECC and AEU Authenticator.
3. Zero-Knowledge Security Architecture
AEU ECC and AEU Authenticator implement a zero-knowledge security architecture designed to protect user privacy. This section provides a detailed technical explanation of our security measures:
3.1 VAULT ENCRYPTION (AEUFS - Full Disk Encryption):
• All sensitive data is encrypted on YOUR device using ChaCha20-Poly1305 (256-bit) authenticated encryption
• Encryption keys are derived from your master password using Argon2id with MAXIMUM parameters: 1GB RAM, 16 iterations, 4 parallel lanes (RFC 9106)
• AES-256-GCM key wrapping for additional protection
• Poly1305 MAC provides 128-bit authentication
• Hidden volumes and duress password support
• Write-ahead journal with zstd compression
• Your master password NEVER leaves your device in any form
3.2 SERVER-SIDE ENCRYPTION (DOUBLE ENCRYPTION):
• Upon receipt, encrypted data receives a SECOND layer of AES-256-GCM encryption
• Server encryption uses keys inaccessible to any individual, including the Developer
• Database encryption: SQLCipher with 1,000,000 PBKDF2-HMAC-SHA3-512 iterations
• All files stored with AES-256-GCM encryption at rest
3.3 TRANSPORT SECURITY:
• All communications encrypted with TLS 1.3 (Transport Layer Security)
• Hybrid Post-Quantum key exchange: X25519 + ML-KEM-1024 (Kyber)
• RSA-8192 OAEP authentication (192-bit classical security)
• Key derivation via HKDF-SHA3-512 (512-bit)
• Perfect Forward Secrecy (PFS) via ephemeral key exchange
• Certificate pinning implemented in mobile applications
• API requests authenticated with HMAC-SHA256 signatures
• Cryptographic nonces prevent replay attacks
3.4 END-TO-END ENCRYPTION (E2E) - NIST Level 5:
• ML-KEM-1024 (Kyber) Post-Quantum Key Encapsulation (NIST FIPS 203, Level 5)
• X25519 (Curve25519) classical key exchange (RFC 7748)
• Hybrid key exchange: X25519 + ML-KEM-1024 combined via HKDF-SHA3-512 for defense-in-depth
• ML-DSA-87 (Dilithium5) Post-Quantum Digital Signatures (NIST FIPS 204, Level 5)
• RSA-8192 OAEP for authentication (192-bit effective security)
• AES-256-GCM session cipher with AES-GCM-WRAP key wrapping
• Each message uses fresh ephemeral keys ensuring forward secrecy
• Server acts as transparent relay - cannot decrypt E2E communications
• QUANTUM SECURITY: If EITHER classical OR post-quantum algorithm is secure, your data remains protected
3.5 BACKUP AND EXPORT ENCRYPTION:
• AES-256-GCM authenticated encryption for all backups
• PBKDF2-HMAC-SHA3-512 key derivation with 1,000,000 iterations
• 32-byte (256-bit) random salt per backup
• Native platform acceleration: ~10-20x faster than pure software implementation
• Backup format: salt(32) + iv(12) + ciphertext + tag(16)
3.6 PASSWORD SECURITY:
• Passwords hashed using bcrypt with 12 rounds (cost factor)
• Bcrypt incorporates random salt per password
• Password hashes are then encrypted with AES-256-GCM before storage
• Original passwords are NEVER stored or transmitted
3.7 CRYPTOGRAPHIC ALGORITHMS SUMMARY:
• Symmetric Encryption: ChaCha20-Poly1305, AES-256-GCM (IETF RFC 8439, NIST)
• Key Exchange (Classical): X25519 (RFC 7748)
• Key Exchange (Post-Quantum): ML-KEM-1024 / Kyber (NIST FIPS 203)
• Digital Signatures (Post-Quantum): ML-DSA-87 / Dilithium5 (NIST FIPS 204)
• Digital Signatures (Classical): RSA-8192 OAEP (PKCS#1)
• Password Hashing: Argon2id with 1GB RAM, 16 iterations (RFC 9106)
• Key Derivation: HKDF-SHA3-512, PBKDF2-SHA3-512 (RFC 5869)
• Hash Function: SHA3-512 (NIST FIPS 202)
3.8 COMPLIANCE:
• NIST Post-Quantum: ML-KEM-1024, ML-DSA-87 (Level 5 - MAXIMUM)
• NSA CNSA 2.0: Compliant for TOP SECRET classification
• GDPR: End-to-end encryption, zero-knowledge architecture
• FIPS 140-3: Ready (toggle available)
3.9 ZERO-KNOWLEDGE GUARANTEE:
• The Developer, AEU Services, and any employees or contractors CANNOT:
- Decrypt your vault or any stored data
- Access your 2FA codes or secrets
- Read your master password
- Retrieve your recovery phrase
- Bypass encryption under any circumstances
• This is a technical limitation, not a policy choice
4. Data Storage and Non-Storage Policies
4.1 DATA WE DO NOT STORE:
• Your email address - Only a one-way SHA-256 cryptographic hash is stored for account lookup. The original email CANNOT be reconstructed from this hash.
• Your master password - Never transmitted, never stored
• Your 2FA secret keys in readable form - Only encrypted blobs we cannot decrypt
• Your recovery phrase - Only a bcrypt hash for verification
• Any plaintext sensitive information
4.2 DATA PROCESSED IN CLOUD SYNC MODE:
• SHA-256 hash of email (irreversible, for identification only)
• Encrypted bcrypt hash of password (double-protected)
• Encrypted bcrypt hash of recovery phrase
• Encrypted vault data (client-encrypted, then server-encrypted)
• Device identifiers for session management
• Timestamps for security auditing
4.3 OFFLINE MODE:
• ZERO data is transmitted to AEU Services
• All data remains exclusively on your device
• No account creation required
• No network connectivity required for operation
5. No Logging and No Telemetry Policy
5.1 APPLICATION LOGGING:
• The App does NOT automatically transmit any logs to external servers
• No crash reports are automatically sent
• No error logs are transmitted
• No diagnostic data is collected
• No telemetry or analytics are gathered
• No usage statistics are recorded
• No behavioral data is tracked
5.2 LOCAL DEBUG LOGS:
• Debug logs, if generated, remain strictly on your device
• These logs are NEVER transmitted to AEU Services
• You have full control over local logs
• Uninstalling the App removes all local data
5.3 BUG REPORTING:
• Bug reports must be VOLUNTARILY submitted by users
• The Developer has NO automatic access to error information
• You control what information you choose to share
• We encourage bug reports to improve the Software, but submission is entirely optional
5.4 SERVER LOGS:
• Server access logs contain only: timestamp, IP address (for security), request path, response code
• NO user content, passwords, or sensitive data is ever logged
• Logs are used solely for security monitoring and abuse prevention
• Logs are automatically purged after 30 days
6. Data Non-Recovery Disclosure
CRITICAL LEGAL NOTICE - READ CAREFULLY:
Due to our zero-knowledge encryption architecture, DATA RECOVERY IS TECHNICALLY IMPOSSIBLE.
6.1 WE CANNOT AND WILL NOT:
• Recover your account if you lose your master password
• Reset or change your master password
• Decrypt your vault or any stored data
• Access your 2FA codes or secrets
• Retrieve or regenerate your 24-word recovery phrase
• Bypass, circumvent, or override encryption for any reason
• Provide decrypted data to you, law enforcement, government agencies, or any third party
• Create "backdoors" or master keys
6.2 YOUR SOLE RESPONSIBILITIES:
• Securely storing your 24-word recovery phrase in multiple physical locations
• Memorizing or securely storing your master password
• Creating offline backups of critical recovery information
• Understanding that loss of BOTH password AND recovery phrase results in PERMANENT, IRREVERSIBLE, TOTAL data loss
6.3 LEGAL ACKNOWLEDGMENT:
By using this Software, you acknowledge and accept that:
• Data recovery is impossible by design
• This limitation protects your privacy
• You assume full responsibility for credential management
• AEU Services bears no liability for data loss due to lost credentials
7. No Third-Party Data Sharing
7.1 ABSOLUTE NON-DISCLOSURE:
AEU Services commits to NEVER:
• Sell your data to any third party
• Rent, lease, or trade your information
• Share data with advertisers or marketing companies
• Provide data to data brokers
• Monetize your information in any way
7.2 NO THIRD-PARTY INTEGRATIONS:
• No third-party analytics SDKs (Google Analytics, Firebase, etc.)
• No advertising networks or SDKs
• No social media tracking pixels
• No third-party crash reporting services
• No behavioral tracking tools
7.3 PLATFORM REQUIREMENTS:
• Apple App Store: Subject to Apple's requirements for distribution
• Google Play Store: Subject to Google's requirements for distribution
• Apple iCloud (if enabled): Subject to Apple's Privacy Policy
• These platform interactions are limited to app distribution and optional backup services
8. Data Retention and Deletion
8.1 RETENTION POLICY:
• Account data retained only during active account status
• Minimum data retention principle applied
• No data retained beyond operational necessity
8.2 YOUR DELETION RIGHTS:
You have the right to delete your data at any time. Here's how:
SERVER MODE (Cloud Sync):
• Open the App → Settings → Danger Zone → Delete Account
• Enter your password to confirm
• This permanently deletes:
- Your account from our servers
- All encrypted backup data on our servers
- All local vault data on your device
LOCAL MODE (Offline):
• Open the App → Settings → Danger Zone → Delete All Data
• Or: Settings → Danger Zone → Reset App
• This permanently deletes all local data
ADDITIONAL OPTIONS:
• Clear All 2FA Tokens: Settings → Danger Zone → Clear All 2FA Tokens
• Delete specific entries: Swipe left on any entry and tap Delete
8.3 DELETION EFFECTS:
• Deletion is IMMEDIATE and PERMANENT
• All associated data is cryptographically erased
• No backups of deleted accounts are retained
• Deletion CANNOT be reversed
• You will lose access to all 2FA codes
8.4 AUTOMATIC CLEANUP:
• Inactive accounts may be purged after extended inactivity (with prior notice if possible)
• Orphaned data is automatically removed
• No ghost data or residual information retained
9. Security Incident Response
9.1 IN THE EVENT OF A SECURITY INCIDENT:
• Due to zero-knowledge architecture, attackers cannot access your decrypted data even if servers are compromised
• Your vault remains protected by client-side encryption
• We will notify affected users if a breach is detected
• We will provide guidance on protective measures
9.2 LIMITATIONS:
• We cannot guarantee absolute security - no system is impenetrable
• We implement industry-standard security measures
• Security is a shared responsibility between the service and user
10. International Data Processing
10.1 SERVER LOCATIONS:
• Servers may be located in various jurisdictions
• All data remains encrypted regardless of location
• Encryption renders data unreadable even if physically accessed
10.2 CROSS-BORDER TRANSFERS:
• By using the App, you consent to encrypted data transfer across borders
• Zero-knowledge encryption provides protection regardless of jurisdiction
• We comply with applicable data protection regulations
11. Children's Privacy
11.1 AGE RESTRICTION:
• The App is not intended for users under 13 years of age (or minimum age in your jurisdiction)
• We do not knowingly collect information from children
• If we discover a child has created an account, it will be terminated immediately
11.2 PARENTAL NOTICE:
• Parents/guardians should supervise children's device usage
• Contact us immediately if you believe a child has used our services
12. Policy Modifications
12.1 RIGHT TO MODIFY:
• We reserve the right to modify this Privacy Policy at any time
• Changes effective immediately upon posting
• "Last Updated" date will be revised
12.2 NOTIFICATION:
• Material changes may be communicated via App notification
• Continued use constitutes acceptance of modified Policy
12.3 YOUR RESPONSIBILITY:
• Review this Policy periodically
• Check the "Last Updated" date regularly
13. Governing Law
This Privacy Policy shall be governed by and construed in accordance with applicable international laws and the laws of the jurisdiction in which Sokol Alickaj resides, without regard to conflict of law principles.
14. Severability
If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
15. Contact Information
For inquiries regarding this Privacy Policy:
Copyright Holder & Developer: Sokol Alickaj
Service: AEU
Brands: AEU, AEU-App, AEU-DNS, AEU-i, AEU ECC, AEU Authenticator
Website: aeu-app.com
All intellectual property inquiries, DMCA notices, and legal correspondence should be directed to the Developer.
16. Complete Agreement
This Privacy Policy, together with our Terms and Conditions, constitutes the complete and exclusive agreement between you and AEU Services regarding privacy practices, superseding all prior agreements, understandings, negotiations, and discussions, whether oral or written.
17. Acknowledgment and Acceptance
BY USING AEU ECC OR AEU AUTHENTICATOR, YOU REPRESENT AND WARRANT THAT:
• You have read and fully understand this Privacy Policy
• You are at least 13 years of age (or minimum age in your jurisdiction)
• You have the legal capacity to enter into binding agreements
• You understand our zero-knowledge architecture and its implications
• You accept sole responsibility for your master password and recovery phrase
• You understand that credential loss results in permanent data loss
• You consent to the practices described in this Policy
• You acknowledge the copyright and intellectual property rights of Sokol Alickaj
Last Updated: February 15, 2026
Effective Date: January 8, 2026
© 2026 Sokol Alickaj. All Rights Reserved.
Company Information
Company: AEU
Developer: Sokol Alickaj
Websites: aeu-app.com
Copyright: © 2026 Sokol Alickaj. All Rights Reserved.