The PicKey.ai Data Policy

Data Handling Behind The Gamified Login

Innovation, Technology & Transparency.

Data is the most important commodity on the internet.

Data Security however, is generally not a problem of poor innovation or limits on today’s technology. We feel that there are a lot of technology companies who are simply not transparent on how they collect, use and store data of their customers.

At PicKey, it is our resolve to do everything in our power to keep the data of our customers safe and be fully transparent on how it is used. We also use data only on a need basis, and do not store data that is unnecessary for the basic functions of Password Management. We differ with a lot of other internet companies in our approach to data security. Here are some of our founding principles that we built PicKey’s technology on :

1. Store as little data as possible
2. Try with work without data, whenever possible.
3. If it is really necessary to store data, secure it with Military Grade Cybersecurity.

Customer Data – Personal & Non-Personal

Customer trust is very important to us. We have taken the long, strenuous path to create a product that minimizes the use of Personal Customer Data, and maximizes the use of Non-Personal Data. This has two very clear advantages:

1. Your Personal Data is either never stored with us, or stored only when really necessary.
2. Since we work with Non-Personal Data, it cannot be easily linked or traced to you. This is really important since this framework enables first-class data privacy for all of our customers.

In the next few sections, we will go over details on how we’ve implemented this data use, and data security framework.

Data Security

What do we store ?

When it comes to Customer Data, the intent of keeping it safe is more important than the methods to do it. We do not compromise on either one. Before talking about the former, let us just go over the methods that we use to keep Customer Data safe, when we store it with us.

PicKey stores the following Personal Data on it’s platform. It is either the data required to authenticate you, or data created by you :

1. Email (used to authenticate users)
2. User Created Passwords (Passwords that are not MagicPass passwords and when the user wants to create a specific password value)
3. User Created Addresses, Phone & Credit Cards ( As part of the autofill feature)
4. User Created Face Data (When a user creates a face based Master Key)

PicKey DOES NOT store any of the following Personal Data :

1. First, Middle or Last Name
2. Age
3. Sex
4. Orientation
5. Location
6. IP Address
7. Search History
8. Browsing History
9. Social Media Activity
10. Photos and Videos liked/disliked
11. The contents of your clipboard
12. The contents of your messages
13. The contents of your emails
14. Purchase methods or other details
15. Files types or their contents
16. Keystroke patterns or rhythms
17. Time Zone
18. Mobile Network
19. Bio-metric Information
20. Model of your device
21. Operating System
22. Cookies
23. Data or Time of any digital activity
24. Any Social or Demographic Preference Data.

We will only use or store your data if it is really necessary to do so (like authentication) or if you ask us to do it.

How do we store it ?

PicKey takes data security very seriously. We employ the following techniques to ensure that you data is stored and communicated with utmost safety.

1. End-to-End Encryption, everywhere.
2. Sensitive Data is Salted and Hashed.
3. Sensitive Data is Encrypted at rest with Military-Grade AES-256 Cypher (GCM/CBC).
4. Sensitive Data Storage is Access-Locked and cannot be accessed by anyone(including us).
5. RBAC by design.
6. All inter-module communication is encrypted over SSL.
7. Quantum Proof Indentifiers (unique-id) Generation.
8. Multi-Factor Authentication for all account access.
9. OAuth 2.0 with stringent token control, roles and rotation.
10. Random time-delays for certain critical operations.

Data Ethics

We feel that innovation can also be a guiding force to work with the principles, standards, and guidelines that govern the responsible and ethical handling, use, and management of data. The moral and social implications of collecting, storing, analyzing, and sharing data, as well as the potential impact on individuals, organizations, and society as a whole, need to be a part of the fabric that we use to build technology companies of today, especially the ones that involve Artificial Intelligence (thus, inherently being dependent on data).

Innovating Data ethics ?

Let us demonstrate two key features that we’ve created to minimize the use of Personal Data. Both these are available with PicKey. The focus is to try and use anonymous, private non-personal data instead of personal data, while improving the user-experience.

1. Place Master Keys

Usage of Face-Unlock has two problems.

The first being your personal face(data) has to be stored somewhere. For bad actors, this can open up a lot of opportunities to misuse your facial data.

The second problem, is that you just have one face, and everyone knows (and sees) it already. Using it as a password is meaningless as your face is not really is secret. At best, it only means that nobody is forcefully asking you to use face-unlock.

Place or a Thing as a Password

Turning a place into a Master Key has some great advantages. Since you can select anything visible to your eye, and turn it into a Master Key, it is practically impossible for a bad-actor to guess or relate this information to you. For Example : you may turn a particular corner of your living room into a Master Key. It is practically impossible for anyone to guess that this particular corner is a Master Key. Also, it doesn’t have to be your living room, it could be a place at the park, your favorite monument, the street in front of your house, or anything at all. Notice that these choices are largely anonymous and non-personal in nature, going back to our policy of maximizing non-personal data that cannot be linked to you.

How do Master Keys Work?

An Overview

2. MagicPass

MagicPass is a novel, storage free password that we’ve invented. It is created from the neural memory of your Master Key, and is never stored anywhere on our infrastructure. MagicPass is created and re-created from the neural memory only when you ask for it. This Neural Network based remembrance is only triggered when the MagicPass value has to be retrieved during autofilling your password on a website or an app.

We believe that a secure way to manage password data is to manage it, without even storing it in the first place. This is what MagicPass enables us to do; and is a demonstration of our commitment towards Data Ethics and Data Safety.

How does MagicPass work?

AN Overview

In Closing

PicKey is committed to Data Security that is based on strong Data Ethics. PicKey.ai never shares, distributes, sells or exposes your private data with any other party, organization, government or country. That is the foundation that we would like to build trust on.

FAQs

1. How does MagicPass work in ensuring data security?

MagicPass is a groundbreaking feature of PicKey that redefines password security by eliminating the need for traditional password storage. It operates on a unique principle of neural memory, inspired by the way humans recall information. When you create your Master Key using a visual element like a photo and a 3D character, PicKey’s advanced AI algorithms generate a dynamic, secure password known as MagicPass. This password is not stored anywhere on our servers or your device, ensuring maximum security.

Each time you need to access a site or app, MagicPass is recreated on-demand from the neural memory associated with your Master Key. This process is akin to how our brain retrieves a memory when prompted by a familiar image or context. By not storing the password in any physical form and generating it only when needed, MagicPass significantly reduces the risk of password theft or leakage. It’s a seamless blend of convenience and high-level security, ensuring that your digital identity remains protected at all times.

2. How does PicKey’s use of non-personal data improve user privacy?

PicKey’s innovative approach to data privacy centers around its strategic use of non-personal data, significantly enhancing user privacy. By prioritizing non-personal data for its operations, PicKey ensures that the data it processes and stores is largely anonymous and cannot be easily linked back to an individual user. This is a fundamental shift from the traditional reliance on personal data by many tech platforms.

For instance, when you use PicKey, you can choose a place or an object as your Master Key. This choice is inherently non-personal and anonymous, making it virtually impossible for anyone to associate this visual key with your identity. Similarly, PicKey’s MagicPass feature, which generates a dynamic password from the neural memory of your Master Key, operates without storing any personal data. This means that even if someone were to access the data, it would be meaningless without the context of your personal neural memory.

Furthermore, PicKey minimizes the collection of personal data to only what is absolutely necessary, like your email for authentication. This approach not only reduces the amount of sensitive data at risk but also aligns with the principles of data minimization and privacy-by-design. By focusing on non-personal data, PicKey provides a robust framework for privacy, ensuring that your digital identity and activities remain secure and private.

---

Check out more FAQ at PicKey’s website. Visit PicKey’s community forums to ask a question.