Tether is an encrypted note and file vault for Android. Files are encrypted on your device before touching the cloud. Not even we can read them.
Every technical decision in Tether was made so your files stay yours, even if the server, the cloud, or the developer were compromised.
Every file is encrypted on your device using AES-256-GCM before anything leaves your phone. The encryption key is derived from your personal sync phrase using PBKDF2 with 310,000 iterations of SHA-256.
Encrypted blobs are synced to your own Google Drive account. Only ciphertext ever reaches the cloud. Nobody, including us, can read your files without your personal sync phrase.
App access is protected by Android's BiometricPrompt API: fingerprint or face unlock. Your encryption keys are stored in Android Keystore and never leave the secure hardware element.
All your files are stored locally and fully accessible without an internet connection. Sync happens in the background when connectivity is available. Your vault is always with you.
Install Tether on any number of devices. Each one encrypts and decrypts with the same sync phrase. Files deleted on one device show as orphaned on others, so you never lose data by accident.
Need to share a file? Export an unencrypted copy to any location you choose using Android's standard file picker. No third-party involvement. Just your file, your storage.
The order of operations is the entire security model. Your key never leaves your device.
On first use you create a personal sync phrase. Tether derives an AES-256 key using PBKDF2 and stores it in Android Keystore, bound to your biometrics. The phrase itself is never stored, only the derived key.
When you save or import a file, it is immediately encrypted with AES-256-GCM on your device. A unique 96-bit IV is generated per file. The plaintext is never written to disk or sent over the network.
The encrypted blob is uploaded to a dedicated Tether folder in your own Google Drive via the Google Drive API. Google stores ciphertext it cannot read. No Tether server is involved in this step.
On another device with the same sync phrase, Tether downloads the encrypted blob, decrypts it locally using the same derived key, and presents the plaintext only in memory, never written to disk in plaintext form.
This policy applies to the Tether Android application and the kbis.dev/tether website.
Tether is a zero-knowledge encrypted file vault. Its core design principle is that no personal data is ever collected, transmitted to, or accessible by the developer or any third party. This policy describes in full what data the app uses, where it stays, and what you should know about third-party services the app connects to.
Tether does not collect, transmit, or store any of the following:
There is no Tether backend server. The app communicates only with Google's APIs directly from your device.
Your sync phrase is the root secret for your vault. Tether processes it locally to derive an AES-256 encryption key using PBKDF2-HMAC-SHA256 (310,000 iterations). The derived key is stored in the Android Keystore, a hardware-backed secure enclave. Neither the sync phrase nor the derived key is ever transmitted off your device.
If you lose your sync phrase and all devices where Tether is installed, your files cannot be recovered by you or by us. There is no password reset mechanism by design.
Tether uses the Google Drive API to sync your encrypted files between your devices. When you connect your Google account, Tether requests the following OAuth 2.0 scope:
Tether uses this access exclusively to:
Your use of Google Drive is subject to Google's Privacy Policy and Terms of Service. Tether is not affiliated with Google LLC.
Tether stores the following data locally on your device only:
All local data is stored in app-private directories and is automatically deleted when you uninstall Tether. If your device has full-disk encryption enabled (all modern Android devices do), this data is further protected at the OS level.
The only third-party service Tether communicates with is Google Drive API (googleapis.com) for cloud sync. No other analytics, advertising, crash-reporting, or tracking SDK is included in the application.
Google's data handling for Drive is governed by their own privacy policy, linked above. Tether does not receive any data from Google beyond what is needed to fulfil sync operations (the encrypted file blobs and their Drive metadata).
Tether does not knowingly collect any information from or about children under the age of 13. The app does not target children and contains no features that collect personal data from any user, including children. If you believe a child has used the app, there is no data to delete on our end.
Because Tether operates on a zero-knowledge architecture and collects no personal data, no personal data is transferred to Tether's developer or any Tether-controlled server. Encrypted file blobs are transferred between your devices via Google's infrastructure, subject to Google's data handling practices.
Because we hold no personal data about you, most data-subject rights (access, erasure, portability) are fulfilled by the app itself: your data lives on your device and in your own Google Drive account, both under your direct control. You can delete all your Tether data at any time by:
If this policy changes materially, the updated version will be published at kbis.dev/tether with a revised "last updated" date. Because we hold no contact information for users, we cannot notify you directly. We recommend bookmarking this page.
Questions or concerns about this policy? Contact the developer at kkb_83@yahoo.com or via LinkedIn.
Developer: Krasimir Borisov · KBIS.dev · Solihull, UK
Feature requests, bug reports, or privacy questions, reach out directly. No support ticket system, just a real developer.