Mobile
The vault in your pocket.
Face ID for the everyday unlock. NFC tap with a YubiKey for the credit card and passport that even we can’t read. Two apps, one product, both native.
iOS
iOS 17 or laterBuilt with Swift and SwiftUI for the platform. AutoFill API for Safari and native apps. Spotlight search. Share sheet integration.
- Face ID, Touch ID via LocalAuthentication
- YubiKey NFC for L3 unlock
- Passkey create + use (iOS 17+)
- iOS 18 inline TOTP autofill
- Home screen widget for active TOTP codes
- Apple Watch app (TOTP on your wrist)
Android
Android 14 or laterBuilt with Kotlin and Jetpack Compose. Native to the platform — not a transplanted iOS UI. Material 3, predictive back, system theming.
- Fingerprint, face via BiometricPrompt
- YubiKey NFC for L3 unlock
- Autofill Framework + Accessibility fallback
- Passkey create + use (Android 14+)
- Inline keyboard autofill (Android 11+)
- Quick Settings tile for fast lock
How it unlocks.
Biometric for daily use
Face ID, Touch ID, fingerprint, face unlock — whatever your device offers. Quick unlock between hardware-key sessions.
L1 and L2 fields (passwords, API keys, TOTP) open with biometric. The credential token is held in the Secure Enclave or Android Keystore. Even with the device unlocked, the credential never leaves hardware-protected storage.
NFC tap for what we can’t read
Identity fields — credit card, CVV, passport, SSN, recovery codes — need a hardware key. Tap your YubiKey to the back of the phone, the field decrypts, you read it, the key is gone.
The decryption key is derived from the WebAuthn PRF. It’s computed on the phone, used once, discarded. No one else can do this. Not malware on your device. Not us. Not even the AI we use to support you.
Full vault, on the phone.
System autofill
iOS AutoFill, Android Autofill Framework. Works in Safari, Chrome, browsers, and native apps. Passwords, passkeys, cards, identities.
Full vault CRUD
Create, view, edit, delete every entry type. The mobile app is a first-class client — not a read-only companion.
TOTP codes
Stored TOTP seeds with a live countdown. Auto-copy on autofill. Replaces standalone authenticator apps.
Passkey create + use
iOS 17+ and Android 14+. Cross-platform sync via Clavitor — not platform-locked to Apple or Google.
Offline access
Vault cached locally, L1-encrypted. Works without internet. L3 fields still need a hardware key, even offline.
Cross-device sync
Edit on the phone, see it on the laptop in seconds. Via the nearest POP — no central queue.
Search
Fast search across title, URL, username. iOS Spotlight integration exposes entry titles (never credentials).
Password generator
Random passwords and passphrases. Same Rust core, same options as the web and CLI.
Share & receive
Encrypted expiring share links. Per-field selection. L3 fields cannot be shared — no key to wrap.
Differentiators
What only Clavitor mobile does.
Every password manager has biometric unlock and autofill. These are ours alone.
Travel scope
Switch the device to a curated subset of credentials — Netflix, airline, hotel. The rest of your vault is invisible. Not empty (suspicious), just invisible. Cross a border, nobody knows.
Hardware-key indicator
Every L3 entry shows a key symbol. You always know which fields are hardware-protected and which are agent-readable. Other vaults give you a single padlock on everything.
Agent activity feed
See which agents accessed which credentials, when, from where. From the phone. No competitor shows agent audit on mobile because they don’t scope tokens per agent.
Per-agent scoping
Grant or revoke an agent’s access to specific entries from your phone. Tap your hardware key to confirm. The agent stops working in seconds.
POP status
See which region you’re connected to, latency, sync state. 21 POPs across every continent — the closest one auto-selected.
No master password
There isn’t one. There’s nothing to forget, nothing to phish, nothing to steal in a breach. Your authenticator is the only path in.
Both apps ship together.
iOS first, Android the same week. Beta opens to free-tier users.