Kriovate

Export Compliance

Version 1.0 · Effective 20 May 2026

Declaration of cryptographic functionality and export-control exemption status for software published by Kriovate Ltd, under US Export Administration Regulations (EAR) and equivalent regimes.

At present, this declaration applies to the Krypsis iOS application. If we publish additional products that incorporate cryptography, this document will be updated or supplemented.

Status

Kriovate Ltd’s currently-published software qualifies for the mass-market encryption exemption under EAR §740.17(b)(2) (License Exception ENC).

This means our software is exempt from:

  • Submitting an annual self-classification report to the US Bureau of Industry and Security
  • Filing an Encryption Registration Number (ERN) application
  • Filing annual sales-volume reports

The exemption is automatic when the conditions below are met. There is no application or approval process — the conditions are declared correctly to Apple at App Store submission, and this document is the underlying technical basis for that declaration.

Why we qualify

EAR §740.17(b)(2) exempts items that use only the cryptography built into the operating system or hardware on which they run, without additional or modified cryptographic functionality.

Krypsis uses only Apple’s system-provided cryptographic frameworks:

  • CryptoKit (CryptoKit.framework) for symmetric encryption (ChaChaPoly), key derivation (HKDF), and key types (SymmetricKey)
  • CommonCrypto for PBKDF2 key derivation (CCKeyDerivationPBKDF)
  • LocalAuthentication (LAContext) for biometric unlock
  • Security (Keychain Services) for key storage

Krypsis does not:

  • Implement custom cryptography or proprietary ciphers
  • Modify or extend the cryptographic functions provided by iOS
  • Bundle third-party cryptographic libraries (no OpenSSL, libsodium, BoringSSL, BearSSL, or similar)
  • Perform cryptographic protocols with an external server beyond standard TLS (which is also exempt under §740.17(b)(2))

This places Krypsis squarely within the §740.17(b)(2) exemption: software using only encryption built into the operating system.

Cryptographic frameworks linked by the binary

For transparency and audit reference:

FrameworkSourcePurpose
CryptoKit.frameworkApple, ships with iOSVault content encryption (ChaCha20-Poly1305), key derivation (HKDF)
CommonCryptoApple, ships with iOSPBKDF2 key derivation from user PIN
LocalAuthentication.frameworkApple, ships with iOSBiometric (Face ID, Touch ID) unlock
Security.frameworkApple, ships with iOSKeychain storage of the wrapped master key

Third-party SDKs included in the Krypsis binary do not contain additional cryptography beyond standard TLS:

  • RevenueCat (purchase entitlements) — uses iOS-native TLS for API calls. Does not bundle additional crypto.
  • Sentry (opt-in crash reporting) — uses iOS-native TLS. Does not bundle additional crypto.
  • GRDB (SQLite wrapper) — uses iOS-native SQLite. No bundled crypto.

Annual obligations

None, given the exemption applies.

The exemption is permanent for as long as the software continues to meet the conditions above.

If Kriovate ever adds a third-party cryptographic library, implements custom cryptography, or adds a feature that performs cryptographic key exchange with an external service beyond standard TLS, the status will be re-evaluated. In that event, an ERN may be required prior to the next App Store submission.

Audit inquiries

Apple may ask, and the US Bureau of Industry and Security (BIS) may audit (rarely, but it does happen). For audit inquiries, the underlying source code remains the authoritative reference; Kriovate Ltd maintains internal documentation of the relevant code paths and will provide it to a competent authority on lawful request.

For inquiries, contact legal@kriovate.com.

References