If I disappear, your data doesn't.

5 promises that make ByteGuard work for you, even if I'm gone tomorrow.

Why this page exists

Every closed-source single-developer app has this risk. Most pretend it doesn't exist.

  • What if I get hit by a bus?
  • What if I lose interest and abandon the project?
  • What if I sell to a worse owner?
  • What if I'm forced to insert a backdoor?
  • I'm not going to pretend. Instead, I'm publishing five concrete promises that make ByteGuard work for you even if I'm gone tomorrow.

The 5 promises

Below are the five concrete commitments. Each has a dated deliverable, a verification path, and explicit limits on what is and isn't covered.

  • 1. Crypto module goes open source — Q3 2026: The cryptographic core of ByteGuard (KDF, ciphers, data schema, key derivation logic) will be published as MIT-licensed open source code on GitHub by September 30, 2026. You'll be able to independently audit how your master password derives the vault key, verify ByteGuard uses Argon2id with the parameters claimed (64MB × 3 iterations), and rebuild the crypto layer in any language to decrypt your own backup. What's not open source (yet): full iOS / iPadOS / macOS app UI layer and sync orchestration — considered for open sourcing in 2027 once the crypto module proves stable in public review.
  • 2. Data format is open and documented — June 30, 2026: The .bytegx export format specification will be published at bytelink.online/docs/data-format. Anyone can write a parser for your ByteGuard backup. You can verify exports manually without ByteGuard installed. The spec includes header structure, per-item field schema, encryption envelope format, Argon2id parameters, and AES-256-GCM nonce handling.
  • 3. One-click export to 1Password / Bitwarden / Strongbox — December 31, 2026: Settings → Export → choose target → done. ByteGuard will support exporting your entire vault to 1Password (1PUX), Bitwarden (JSON encrypted), Strongbox (KeePass KDBX), and CSV (universal, plaintext — only use offline). You'll never be locked in. If I disappear tomorrow, you have a one-tap path to any other password manager that day.
  • 4. Dead-man's switch — active by June 30, 2026: I run a GitHub Action that requires me to push a 'still alive' commit to a private repo every 30 days. If I miss 3 consecutive check-ins (90 days of silence), the system automatically publishes the entire ByteGuard app source code (not just the crypto module) to a public GitHub repository under MIT license, publishes the latest signed IPA build artifact, and notifies registered users. This is automatic. I can't disable it remotely. If my Apple Developer account, GitHub account, or domain are also lost, the dead-man's switch still fires from a third-party CI service.
  • 5. Legal escrow — Phase 4 (conditional): Once ByteGuard reaches stable monthly recurring revenue (MRR ≥ $5,000 / month), I will engage a software escrow service (Iron Mountain, NCC Group, or equivalent) within 60 days. Escrow holds production signing keys, build artifacts, documented build process, and customer notification rights. This is NOT committed for 2026 — escrow services have minimum fees ($2K-5K setup + ongoing) that don't make sense at current scale. Promises 1-4 cover the most likely failure modes without requiring escrow.

What this means in practice

Six scenarios where ByteGuard could fail you — and which promise covers each one.

  • I abandon the project: Crypto module is open source (#1). You can export anywhere (#3).
  • I'm forced to insert a backdoor: Open source crypto (#1) makes backdoors auditable. Data format is open (#2).
  • I get hit by a bus: Dead-man's switch (#4) auto-publishes everything within 90 days.
  • Apple shuts down my dev account: IPA is preserved on dead-man's switch trigger (#4).
  • GitHub bans my account: Dead-man's switch fires from third-party CI (#4).
  • ByteGuard gets acquired by a worse owner: Crypto module is already MIT licensed (#1). You can fork.

What's NOT a promise

To be clear about what this plan does not cover:

  • I don't promise to maintain ByteGuard forever. I might burn out. Read the dead-man's switch.
  • I don't promise the app will work on future iOS versions. Apple changes things. I'll do my best, but a single developer can't guarantee compatibility a decade out.
  • I don't promise zero bugs. Software has bugs. I publish a vulnerability disclosure policy at bytelink.online/security.
  • I don't promise infinite free updates. You bought a version. Major upgrades may be paid.
  • What I do promise: your data is yours to keep, your data is yours to export, and your data survives me.

How to verify these promises

Each promise has a specific, dated, verifiable path. You don't need to trust me — you need to verify the mechanism exists.

  • Promise 1: After Q3 2026, check github.com — search for byteguard-crypto-swift.
  • Promise 2: After June 30, 2026, visit bytelink.online/docs/data-format.
  • Promise 3: After Dec 31, 2026, open ByteGuard → Settings → Export → verify 4 options.
  • Promise 4: The dead-man's switch repository is public from June 30, 2026. You can watch the cron job at byteguard-dms.
  • Promise 5: When MRR ≥ $5K/month, escrow contract will be published in this page.

Questions

Common questions about the continuity plan.

  • Why not open source the whole app right now?: I'm one person. Open-sourcing the full UI layer means I have to handle PRs, security disclosures, and forks while still building features. The crypto module (the part that actually matters for your data security) is going public first. The rest follows once the crypto layer proves stable.
  • How is this different from 'trust me bro'?: A 'trust me' page would just say 'I'm a good developer.' This page says: here are 5 dated, public, automated, auditable mechanisms. You don't need to trust me; you need to verify that the mechanisms exist (and you can — I just told you how).
  • What if you change your mind about these promises?: I can change my mind about Promise 5 (escrow) — it's the only one that's conditional. Promises 1-4 are commitments that are either already running or have specific dated deliverables. If I rescind a commitment, the dead-man's switch will eventually fire anyway.
  • Why should I trust the dead-man's switch?: Because the GitHub Action source code will be public. You can read exactly what it does. You can fork it and verify it's not pulling tricks. You can subscribe to its public commit feed and see I'm checking in every 30 days.

Contact

Questions about this continuity plan, or want to suggest a 6th promise?

  • Email: [email protected]
  • Suggestions: Open an issue at github.com — search for ByteGuard-TermsAndPrivacy.
  • See also: Subprocessors and Roadmap on the Transparency Center page.