Biometric unlock

The mobile app keeps your credentials in your operating system’s secure storage (iOS Keychain or Android Keystore). The OS-level biometric protection of those entries is whatever you’ve already configured for your device.

What’s protected

• Your sign-in token lives in OS secure storage. It is never written to disk in any other form.
• Your account password is never stored on the device after the initial unwrap of encryption keys.

If your phone is locked with Face ID, Touch ID, or an Android biometric, that protection extends to anything stored in OS secure storage — including the credentials Glueprint depends on. We don’t add a separate biometric prompt on top of that today.

Sign in once, stay signed in

The app remembers you across launches by storing the sign-in token in OS secure storage. If you want to require biometric to open the app, lock your device with biometric and the OS handles the rest.

Coming later

A dedicated biometric gate inside the app — the kind that lets you require Face ID specifically to approve a pending agent action — isn’t in the current release. We’re planning to add it.

Multi-device

Credentials are per-device. Signing in on your phone doesn’t affect your tablet, and vice versa.

Privacy

The biometric template never leaves the OS secure enclave. Glueprint asks the OS to read the secure-storage entry; we never see your biometric data.

Related topics

• Sign in on mobile
• Permissions and approvals for the runtime approval flow.
• Recovery codes for password recovery.