# Biometric lock

> Biometric lock asks for Face ID, Touch ID, or your fingerprint before opening the app. It's off by default. When on, every time you open Open Heart, it asks before showing your entries.

If your phone is shared, sometimes left on a kitchen counter, or you just want an extra layer between Open Heart and a casual passerby, biometric lock is a useful second line of defense.

## How to turn it on

1. Settings → **Biometric lock**
2. Toggle on
3. Your phone asks for permission to use Face ID, Touch ID, or your fingerprint. Approve.
4. The next time you open the app, you'll see the lock screen.

## How it works

When the app opens, before any entries are shown, it asks your phone to confirm it's you:

- On iPhone with Face ID: a prompt appears asking for Face ID
- On iPhone with Touch ID: a prompt appears asking for your fingerprint
- On Android: a prompt appears asking for your fingerprint or face unlock

If your phone confirms it's you, the app unlocks. If you cancel, the lock screen stays up with an "Unlock" button you can tap to retry.

## What it does not do

- **It doesn't change how your entries are protected from us.** Your entries are already locked with a key that lives on your phone. The biometric lock is an extra step at the door, not a stronger lock on the safe inside.
- **It doesn't lock individual entries.** All-or-nothing.
- **It doesn't protect against someone with your unlocked phone in their hands.** A determined person who can use your face or fingerprint can bypass it. For that level of risk, the recovery phrase (saved off-device) plus account deletion is the path.

## Designed to fail open, not closed

If something unexpected happens — your phone's biometric hardware throws an error, or you removed your fingerprint in your phone's settings after enabling Open Heart's lock — you'll be let into the app rather than locked out.

Locked-out is a worse outcome than slightly less locked. Your entries are still protected by the key that lives on your phone either way.

## What if I fail the biometric

You see the lock screen with an Unlock button. Tap it to retry. There's no count limit on attempts in the app — your phone handles that. After enough failures, your phone falls back to its passcode.

## When biometric lock breaks

A few common cases:

- **You changed your fingerprint set in your phone's settings.** Your phone may invalidate Open Heart's biometric reference. Disable + re-enable biometric lock in the app to fix.
- **You restored your phone from a backup.** Same — re-enable.
- **You're on a phone without a fingerprint sensor or Face ID.** The setting won't have any effect.

## Don't rely on biometric lock alone

The strongest privacy you can get is:

1. The lock that's already on (your entries are encrypted on your phone)
2. A phone-level passcode that only you know
3. A recovery phrase stored on paper, away from your phone

Biometric lock plus those is solid. Biometric lock without a phone passcode is mostly cosmetic.

## Related

- [How your privacy works](/docs/privacy/how-encryption-works)
- [Recovery phrase](/docs/account/recovery-phrase)