Data no one can prove is even there
A hidden vault is opened by pointing at a place on the map and entering a passphrase. Both are baked into the encryption key, there is nothing stored to check them against. A wrong spot or a wrong passphrase produces exactly the same result as an empty device: nothing here. The app can’t even tell which was wrong.
Hidden vaults live in a fixed-size pool of random-looking data. Its size is one of a few standard options and never changes with how many vaults you have, so an examiner imaging the device can’t tell whether you have zero hidden vaults or many, or whether you use the feature at all. There is no count to reveal.
Set up a decoy, a hidden vault with innocuous contents you can safely reveal if you’re forced to open something. Your real hidden vaults stay undetectable. You can also arm a duress vault that silently wipes your other hidden vaults when opened, and an optional auto-wipe after too many wrong attempts.
Because a passphrase and a remembered spot are relatively low-entropy, an attacker holding your unlocked device could try to guess them. The slow Argon2id key derivation is the main barrier, so a longer passphrase and a non-obvious spot matter a lot. There is no recovery, forget either and the contents are gone. Hidden vaults are a technical measure, not a legal shield: in some jurisdictions you can be compelled to disclose a key.