Privacy Policy
PhotoVault · last updated
1. Summary
PhotoVault (“the app”) is an on-device private photo vault published by Cool App Helpdesk.
- The app collects no personal data and operates no servers.
- Photos, notes, and contacts you place in the vault are encrypted on your device with AES-256-GCM, using a key generated inside the Android Keystore.
- The app contains no advertising, no analytics, and no crash-reporting SDKs.
2. Data we collect
None. PhotoVault does not collect personal data, telemetry, identifiers, device information, IP addresses, or usage analytics. There are no user accounts and the developer operates no servers that the app communicates with.
3. Data stored on your device
| Item | Where | Sent off device? |
|---|---|---|
| Encrypted vault contents (photos, notes, contacts) | App-private filesDir, AES-256-GCM | Never |
| Encryption key | Android Keystore (hardware-backed on most devices) | Never |
| App settings | App-private SharedPreferences | Never |
| Optional encrypted backup | Folder you choose (Storage Access Framework); encrypted with a passphrase you choose (PBKDF2-HMAC-SHA256, 250 000 iterations + AES-256-GCM) | Never |
The encryption key is non-extractable and tied to the app’s UID. Backup passphrases are never seen by the developer.
4. Permissions used
| Permission | Reason | When asked |
|---|---|---|
READ_MEDIA_IMAGES (Android 13+)READ_EXTERNAL_STORAGE (Android ≤ 12) | Display your gallery and import photos into the encrypted vault. | First time you open the gallery. |
USE_BIOMETRIC (optional) | Unlock the vault with a fingerprint or face on supported devices. | Only if you enable biometric unlock. |
You can revoke any permission at any time in Android Settings → Apps → PhotoVault → Permissions.
5. Network activity and third parties
The app does not request the INTERNET permission. It makes no network connections, contacts no servers, and contains no advertising, analytics, or crash-reporting SDKs. When you tap “Share” on an item, the app decrypts a copy into a private cache folder and passes a content:// URI to the system share sheet; the developer does not see what you share.
6. Children’s privacy
The app is not directed at children under 13. We do not knowingly collect information about children — and, as noted above, we collect no information about anyone.
7. Data retention and deletion
All vault contents remain on your device until you delete them inside the app, clear the app’s storage, or uninstall the app. Optional encrypted backups stay in the folder you chose until you delete them. There is nothing for the developer to retain or delete, because nothing is transmitted.
8. Security
Vault contents are encrypted at rest with AES-256-GCM. The encryption key is generated and held inside the Android Keystore and is non-extractable. Optional backups are protected with a key derived from a passphrase you choose, using PBKDF2-HMAC-SHA256 with 250 000 iterations. The app is distributed through the Google Play Store, which verifies the developer signing key on every update.
9. Changes to this policy
If any material aspect of how the app handles data ever changes, this page will be updated and the “last updated” date above will be bumped. Continued use after a change constitutes acceptance.
10. Contact
Questions or feedback? Email coolapphelpdesk@gmail.com.