Privacy Policy for LockSnap App

1. Introduction

Welcome to LockSnap, operated by ISTEPS UK LTD ("we," "our," or "us"). LockSnap is a security monitoring application designed to help protect your device by automatically capturing photos when unauthorized unlock attempts are detected.

This Privacy Policy explains how ISTEPS UK LTD collects, uses, discloses, and safeguards your information when you use our mobile application ("App"). Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: The App does not require user registration or account creation. No personal account information is collected.
• Purchase Information: If you purchase a premium subscription, we collect purchase tokens, order IDs, and subscription details through Google Play Billing. This information is used solely for subscription management and verification.

2.2 Information Collected Automatically

• Photos: The App captures and stores photos locally on your device when security events are detected (e.g., unlock attempts). These photos are stored exclusively on your device and are not transmitted to our servers or any third parties.
• Location Data (Optional): If you grant location permissions, the App may capture and store location coordinates (latitude/longitude) with photos. This data is stored locally on your device only. Location data is never transmitted to external servers.
• Device Information: The App may collect device-specific information such as: Device model and manufacturer, Android version, App version, Device administrator status, and Battery optimization status.
• Audit Logs: The App maintains local audit logs of security events, service status changes, and app activities. These logs are stored exclusively on your device.

2.3 Information from Third-Party Services

Google Play Services: When you make in-app purchases, Google Play processes your payment information. We receive purchase verification data (purchase tokens, order IDs) but do not receive your payment card details.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Functionality

• Security Monitoring: To detect and capture photos of unauthorized unlock attempts
• Service Management: To maintain the foreground service that monitors device security
• Subscription Management: To verify and manage premium subscriptions
• App Functionality: To provide features such as photo viewing, settings management, and security mode configuration

3.2 Optional Features

• Location Tagging: If enabled, to associate location data with captured photos (stored locally only)
• SMS Detection: If enabled, to detect specific SMS messages for "Find Device" functionality (SMS content is processed locally and not transmitted)
• Call Me Back Mode: To initiate phone calls when triggered by security events (requires CALL_PHONE permission)

3.3 Service Reliability

• Boot Monitoring: To automatically restart the security service after device reboot
• Service Health Checks: To monitor and maintain service reliability
• Battery Optimization: To ensure the security service continues running reliably

4. Data Storage and Security

4.1 Local Storage

• Photos: All captured photos are stored locally on your device in the app's private storage directory. Photos are not uploaded to any external servers.
• Metadata: Photo metadata (timestamps, location data if enabled, capture reasons) is stored locally in an encrypted Room database.
• Audit Logs: Security event logs are stored locally on your device.
• Preferences: App settings and preferences are stored locally using Android's secure storage mechanisms.

4.2 Data Transmission

• Subscription Verification: Purchase tokens and order IDs are transmitted to our backend server solely for subscription verification and fraud prevention. No photos or personal data are transmitted.
• No Photo Upload: Photos are never uploaded to our servers or any third-party services.
• No Analytics: The App does not use analytics services (such as Firebase Analytics or Google Analytics) that would track your usage patterns.

4.3 Security Measures

• Device Administrator: The App uses Android's Device Administrator API to monitor security events. This is a standard Android security feature.
• Biometric Protection: The App supports biometric authentication (fingerprint, face unlock) to protect access to the app itself.
• Passcode Protection: You can set a passcode to protect access to the App.
• Encrypted Storage: Sensitive data is stored using Android's encrypted storage mechanisms.

5. Permissions Explained

The App requests the following permissions. You can grant or deny most permissions, but some are required for core functionality:

5.1 Required Permissions

• CAMERA: Required to capture security photos when unlock attempts are detected.
• Device Administrator: Required to monitor device unlock events and failed authentication attempts.
• POST_NOTIFICATIONS (Android 13+): Required to display security alerts and service status notifications.
• FOREGROUND_SERVICE and FOREGROUND_SERVICE_CAMERA: Required to run the security monitoring service in the background.
• RECEIVE_BOOT_COMPLETED: Required to automatically restart the security service after device reboot.
• WAKE_LOCK: Required to ensure the service continues running even when the device is in sleep mode.
• REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: Required to prevent the system from stopping the security service.
• SCHEDULE_EXACT_ALARM and USE_EXACT_ALARM: Required for precise timing of security checks and service monitoring.

5.2 Optional Permissions

• ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION: Optional. Only used if you enable location tagging for photos.
• RECEIVE_SMS and READ_SMS: Optional. Only used for the "Find Device" feature.
• CALL_PHONE: Optional. Only used for "Call Me Back" mode.
• USE_BIOMETRIC: Optional. Used for biometric authentication.
• MODIFY_AUDIO_SETTINGS: Used to adjust audio settings during photo capture.
• VIBRATE: Used to provide haptic feedback for security events.

5.3 System Permissions

• BIND_QUICK_SETTINGS_TILE: Allows the App to provide a Quick Settings tile for easy access.
• BIND_DEVICE_ADMIN: Required for Device Administrator functionality.

6. Third-Party Services

6.1 Google Play Services

• Google Play Billing: Used for in-app purchases and subscription management.
• Google Play Services Location: Used for location services if permissions are granted.
• Google Maps: Used to display location data on maps.

6.2 Backend Services

ISTEPS UK LTD operates a backend server to verify subscription purchases and prevent fraud. Only purchase tokens, order IDs, and product IDs are transmitted. No personal data or photos are sent to this server.

7. Data Sharing and Disclosure

ISTEPS UK LTD does not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service Providers: Google Play for processing in-app purchases.
• Legal Requirements: If required by law or in response to valid requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets.

8. Your Rights and Choices

8.1 Access and Control

• View/Delete Photos: You can view, share, and delete captured photos at any time through the App.
• Revoke Permissions: You can revoke permissions through your device's Settings.
• Uninstall: You can uninstall the App at any time, which will remove all locally stored data.

8.2 Subscription Management

You can cancel your premium subscription at any time through Google Play Store settings.

8.3 Device Administrator

You can disable Device Administrator access through your device's Settings.

9. Children's Privacy

The App is not intended for children under the age of 13. ISTEPS UK LTD does not knowingly collect personal information from children under 13.

10. International Users

ISTEPS UK LTD is based in the United Kingdom. If you are using the App from outside the UK, your information may be transferred to, stored, and processed in the UK.

11. Data Retention

11.1 Local Data

Photos, audit logs, and preferences are stored locally until you delete them or uninstall the App.

11.2 Server Data

Purchase verification data may be retained on our servers for fraud prevention purposes.

12. Changes to This Privacy Policy

ISTEPS UK LTD may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or ISTEPS UK LTD's data practices, please contact us at: hello@isteps.net

ISTEPS UK LTD
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Website: www.isteps.net

14. Additional Information for Specific Regions

14.1 UK and EEA Users

You have certain rights under the UK GDPR and EU GDPR, including the Right to Access, Rectification, Erasure, and Data Portability.

14.2 California Users

You have rights under the CCPA, including the Right to Know, Delete, and Opt-Out of the sale of personal information (we do not sell personal information).

15. Consent

By using the App, you consent to this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use the App.

Note: This Privacy Policy is specific to the LockSnap application. For information about how Google handles your data, please review Google's Privacy Policy.