Privacy Policy

This privacy policy applies to the "Antivirus" app (referred to as the "App") on mobile devices. It explains what information we collect, how we use it, and your choices regarding your data.
Last updated: 10-Sep-2025

Data Controller & Data Protection Officer (DPO)
Data Controller: Appswing contact: developer@appswing.org.
DPO: No DPO has been appointed. For privacy/DPO inquiries, contact developer@appswing.org.

Data Collection
Our app does not upload or collect personal files (photos, messages, documents) from your device to our servers. However, third-party services integrated into the App (for analytics, crash reporting and advertising) may collect certain device and usage data. We also collect minimal on-device information required to perform antivirus scans. Below is a clear breakdown of the data collected, its purpose, and how it is used. These third-party services and our app may collect or process the following categories of data. We explain what is collected by the App itself (on-device) and what is collected by third parties.

1. Google Analytics for Firebase
   Data Collected:
   • Device information (device model, OS version, app version, anonymous device identifiers)
   • App usage data (session duration, feature interactions, events triggered)
   • Crash / diagnostic events (as configured)
   
   Purpose of Collection:
   • Monitor app performance and user engagement
   • Identify and fix technical issues and crashes
   • Analyze feature usage to improve the app
   • Measure installs and campaign effectiveness
   
   Data Usage:
   • Analytics data is used in aggregated or pseudonymized form. Firebase may retain analytics according to its own retention policies. We do not use Firebase to access your personal files.
   
   

2. AdMob (Google Ad Services)
   Data Collected:
   • Advertising ID (Ad ID) — a platform advertising identifier
   • Device information (model, OS), app usage related to ads (ad interactions)
   
   Purpose of Collection:
   • Display relevant advertisements (personalized or non-personalized based on user choice)
   • Measure ad performance and effectiveness
   • Prevent click fraud and enforce ad policy compliance
   
   Data Usage:
   • Advertising ID: We (and AdMob) may collect the Android Advertising ID (Ad ID) to provide and measure ads. AdMob receives advertising identifiers and may combine them with other data under Google’s policies. You may opt out of personalized advertising using your device or Google ad settings (see “Ads & opt-out” below).
   
   

3. Firebase Crashlytics
   Data Collected:
   • Crash logs and diagnostic data (stack traces, device model, OS version, app version, session data)
   
   Purpose of Collection:
   • Identify and diagnose app crashes and stability issues
   • Improve app reliability and user experience
   
   Data Usage:
   • Crash data is used for debugging and is processed by Crashlytics according to Firebase policies.
   For more details, please review the privacy policies of these services:
   
   • Google Play Services
   • AdMob
   • Google Analytics for Firebase
   • Firebase Crashlytics
   
   

Permissions We Use

• Storage Permission
  Required to access and scan files, app packages and storage locations on your device for harmful viruses. This permission is essential for the core functionality of the app (on-device file and APK scanning). If you deny it, scanning will be limited or not possible.

• Query All Packages (QUERY_ALL_PACKAGES)
  This permission is used to enumerate installed applications so the antivirus can perform a comprehensive on-device scan of installed packages and detect potentially harmful apps. We only use this visibility to scan and analyze apps locally on your device.. If you deny this permission, app-level scanning will be incomplete. We have submitted the required Permissions Declaration to Google Play and provided a demo video showing how package visibility is used in the scan flow.

• Delete / Uninstall apps
  We do not use the privileged DELETE_PACKAGES (silent uninstall) permission. Instead, when the app recommends removing an app, we open the system uninstall screen and let the user confirm the uninstall. We do not uninstall apps silently.

• Notification Permission
  Used to send scan results, important security alerts, and optional product updates or promotional notifications. Notifications are optional and can be disabled from app settings or system notification settings.

• Usage Access Permission
  Used to identify rarely used or unused apps. If you deny it, the “unused apps” feature will not be available.
  
  
  

Virus Detection Process
Our virus detection process does not collect your files. The app scans files and installed applications on your device by comparing them against our virus database. The scanning and matching processes occur on the device to protect user privacy. We do not upload your personal files, photos or documents to our servers for scanning.

Security
We value your trust in providing us with the permissions necessary to protect your device. We are committed to ensuring that the App operates securely and that your privacy is maintained. Communications for updates and any minimal data exchanges occur over encrypted channels (HTTPS/TLS). However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure and reliable, and we cannot guarantee absolute security.

Ads & opt-out
We show ads via AdMob/Google Ad Services. AdMob may use the Advertising ID and other signals to serve personalized ads. You can opt out of ad personalization via your device settings (Settings → Google → Ads → Opt out of Ads Personalization) or by disabling personalized ads in-app where provided. If you are located in the EU/EEA, the App will request consent for personalized ads where required by applicable law using a consent dialog/CMP.

Advertising ID & device identifiers — linked/shared: We (and AdMob) collect the Android Advertising ID and device identifiers to provide and measure ads. This data is shared with AdMob and other ad partners for advertising, measurement, and fraud prevention. We do not link the Advertising ID to your personal name or account details.

Data Sharing & Retention
Sharing:
• We share only what is necessary with our service providers (ad networks, analytics and crash reporting providers).
• We do not sell your personal files or contents to third parties.
• We do not share a user’s identifiable installed-app inventory with any third party. Any app-related telemetry we send to analytics partners is aggregated or pseudonymized and cannot be used to identify a specific user or their installed apps.

Retention:
• On-device scan history and scan results are stored locally until you clear them or for up to 12 months, whichever comes first.
• Analytics and crash data are retained by third-party providers for up to 14 months unless you request deletion and the provider supports deletion. For precise retention see the provider policies (Firebase/Google).
• Advertising identifiers used for ads are handled according to Google/AdMob retention practices.

GDPR & Data Subject Rights
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR). We process your data only where we have a legal basis to do so (such as your consent, the performance of a contract, or our legitimate interests).

Your GDPR rights include:
• Right of access — request a copy of personal data we hold about you.
• Right of rectification — request correction of inaccurate or incomplete data.
• Right of erasure — request deletion of your personal data where we have no lawful basis to retain it.
• Right to restrict processing — request limitation of processing in certain situations.
• Right to data portability — request a machine-readable copy of your data.
• Right to object — object to processing, including profiling and direct marketing.
• Right to withdraw consent — if we process data based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Legal basis for processing (GDPR):
• Performance of a contract / provision of the App’s core functionality — On-device scanning and scanning-related processing needed to provide the antivirus service.
• Consent — For personalized advertising and certain analytics in regions that require consent (e.g., EU/EEA).
• Legitimate interests — Fraud prevention, security & malware detection, debugging and product improvement. We balance these interests against your privacy.
• Legal obligations — when required by law.

How to exercise your GDPR rights:
To exercise any of these rights, contact us at developer@appswing.org. We will verify your identity and aim to respond to your request promptly — typically within 30 days. If we need more time due to the complexity of your request, we may extend the period by up to 15 additional days and will notify you with reasons for the extension.

California (CCPA/CPRA) — Your rights (if you are a California resident)
Under the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), California residents have the following rights:
• Right to know — the categories of personal information collected, used, shared, or sold.
• Right to access — request a copy of specific pieces of personal information collected about you.
• Right to delete — request deletion of personal information collected from you.
• Right to opt-out — opt-out of the sale or sharing of personal information for cross-context behavioral advertising.
• Right to non-discrimination — you have a right not to receive discriminatory treatment for exercising privacy rights.

How to exercise CCPA/CPRA rights & opt-out of sale/sharing:
If you are a California resident and want to exercise these rights or opt-out of sale/sharing, email developer@appswing.org with the subject line “CCPA Request / Do Not Sell or Share My Info” and provide the following: your name, email address used with the App (if any), device identifier (Advertising ID or device ID), and a clear description of your request. We will verify your request and respond within 45 days of receipt. If necessary, we may request additional information to verify your identity. Authorized agents may submit requests on your behalf with proper written authorization.

Virginia (VCDPA) — Your rights
If you are a resident of Virginia you may exercise similar rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, data portability, and the right to opt-out of targeted advertising or the sale of personal data. To exercise these rights, contact developer@appswing.org with the subject line “VCDPA Request.” We will verify and process the request.

Brazil (LGPD) — Your rights
If you are in Brazil, you have rights under the LGPD including access, correction, deletion, anonymization, portability, and the right to withdraw consent. To exercise these rights, contact developer@appswing.org with the subject line “LGPD Request.” We will verify and process the request.

How we verify requests & required info
For security and privacy, we must verify identity before fulfilling requests. For most requests, please provide: your name, contact email, device Advertising ID (or a screenshot of the app’s About page showing the device/app version), and a description of the request. For agent requests we require a signed consent/authorization from the data subject. We will not be able to process requests without sufficient verification.

Right to lodge a complaint with a supervisory authority
If you believe your rights under data protection laws have been violated, you may lodge a complaint with your local data protection authority (for example, the Information Commissioner’s Office (ICO) in the UK or your country’s supervisory authority). If you are in the EU/EEA you can contact your national supervisory authority.

Children Policy
Age restriction: This App is not intended for children under 13 years of age. If you are a parent and believe your child has provided us with personal information, contact us at developer@appswing.org.

User Consent
By granting the requested permissions and using the App you allow it to perform its intended functions (scanning, analysis, showing results). If you decline certain permissions, some features will not work.
• Storage access: Required for full scanning — without it scans will be limited or not possible.
• QUERY_ALL_PACKAGES: Required for comprehensive app-level scanning. If you deny it, app scans will be limited or not possible.
• Notifications: Optional — disable anytime.

Scanning Process
To perform thorough scans the App requires storage access. This permission is used solely to detect and eliminate viruses and to read app packages for scanning. All scanning logic and decisioning is performed locally on the device; we do not upload scanned file contents to our servers.

Changes to This Privacy Policy
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal/regulatory reasons. We will notify users of material changes by updating the “Last updated” date on this page and, where appropriate, by notifying users in-app.

Contact Us
If you have any questions, concerns or requests about this Privacy Policy or our data practices, or to submit requests under GDPR/CCPA/VCDPA/LGPD, please contact us at: developer@appswing.org