Embedded Files
Privacy Policy
Privacy Policy
Effective Date: October 30, 2025
This Privacy Policy describes how we (the developer of Escudex) collect, use, store, share, and protect your information when you use our security application, Escudex ("Application").
Our commitment is to transparency and the protection of your data. We adopt the principle of data minimization, which means we collect and process only the information strictly necessary for the operation, security, and continuous improvement of the Application.
This Policy is a binding legal agreement. By creating an account or using the Application, you acknowledge that you have read, understood, and agree to this policy. Explicit consent for specific processing activities (like location access) will be requested separately within the Application.
1. Data Controller
1. Data Controller
The person responsible for the processing of your personal data (Data Controller) is Jefferson Prado Barros, an individual developer based in Brazil, and the creator of the Escudex application.
2. Information We Collect and Our Legal Basis for Processing
2. Information We Collect and Our Legal Basis for Processing
Under the GDPR and other privacy laws, we process your data based on different legal justifications.
2.1. Our Legal Basis for Processing
We only process your data when we have a valid legal basis:
Performance of a Contract: Most of your data is processed because it is essential to provide the services you requested (i.e., to operate the antivirus and anti-theft features).
Consent: For certain features, such as location data collection, we will ask for your explicit, affirmative consent, which you can withdraw at any time.
Legitimate Interest: We process some anonymized and aggregated data because we have a legitimate interest in improving the Application (e.g., crash reports), provided your rights and freedoms do not override this interest.
Legal Obligation: We may process data if we are required to by law.
2.2. Information You Provide Directly (Legal Basis: Performance of a Contract)
Account Data: We collect your email address and an (encrypted) password when you create an Escudex account. This email is used exclusively for account management, access recovery, and to send security alerts and essential operational communications.
2.3. Information Collected Automatically (Legal Basis: Contract, Consent, or Legitimate Interest)
Device Information (Legal Basis: Performance of a Contract): We collect technical information about your device, such as hardware model, operating system version, and unique device identifiers. This data is essential to link your physical device to your Escudex account and ensure that remote commands (lock, alarm, etc.) are sent to the correct device.
File Scanning Data (Legal Basis: Performance of a Contract): To perform its core antivirus function, the Application requests permission to access and scan files on your device's storage (such as Downloads, Images, Videos, and other documents). This process is done entirely on your device. It is crucial to note that the contentof your personal files is NEVER sent to our servers. The application only calculates a digital signature (hash) of the file and compares it with our database of known threats to determine if the file is safe.
Location Data (Legal Basis: Explicit Consent): The anti-theft functionality requires access to your device's geographic location (GPS). This collection occurs only after your explicit permission in the operating system. Location data is used solely to display your device's position on your control panel, as described in the Terms of Use. To operate effectively even when the app is closed and to make it possible to locate your device in case of loss or theft, location collection will continue to occur in the background. This functionality is a pillar of our anti-theft feature and is only activated with your direct consent. You can revoke this permission at any time in your device settings, which will, however, disable the tracking feature.
List of Installed Applications (Legal Basis: Performance of a Contract): For the antivirus functionality to operate, our scanning engine analyzes the list of installed applications and their packages to identify threats, malware, and potentially dangerous software. This process is automated, and its sole purpose is the security of your device. We do not collect usage data from other applications.
Application Usage Data (Telemetry) (Legal Basis: Legitimate Interest): In an aggregated and anonymizedform, we may collect information about how you interact with the Escudex Application (which features are most used, failure/crash reports). This helps us identify problems, optimize performance, and improve the user experience.
3. How We Use Your Information
3. How We Use Your Information
The information collected is used for the following purposes:
To Provide and Maintain the Service (Legal Basis: Performance of a Contract)
Security (Legal Basis: Performance of a Contract and Legitimate Interest)
Customer Support (Legal Basis: Performance of a Contract)
Product Improvement (Legal Basis: Legitimate Interest)
Compliance with Legal Obligations (Legal Basis: Legal Obligation)
4. Sharing and Disclosure of Information
4. Sharing and Disclosure of Information
We do not sell or rent your personal information. Data sharing occurs only in the following circumstances:
Third-Party Service Providers (Data Processors): We use cloud infrastructure services (e.g., Amazon Web Services (AWS) in the United States: (Cognito for authentication, API Gateway, Lambda, and DynamoDB for backend functionalities), Google Cloud (Firebase Cloud Messaging) in the United States (for anti-theft push notifications)) to host our systems and store data securely. These providers are contractually obligated to maintain the confidentiality and security of the data and are prohibited from using it for any other purpose.
Legal Requirement: We may disclose your information if we are required to do so by law.
5. International Data Transfers
5. International Data Transfers
Your information, including personal data, is collected, processed, and stored by us in Brazil and by our third-party service providers in the United States. These jurisdictions may have data protection laws that are different from the laws of your country (such as the European Economic Area - EEA).
By using the Application, you acknowledge that your personal data will be transferred to these locations. For data transfers from the EEA, UK, or Switzerland to countries not considered adequate (like the United States), we rely on legal transfer mechanisms such as the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives an adequate level of protection.
6. Data Security
6. Data Security
We employ robust technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes the use of encryption for data in transit (TLS/SSL) and at rest, strict access controls, and constant monitoring of our systems.
7. Data Retention
7. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including the duration of your relationship with us (as long as your account is active) and for purposes of complying with legal or regulatory obligations. After account termination, data is deleted or anonymized according to our internal policies and applicable law.
8. Your Privacy Rights (LGPD, GDPR, CCPA)
8. Your Privacy Rights (LGPD, GDPR, CCPA)
Depending on your jurisdiction, you may have specific rights regarding your personal data.
General Rights (Applicable to Many Users):
Right of Access: To request a copy of the data we hold about you.
Right to Rectification (Correction): To correct incomplete or inaccurate data.
Right to Erasure (Deletion): To request the deletion of your data.
Right to Withdraw Consent: For processing based on consent (like location), you can withdraw your consent at any time.
Additional Rights (GDPR - European Economic Area):
Right to Restrict Processing: To request that we limit how we use your data.
Right to Data Portability: To request that your data be transferred to another service.
Right to Object: To object to our processing based on "legitimate interests."
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in your country.
Additional Rights (CCPA - California):
Right to Know: To request information about the categories and specific pieces of personal information we have collected.
"Do Not Sell": We do not sell your personal information, as defined by the CCPA.
To exercise your rights, please contact us via the channel provided in Clause 11.
9. Children's Privacy
9. Children's Privacy
Our services are not directed to children under 13 (or 16 in certain European jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor without verification of parental consent, we will take steps to remove that information from our servers.
10. Changes to This Privacy Policy
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and/or through an in-app notification. We recommend that you review this page periodically to stay informed.
11. Contact Us
11. Contact Us
To exercise your privacy rights or for any questions related to this Privacy Policy, please contact the Data Controller for the Escudex application via the following email: Email: escudex.suporte@gmail.com
Page updated
Google Sites
Report abuse