Privacy Policy

Privacy Policy

Last updated: February 2026

NimbusApps (“we”, “us”, or “our”) values your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Permissions

We request the following Android permissions solely to support core features. We do not collect or transmit personal data beyond what is described here.

Common Permissions (used across multiple apps)

- READ_PHONE_STATE

  Used only to detect incoming calls for triggering flashlight notifications. No call content or personal data is stored or shared.

- QUERY_ALL_PACKAGES

  Used only when strictly required to enable core features (e.g., app selection and enforcement in AppLock) and only if approved in Google Play’s Declaration. Where possible, we rely on limited package visibility via the <queries> manifest element instead of broad package access. We do not collect private app data or share app lists with advertisers.

- BIND_NOTIFICATION_LISTENER_SERVICE

  Detects notifications to trigger flashlight alerts.

  Also enables the optional Deleted-Message Recovery feature (listens to supported messaging app notifications).

  Details about scope, processing, and controls are in “Notification access for Deleted-Message Recovery.”

- ACCESS_FINE_LOCATION & ACCESS_COARSE_LOCATION

  Used only for location-sharing features as described below. You control when and with whom your location is shared.

(Optional) Storage permissions for Recovery features (app-specific)

- Applies only to apps that include file/message/media recovery. Not requested by apps without recovery features (e.g., pure PDF/document viewers).

- Android 5.1–10: Uses storage access solely to scan files on your device and to save recovered files back to your device.

- Android 11+: May request All files access (MANAGE_EXTERNAL_STORAGE) or scoped media permissions (READ_MEDIA_IMAGES / READ_MEDIA_VIDEO / READ_MEDIA_AUDIO) only when you use recovery features, to scan local data sources and save recovered items.

- We do not automatically modify or delete your local media and do not upload your videos, photos, audios, or other files to our servers.

(Optional) Notification access for Deleted-Message Recovery (app-specific)

- Applies only to apps that include deleted-message recovery. Not requested by apps without this feature.

- When enabled by you, we process notification content on-device from supported messaging apps (e.g., WhatsApp) to detect and reconstruct messages that were later deleted.

- We do not bypass end-to-end encryption and cannot read message databases; we only process content that Android exposes in notifications.

- You can turn this off at any time in Settings.

AppLock-Specific Permissions (app-specific)

- FOREGROUND_SERVICE_SPECIAL_USE

  Runs a persistent foreground service to enforce real-time app locking (keep-alive). Why immediate & not deferrable: detecting app launches and lock events must happen instantly; Android does not replay missed events, so any gap can bypass the lock. A persistent status notification is always shown while protection is active, and users can disable AppLock at any time to stop the foreground service.

- PACKAGE_USAGE_STATS

  Required to detect which app is in the foreground so we can show the lock screen when a protected app is opened. Used locally; no detailed usage histories are uploaded for analytics or advertising.

- SYSTEM_ALERT_WINDOW (Display over other apps)

  Needed to show the lock screen overlay (PIN/pattern/biometric prompt) when a protected app is opened. We do not capture or store the underlying app’s content or screenshots.

- USE_BIOMETRIC / USE_FINGERPRINT

  Allows unlocking apps using system biometrics (e.g., fingerprint/face) via Android’s secure prompt. We do not receive raw biometric data; templates never leave the device.

- QUERY_ALL_PACKAGES (if approved)

  For app selection/enforcement when limited package visibility via <queries> is insufficient. We default to <queries>-based visibility and request this permission only if required and approved. We do not share app lists with advertisers.

- CAMERA (optional, if Intruder Selfie is enabled)

  Allows capturing an intruder photo after failed unlock attempts. Images remain stored locally on your device.

- Media/Storage for AppLock personalization (scoped)

  Lets you select custom lock backgrounds and save captured intruder photos. Files remain on your local storage; no upload.

- ACCESS_NETWORK_STATE & INTERNET

  Used to check network connectivity and serve non-personalized ads or analytics where applicable.

- SET_WALLPAPER (optional)

  Allows users to personalize lock screen wallpaper within AppLock.

2. Information We Collect

2.1 Device & Usage Data

- Device type, OS version, system language, carrier country/name, browser type (if applicable), time zone.

- Device ID (e.g., Android ID) for session management, security, and fraud prevention.

- App information (app name, version/build; SDK name/version).

- Basic log events (e.g., clicks, runtime logs) to improve stability and UX.

- AppLock-specific: Foreground-app events (package names) are processed on-device only to decide when to show the lock screen; minimal diagnostics (e.g., trigger success/error codes) may be kept for stability. We do not build behavioral profiles.

2.2 User-Provided Data

- User Name & Phone Number to create your profile and enable friend-code pairing (if the app includes social/location features).

- Support emails: If you contact us, we receive your email address and message content to respond to you.

- AppLock-specific: Lock preferences you choose (e.g., list of protected apps; PIN/pattern length; biometric on/off). PIN/pattern hashes are stored locally and are not shared. Photos for wallpaper or Intruder Selfie remain on device.

2.3 Location Data

- Foreground & background location only when you have explicitly enabled “Allow tracking this device” (see Section 3).

  Used exclusively for:

  • Real-time mutual location sharing

  • Custom safe-zone alerts

  • Nearby place discovery

- We do not share your location with anyone who has not both: (a) exchanged a valid friend code with you, and (b) you have toggled on “Allow tracking this device.”

2.4 (Optional) Deleted-Message Recovery Data

- Notification content and metadata (e.g., app package, sender name shown in the notification, message text/preview, timestamps) processed locally to detect when a notification message is later deleted and to show a recovered preview.

- Recovered media (if you choose to save) is written locally to your device.

- We do not upload recovered notifications/media to our servers.

3. Location Sharing & Consent

- Mutual Opt-In: Location is shared only after both parties exchange friend codes and both enable “Allow tracking this device.”

- Toggle Control: You can disable sharing at any time by turning off the switch in Profile. When off, no location data is collected or transmitted.

4. Mutual Friend-Code Flow

- Generate Code: You create a unique friend code (or QR) in your Profile.

- Exchange Codes: Trusted contacts enter or scan your code in “Add Friend.”

- Activate Sharing: Both users must enable “Allow tracking this device.”

- Start Tracking: Only then will real-time locations be visible to each other.

5. User Information

- User Name: Personalizes the app and helps friends identify you.

- Phone Number: For account creation, friend verification, or contact-based features. Not publicly visible without consent.

6. Device Information

- We collect device identifiers (such as Android ID) for security, analytics, and fraud prevention to maintain a unique session and detect suspicious activity.

- We do not sell or share personally identifiable information with third-party advertisers. All collected data is handled in compliance with applicable privacy laws and regulations.

7. Information Sharing with Third Parties

We use these services to operate and improve our app. They may collect limited data under their own policies:

- Google Play Services

- AdMob (Ads delivery/measurement) – may receive device identifiers (e.g., Android ID) to serve and measure ads.

- Google Analytics for Firebase (usage analytics) – may receive app list signals, network status, device model, runtime logs, and identifiers to help us understand app performance and usage.

- Firebase Crashlytics (crash diagnostics)

- Mintegral, Meta SDK (Facebook), Pangle, Unity Ads / AppLovin (ad networks & mediation)

We do not sell or share personally identifiable data with advertisers. Third parties may use cookies or similar technologies as described in their policies. You can opt out of Ads Personalization in your device settings.

8. Log Data

If the app encounters an error, we may collect diagnostic information (via third-party tools), such as IP address, device name, OS version, app configuration at the time, time/date of use, and other technical statistics, to investigate and fix issues.

For AppLock, diagnostics do not include the content of protected apps.

9. Cookies

This Service does not explicitly use cookies. However, third-party SDKs may use cookies or similar technologies to improve their services. You can choose to accept or refuse cookies in your device or app settings; refusing cookies may limit some functionality.

10. Service Providers

We may employ third parties to: (i) facilitate our Service, (ii) provide the Service on our behalf, (iii) perform Service-related tasks, or (iv) assist in analyzing Service usage. They have access to Personal Information only to perform these tasks and are obligated not to disclose or use the information for other purposes.

11. Security

We implement commercially reasonable technical and organizational measures to protect your data. However, no system is 100% secure. Use caution when sharing sensitive information.

12. Your Rights & Choices

- Withdraw consent at any time. For example, you can disable Allow tracking this device and/or revoke Notification access to stop location or deleted-message recovery processing.

- Access or revise your information. Contact us to learn what we collect and how it’s processed.

- Delete local data. Except for support emails you send to us, your recovery data and caches are stored on your device. You can clear app cache/storage in system settings to remove local data.

13. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you are a parent/guardian and believe your child has provided us information, or if we learn we collected such information without parental consent, we will delete it.

14. “Do Not Sell My Personal Information” – California

We never sell personal information for commercial purposes. Some ad/analytics partners may use technology that could be deemed a “sale” under CCPA. If you do not want your data used for interest-based ads or potential “sales” under CCPA, you may opt out via your device’s Ads Personalization settings.

15. “Do Not Track” – California

Our Service does not track your browsing across third-party websites. Some third-party sites or SDKs may track per their own policies. You can adjust your browser or device settings to limit such tracking.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post changes here with a revised “Last updated” date, and notify you in-app or via email where appropriate.

17. Contact Us

If you have questions or wish to exercise your data rights, please email us at:

📧 tasimostudiio@gmail.com 

By installing or using our app, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree, please do not use the app.