This privacy policy applies to the "Phone clone - Data transfer" app (referred to as the "App") on mobile devices. It explains what information we collect, how we use it, and your choices regarding your data.
Last updated: 22-Dec-2025
Data Controller & Data Protection Officer (DPO)
Data Controller: Tap into apps: developer@digitalrootstech.com
DPO: No DPO has been appointed. For privacy/DPO inquiries, contact developer@digitalrootstech.com
Data Collection
Our app does not upload or collect personal files (photos, messages, documents) from your device to our servers. However, third-party services integrated into the App (for analytics, crash reporting and advertising) may collect certain device and usage data. We also collect minimal on-device information required to perform data transfer. Below is a clear breakdown of the data collected, its purpose, and how it is used. These third-party services and our app may collect or process the following categories of data. We explain what is collected by the App itself (on-device) and what is collected by third parties.
Google Analytics for Firebase
Data Collected:
• Device information (device model, OS version, app version, anonymous device identifiers)
• App usage data (session duration, feature interactions, events triggered)
• Crash / diagnostic events (as configured)
Purpose of Collection:
• Monitor app performance and user engagement
• Identify and fix technical issues and crashes
• Analyze feature usage to improve the app
• Measure installs and campaign effectiveness
Data Usage:
• Analytics data is used in aggregated or pseudonymized form. Firebase may retain analytics according to its own retention policies. We do not use Firebase to access your personal files.
AdMob (Google Ad Services)
Data Collected:
• Advertising ID (Ad ID) — a platform advertising identifier
• Device information (model, OS), app usage related to ads (ad interactions)
Purpose of Collection:
• Display relevant advertisements (personalized or non-personalized based on user choice)
• Measure ad performance and effectiveness
• Prevent click fraud and enforce ad policy compliance
Data Usage:
• Advertising ID: We (and AdMob) may collect the Android Advertising ID (Ad ID) to provide and measure ads. AdMob receives advertising identifiers and may combine them with other data under Google’s policies. You may opt out of personalized advertising using your device or Google ad settings (see “Ads & opt-out” below).
Firebase Crashlytics
Data Collected:
• Crash logs and diagnostic data (stack traces, device model, OS version, app version, session data)
Purpose of Collection:
• Identify and diagnose app crashes and stability issues
• Improve app reliability and user experience
Data Usage:
• Crash data is used for debugging and is processed by Crashlytics according to Firebase policies.
For more details, please review the privacy policies of these services:
Our app uses certain permissions to enable secure and reliable file sharing. We do not collect, store, or share any personal information from these permissions. Each permission is used only for its stated purpose.
ACCESS_WIFI_STATE
• Purpose: Check the device’s WiFi status
• Why Needed: Required to detect WiFi availability for Nearby or P2P connections
CHANGE_WIFI_STATE
• Purpose: Enable or disable WiFi and modify WiFi configuration
• Why Needed: Required to connect to the receiver’s WiFi hotspot during file transfer
CHANGE_NETWORK_STATE
• Purpose: Change network connectivity state
• Why Needed: Required to establish and manage transfer-related connections
INTERNET
• Purpose: Allow network communication
• Why Needed: Used only for WiFi-based communication between sender and receiver devices
ACCESS_FINE_LOCATION
• Purpose: Access precise location
• Why Needed: Android requires this for WiFi-based Nearby device discovery
ACCESS_COARSE_LOCATION
• Purpose: Access approximate location
• Why Needed: Required on older Android versions for discovering nearby devices via WiFi
NEARBY_WIFI_DEVICES
• Purpose: Discover and connect to nearby devices
• Why Needed: Allows the app to detect nearby receivers without location permission on Android 12+
READ_EXTERNAL_STORAGE (Android 10 and below)
• Purpose: Read files stored on the device
• Why Needed: Required to select and transfer your media and documents
WRITE_EXTERNAL_STORAGE (Android 10 and below)
• Purpose: Save files to device storage
• Why Needed: Required to store received files
MANAGE_EXTERNAL_STORAGE (Android 11+ / API 30+)
• Purpose: Access all file types on the device
• Why Needed: Required for file transfer functionality due to scoped storage restrictions
READ_CONTACTS
• Purpose: Read contacts on the device
• Why Needed: Required only if you choose to transfer contacts
WRITE_CONTACTS
• Purpose: Modify or delete contacts
• Why Needed: Required when transferring or restoring contacts during device-to-device migration
BLUETOOTH (Legacy Android 11 and below)
• Purpose: Basic Bluetooth functionality
• Why Needed: Required for older devices to perform Bluetooth operations
BLUETOOTH_ADMIN (Legacy)
• Purpose: Bluetooth management
• Why Needed: Used to enable, disable, or manage Bluetooth during transfers
BLUETOOTH_SCAN (Android 12+)
• Purpose: Scan nearby Bluetooth devices
• Why Needed: Required to find nearby devices during pairing
BLUETOOTH_CONNECT (Android 12+)
• Purpose: Connect to Bluetooth devices
• Why Needed: Required to establish Bluetooth connections
BLUETOOTH_ADVERTISE (Android 12+)
• Purpose: Allow device advertising
• Why Needed: Required when the device needs to be discoverable
CAMERA
• Purpose: Access the camera
• Why Needed: Used only to scan QR codes for quick device-to-device connection
QUERY_ALL_PACKAGES
• Purpose: View installed apps
• Why Needed: Required to allow you to select apps for transfer
REQUEST_DELETE_PACKAGES
• Purpose: Request app uninstallation
• Why Needed: Used only for optional cleanup/storage management tools
android.hardware.camera (required="false")
• Purpose: Declare camera availability
• Why Needed: Ensures devices without cameras can still install the app
android.hardware.bluetooth_le (required="false")
• Purpose: Declare Bluetooth Low Energy availability
• Why Needed: Ensures devices without BLE support are not excluded
Our app uses Google’s Nearby Connections API to enable secure, offline file transfer between two Android devices. This technology allows devices to discover each other and exchange files using peer-to-peer (P2P) communication over WiFi, WiFi Direct, or Bluetooth, without needing an internet connection.
We do not collect, store, or send any transferred data to external servers. All actions happen locally between the two devices chosen by the user.
The receiving device broadcasts its availability using a Nearby Connections service ID, which includes a temporary device name and a short session code.
The sending device scans for nearby devices using the same service ID.
Users can select the receiver either by:
scanning a QR code containing the session code, or
selecting the device from the discovered list.
The sender sends a connection request.
The receiver manually accepts or rejects the request.
Once accepted, the Nearby API establishes a secure, encrypted P2P connection.
The app only exchanges small, temporary identifiers (like device names and optional avatars) to help users recognize the device on the screen. This information is not uploaded or shared externally.
Once the secure connection is established:
The sender transfers each file as a binary payload using Nearby Connections.
The API automatically selects the best transport (WiFi Direct, Bluetooth, or WiFi LAN) depending on device capabilities and distance.
Each file includes basic metadata (e.g., filename, size, type) so it can be saved correctly on the receiving device.
Photos, videos, documents
Audio files, archives (ZIP)
APK files
Contacts (VCF format)
The receiving device saves files locally in the Downloads/FileTransfer folder.
The app displays real-time progress such as transfer speed, percentage completed, and file names.
We do not access or transmit any user files except the ones the user intentionally selects for transfer.
Users can cancel individual file transfers at any time.
If the connection is interrupted (distance, interference, or device issues), the app shows a reconnect/exit prompt.
After all transfers complete, the app displays a summary containing:
total files transferred
total data size
transfer duration
average speed
These summaries are stored only on the user’s device using a local Room database so users can view their transfer history.
This data is not uploaded, synced, or shared with external servers.
The Nearby Connections API handles encryption, authentication, and transport selection.
All communication happens offline, device-to-device.
The app never collects, logs, or transmits:
personal data
transferred files
contact information
device identifiers
location data
Everything stays local to the user’s device, and users are always in control of what is transferred.
Security
We value your trust in providing us with the permissions necessary to protect your device. We are committed to ensuring that the App operates securely and that your privacy is maintained. Communications for updates and any minimal data exchanges occur over encrypted channels (HTTPS/TLS). However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure and reliable, and we cannot guarantee absolute security.
Ads & opt-out
We show ads via AdMob/Google Ad Services. AdMob may use the Advertising ID and other signals to serve personalized ads. You can opt out of ad personalization via your device settings (Settings → Google → Ads → Opt out of Ads Personalization) or by disabling personalized ads in-app where provided. If you are located in the EU/EEA, the App will request consent for personalized ads where required by applicable law using a consent dialog/CMP.
Advertising ID & device identifiers — linked/shared: We (and AdMob) collect the Android Advertising ID and device identifiers to provide and measure ads. This data is shared with AdMob and other ad partners for advertising, measurement, and fraud prevention. We do not link the Advertising ID to your personal name or account details.
Data Sharing & Retention
Sharing:
• We share only what is necessary with our service providers (ad networks, analytics and crash reporting providers).
• We do not sell your personal files or contents to third parties.
• We do not share a user’s identifiable installed-app inventory with any third party. Any app-related telemetry we send to analytics partners is aggregated or pseudonymized and cannot be used to identify a specific user or their installed apps.
Retention:
• On-device scan history and scan results are stored locally until you clear them or for up to 12 months, whichever comes first.
• Analytics and crash data are retained by third-party providers for up to 14 months unless you request deletion and the provider supports deletion. For precise retention see the provider policies (Firebase/Google).
• Advertising identifiers used for ads are handled according to Google/AdMob retention practices.
GDPR & Data Subject Rights
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR). We process your data only where we have a legal basis to do so (such as your consent, the performance of a contract, or our legitimate interests).
Your GDPR rights include:
• Right of access — request a copy of personal data we hold about you.
• Right of rectification — request correction of inaccurate or incomplete data.
• Right of erasure — request deletion of your personal data where we have no lawful basis to retain it.
• Right to restrict processing — request limitation of processing in certain situations.
• Right to data portability — request a machine-readable copy of your data.
• Right to object — object to processing, including profiling and direct marketing.
• Right to withdraw consent — if we process data based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Legal basis for processing (GDPR):
• Performance of a contract / provision of the App’s core functionality — On-device scanning and scanning-related processing needed to provide the data transfer service.
• Consent — For personalized advertising and certain analytics in regions that require consent (e.g., EU/EEA).
• Legitimate interests — Fraud prevention, security, debugging and product improvement. We balance these interests against your privacy.
• Legal obligations — when required by law.
How to exercise your GDPR rights:
To exercise any of these rights, contact us at developer@digitalrootstech.com. We will verify your identity and aim to respond to your request promptly — typically within 30 days. If we need more time due to the complexity of your request, we may extend the period by up to 15 additional days and will notify you with reasons for the extension.
California (CCPA/CPRA) — Your rights (if you are a California resident)
Under the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), California residents have the following rights:
• Right to know — the categories of personal information collected, used, shared, or sold.
• Right to access — request a copy of specific pieces of personal information collected about you.
• Right to delete — request deletion of personal information collected from you.
• Right to opt-out — opt-out of the sale or sharing of personal information for cross-context behavioral advertising.
• Right to non-discrimination — you have a right not to receive discriminatory treatment for exercising privacy rights.
How to exercise CCPA/CPRA rights & opt-out of sale/sharing:
If you are a California resident and want to exercise these rights or opt-out of sale/sharing, email developer@digitalrootstech.com with the subject line “CCPA Request / Do Not Sell or Share My Info” and provide the following: your name, email address used with the App (if any), device identifier (Advertising ID or device ID), and a clear description of your request. We will verify your request and respond within 45 days of receipt. If necessary, we may request additional information to verify your identity. Authorized agents may submit requests on your behalf with proper written authorization.
Virginia (VCDPA) — Your rights
If you are a resident of Virginia you may exercise similar rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, data portability, and the right to opt-out of targeted advertising or the sale of personal data. To exercise these rights, contact developer@digitalrootstech.com with the subject line “VCDPA Request.” We will verify and process the request.
Brazil (LGPD) — Your rights
If you are in Brazil, you have rights under the LGPD including access, correction, deletion, anonymization, portability, and the right to withdraw consent. To exercise these rights, contact developer@digitalrootstech.com with the subject line “LGPD Request.” We will verify and process the request.
How we verify requests & required info
For security and privacy, we must verify identity before fulfilling requests. For most requests, please provide: your name, contact email, device Advertising ID (or a screenshot of the app’s About page showing the device/app version), and a description of the request. For agent requests we require a signed consent/authorization from the data subject. We will not be able to process requests without sufficient verification.
Right to lodge a complaint with a supervisory authority
If you believe your rights under data protection laws have been violated, you may lodge a complaint with your local data protection authority (for example, the Information Commissioner’s Office (ICO) in the UK or your country’s supervisory authority). If you are in the EU/EEA you can contact your national supervisory authority.
Children Policy
Age restriction: This App is not intended for children under 13 years of age. If you are a parent and believe your child has provided us with personal information, contact us at developer@digitalrootstech.com.
User Consent
By granting the requested permissions and using the App, you allow it to perform its intended functions, which include discovering nearby devices, connecting securely, and transferring files between devices.
If you decline certain permissions, some features may not work as intended. For example:
Storage access: Required to select files to send or save received files. Without it, file transfer will be limited or unavailable.
QUERY_ALL_PACKAGES: Required to allow you to select apps for transfer. Denying it will limit app transfer functionality.
Camera: Required to scan QR codes for quick device-to-device connection.
Bluetooth / Nearby devices permissions: Required to detect and connect to nearby dev
You remain in full control of what files and apps are shared, and all transfers happen locally on your device.
Changes to This Privacy Policy
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal/regulatory reasons. We will notify users of material changes by updating the “Last updated” date on this page and, where appropriate, by notifying users in-app.
Contact Us
If you have any questions, concerns or requests about this Privacy Policy or our data practices, or to submit requests under GDPR/CCPA/VCDPA/LGPD, please contact us at: developer@digitalrootstech.com