Privacy Policy

Effective Date: 19th April 2025

SilentSaver ("the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the App. Please read it carefully to understand your rights and how your data is managed.

1. Data We Process

The App is a password manager that stores the following information solely on your device:

• Usernames, passwords, and other info for your accounts you choose to save within the App

• A master password, chosen by you:

  1. is stored as a SHA-256 hash in the app's private storage (Android sandbox) when biometric authentication is disabled

  2. is also encrypted via AES+RSA with keys stored in Android KeyStore when biometric authentication is enabled

• Any additional notes or information you choose to store within the App

We do not collect, store, or have access to any of this data. All data remains encrypted and saved on your device, as long as you decide to keep it.

The App ensures that all sensitive data is securely encrypted before being stored locally on your device. We use Fernet encryption, a symmetric encryption method based on AES-128. Your data is encrypted using a key derived from your master password, ensuring that only you can decrypt and access your stored information. Please be aware that if you forget your master password, it can't be recovered and you cannot access your data anymore.

Standard Technical Data for Optional Features: When you choose to use the optional data breach verification features, your device will transmit standard technical connection data (e.g., IP address) to the relevant third-party provider in addition to the specific data required for the check. 

2. Data Management Features

The App provides the following data management capabilities:

• Export your encrypted data as JSON files

• Import encrypted JSON files (using the same master password)

• Delete all saved data from your device

3. Optional Features and Third-Party Data Sharing

With your explicit consent, the App provides optional features to enhance account security:

A. Username Data Breach Checks

The App can send your usernames to the API of XposedOrNot to verify if they have been involved in any data breaches.

B. Password Data Breach Checks

The App can send the first 5 characters of the SHA-256 hash of your passwords to the API of HaveIBeenPwned to check if they are part of any known data breaches. No passwords are sent in plain text, and only the hash fragment is transmitted. This technique utilizes the 'k-anonymity' method provided by the HaveIBeenPwned API to help protect your privacy, as the full password is never transmitted to HaveIBeenPwned. 

For more details on how these third parties handle your data, please review their privacy policies:

• XposedOrNot: https://xposedornot.com/privacy

• HaveIBeenPwned: https://haveibeenpwned.com/Privacy

Please be aware that when you use these optional features, you are interacting directly with the APIs provided by these third parties. We are not responsible for the privacy practices, data handling, or content of XposedOrNot or HaveIBeenPwned. Your use of their services is solely subject to their respective terms and privacy policies. We encourage you to review them. 

C. Biometric Authentication

The App offers optional biometric authentication to unlock your data. If enabled:

• 1. • Your master password is encrypted and stored locally using the method described in Section 1

     • Biometric data is processed by your device's secure hardware and never stored or accessed by the App

4. Legal Basis for Processing (GDPR Article 6)

We process your data based on:

• Performance of contract: to provide the password management service

• Explicit consent: for optional features involving third-party services

5. Consent and Control

• The optional features are disabled by default and require your explicit consent to be activated

• You can enable or disable these features at any time in the App's settings

• If you choose to enable these features, data will only be transmitted as described above

• You have the right to withdraw consent at any time

6. Security Measures

The App uses robust encryption mechanisms to ensure the safety of your data:

• All sensitive data is encrypted locally using your master password

• The master password is:

  1. stored as a SHA-256 hash in the app's private storage (Android sandbox) when biometric authentication is disabled

  2. also encrypted via AES+RSA with keys stored in Android KeyStore when biometric authentication is enabled

• Data transmitted to third-party APIs is limited and uses secure connections (HTTPS)

• No cloud storage or backup of your data is maintained by us

7. Data Retention

• Your data remains on your device until you choose to delete it

• If you uninstall the App, all associated data will be permanently deleted from your device

• We recommend exporting your encrypted data before uninstalling the App if you wish to retain it

8. User Rights

Under the GDPR and other applicable privacy laws, you have the following rights:

• Right to Access: Access your personal data

• Right to Rectification: Correct your personal data

• Right to Erasure: Delete your personal data

• Right to Data Portability: Export your data

• Right to Object: Object to processing of your personal data (primarily applicable where processing is based on legitimate interests or for direct marketing, neither of which apply to the data stored within the App). 

• Right to Restriction of Processing: Request the restriction of processing of your personal data (primarily applicable in certain circumstances outlined in the GDPR, generally not applicable to data stored solely on your device and controlled by you). 

• Right to Withdraw Consent: Revoke previously given consent

• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where the alleged infringement of the GDPR occurred. In Italy, the competent authority is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it). 

Exercising Your Rights: Given that your credentials and notes are stored and managed exclusively on your device, the rights of Access, Rectification, Erasure, and Data Portability regarding this data must be exercised directly by you using the functionalities integrated within the App (e.g., viewing, editing/deleting entries, using the export function). We do not have the capability to access, modify, or delete your data on your behalf, as we do not store or control it on our systems. The Right to Withdraw Consent for optional features can be exercised through the App's settings. 

For users in California, the App complies with the California Online Privacy Protection Act (CalOPPA) by:

• Providing this Privacy Policy

• Informing users about the use of optional features and data sharing

• Allowing users to use the App without collecting personal information

• Responding to "Do Not Track" signals by not collecting tracking information

9. Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 (nor from any other user of any age). 

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be communicated through the App. The "Effective Date" at the top of this document will indicate the latest update. Continued use of the App after such changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

• Email: niluved0@gmail.com

By using the App, you agree to this Privacy Policy. If you do not agree, please refrain from using the App.