Zenvut

Privacy Policy

Effective Date: May 31, 2026

1. About Zenvut

Zenvut is a personal offline-first note-taking application designed with a strong local-first privacy architecture. All core functionality operates locally on the user’s device without requiring internet access, cloud accounts, or registration.

The App allows users to create, edit, organise, search, pin, archive, restore, and permanently delete notes with rich text formatting including per-character text colour, highlight, background colour, font size, and shadow styling, as well as alignment controls, lists, live word count, and undo support. Notes can be protected in a Vault using PIN or biometric authentication, including built-in Decoy Vault behaviour.

Zenvut supports encrypted local backups (.znv, AES-GCM), backup restoration, PDF export, Android printing, theme and accent customisation, and category-based organisation with optional on-device smart categorisation.

The App also includes a Smart Planner that locally detects actionable tasks and schedules on-device reminders with recurring reminders, pre-alerts, priority-based notifications, and an optional alarm clock mode. Reminders are automatically rescheduled after device restart.

2. No Account Registration Required

Zenvut does not require and does not support:

•        User accounts or registration

•        Login credentials stored by the developer

•        Cloud accounts of any kind

•        Email addresses provided to the developer (the App can open a user-initiated feedback draft addressed to support.zenvut@gmail.com, but does not transmit email automatically)

•        Subscription accounts

Users interact with the App entirely without providing personal identity information to the developer.

3. No Advertising or Tracking

Zenvut does not include, use, or integrate:

•        Third-party advertising networks or SDKs

•        Analytics SDKs or behavioural tracking systems

•        Advertising identifiers (Google Advertising ID or similar)

•        Session recording, heatmaps, or third-party crash-reporting SDKs

•        User profiling or interest-based targeting

The developer does not sell, rent, or share user notes, content, or personal information with any third party for commercial purposes.

4. Information Stored Locally on Your Device

To function, Zenvut stores the following data locally on the user’s device. This data is stored locally on the user's device using app-private storage mechanisms and Android Shared Preferences. None of it is transmitted to the developer or to any external server.

4.1 Note Content

Note titles, body text, categories, formatting information (bold, italic, underline, bulleted, alignment, and style ranges including per-character text colour, highlight colour, background colour, font size, and shadow), creation timestamps, update timestamps, deletion timestamps, and content hashes.

Note titles, note content, categories, formatting information, and related metadata are stored locally on the user’s device as part of the App’s local storage architecture. Security-sensitive operations such as protected content handling, Vault access, and encrypted backups use Android security mechanisms including Android Keystore–backed encryption where applicable. Encryption keys used for these protected operations are generated and managed locally by the Android operating system and do not leave the device.

4.2 Application Settings

Stored settings may include profile name and avatar selection, Vault PIN and biometric settings, a PBKDF2-derived Vault PIN verification hash and salt, theme and accent choices, Auto Delete Bin, Auto Planner settings, planner alarm mode, default reminder time, PDF watermark settings, Dead Man's Vault settings (including inactivity period and activity timestamp), Auto Backup settings, backup-folder URI, an encrypted default Auto Backup PIN, local backup-history entries, reminder metadata (including pause state and group identifiers), and Smart Category learning data. These settings are stored locally on the device and are not transmitted to the developer.

4.3 Backup Files

Zenvut supports encrypted. znv backups created through 1-Tap Backup and optional scheduled Auto Backup. Backup files contain active non-deleted notes, including archived or Vault notes where applicable. Backups use AES-GCM with a key derived from the backup PIN through PBKDF2-HMAC-SHA256 with 160,000 iterations. The encrypted backup data includes a format version number, an app identifier, and the backup creation timestamp inside the encrypted backup payload.

If the user selects a custom folder through Android’s system folder picker, the App stores a persistent folder permission and writes auto_backup.znv to that location. If no usable custom folder is available, the App stores the encrypted backup in app-internal storage. If the selected folder belongs to an external provider such as Google Drive, that provider may synchronise or process the encrypted file under its own privacy policy. The developer cannot access the file through Zenvut.

4.4 Planner and Reminder Data

When the Auto Planner feature is enabled, the App stores reminder records locally on the user’s device using the App’s local storage architecture. Reminder data includes the associated note identifier, reminder title, scheduled time, optional pre-alert time, completion or expiry status, pause state, recurrence pattern, group identifier, and priority level. This data is processed and stored entirely on-device and is never transmitted externally.

The App uses Android Alarm Manager APIs to schedule on-device reminder alarms. Where supported by the device and Android system configuration, pre-alert reminder notifications may be scheduled approximately 2 hours before the task time when possible, or approximately 30 minutes before when less time remains. When Planner Alarm Mode is enabled, the App schedules alarms using Android’s AlarmClockInfo API, which plays a looping alarm ringtone and displays a persistent notification with a Stop action until dismissed by the user. High-priority reminders (marked as urgent) are delivered through a dedicated high-importance notification channel and display an “⚠ URGENT” prefix in the notification title. Reminder maintenance and cleanup operations may be performed periodically using Android Work Manager to help manage reminder history and expired reminder records. Auto Planner detection is performed only on eligible active Home notes (non-archived, non-locked, and non-deleted) using local task-detection logic designed to identify actionable tasks and date or time references. Active reminders are automatically rescheduled after device restart through Android’s BOOT_COMPLETED broadcast receiver.

Reminder delivery timing may vary depending on Android version, battery optimization settings, device manufacturer restrictions, and system scheduling behaviour. Zenvut cannot guarantee exact delivery times under all Android environments. The Auto Planner relies on local text-detection logic to identify actionable tasks and date or time references within note content. The accuracy and behaviour of this detection depend on the wording, phrasing, and structure of the text written by the user. Certain note content, including ambiguous language, uncommon date

or time formats, informal phrasing, or text that does not conform to patterns recognised by the detection logic, may cause the Auto Planner to behave in unexpected ways. This may include, but is not limited to, reminders not being scheduled when the user expected them to be, reminders being scheduled at a time the user did not intend, or reminders firing at an unreasonable or unexpected time. The App does not guarantee that the Auto Planner will correctly interpret all note content, and users should verify that reminders have been scheduled as intended after entering note content.

4.5 Notification Privacy

Reminder notifications generated by the App are displayed through Android’s system notification framework. Depending on device settings, Android version, wearable devices, accessibility services, notification history features, companion apps, or third-party notification-sync software, notification content may be stored, mirrored, synchronised, logged, displayed, or otherwise processed outside the App by Android system components or third-party services selected or enabled by the user.

Zenvut does not control, monitor, access, transmit, or manage how Android, device manufacturers, wearable integrations, accessibility services, notification readers, AI assistants, calendar integrations, automation tools, productivity services, or third-party applications process notifications after Android delivers them to the operating system.

Some third-party systems may analyse, duplicate, transform, synchronise, or generate reminders, calendar events, tasks, suggestions, or related actions based on Android notifications. Any such behaviour occurs independently outside the control, responsibility, and data-processing scope of Zenvut.

Some Android devices and Android versions may also support notification history or notification logging features that retain previously displayed notifications locally on the device. Notification previews shown outside the App may expose limited reminder text or note titles depending on Android lock-screen settings.

Android behaviour may vary across manufacturers, Android versions, custom ROMs, accessibility services, notification systems, wearable integrations, and third-party software, and Zenvut cannot guarantee identical privacy behaviour across all Android environments.

5. No Automatic Data Transmission

Zenvut does not automatically transmit data to the developer or any developer-operated server. However, if the user explicitly enables Auto Backup, the App periodically writes an encrypted .znv backup to app-internal storage or to the user-selected document-provider folder. An external provider may synchronise that encrypted file independently.

Zenvut does not automatically collect, transmit, upload, or share any of the following:

•        Note content or note metadata

•        Personal information of any kind

•        Device identifiers, IMEI, or advertising identifiers

•        IP addresses

•        Location data

•        Contacts, messages, photos, audio, or voice recordings

•        Usage patterns or in-app behaviour

•        Crash reports or diagnostic data

•        Automatic transmission of user data over the internet

Zenvut does not require or request access to Camera, Microphone, Photos/Media library, broad file-storage access, Contacts, or Location for normal operation. Core app data is stored locally on your device unless you

intentionally export, print, share, copy, or transfer it. When importing backups, exporting files, or selecting save locations, Zenvut uses the Android system file picker and does not require broad storage access.

If users enter note content using voice typing, speech-to-text, or a third-party keyboard, audio processing is handled by that keyboard or operating system service. Zenvut does not access, collect, store, process, receive, or transmit microphone audio, voice recordings, or speech data.

The App is designed so that all core note, vault, planner, reminder, backup, and categorisation functionality operates locally on-device without requiring internet connectivity.

Zenvut requests only Android permissions required for locally operated app functionality supported by the installed version of the App. Depending on Android version and enabled features, these permissions may include:

• Biometric or fingerprint authentication support for Vault unlocking

• Notification permission support for reminder alerts

• Exact alarm scheduling permission for time-sensitive planner reminders

• Vibration support for reminder alerts

• Boot-completed handling to restore reminders after device restart

Zenvut does not request Android INTERNET permission, advertising identifier access, contact access, microphone access, camera access, location access, or unrelated device permissions. AndroidX WorkManager merges the following support permissions into the APK: WAKE_LOCK, ACCESS_NETWORK_STATE, and FOREGROUND_SERVICE. ACCESS_NETWORK_STATE does not grant internet access.

6. Security Architecture

6.1 On-Device Protection and Encryption

Security-sensitive operations within the App, including Vault-related protection features and encrypted backup functionality, use AES-GCM encryption backed by Android security mechanisms where applicable. Encryption keys used for these protected operations are generated and managed locally on the device. Where AES-GCM encryption is used, a unique initialisation vector (IV) is generated for each encryption operation and stored alongside the encrypted data as required for decryption.

6.2 Backup Encryption

Encrypted backup files use AES-GCM with a key derived from the user’s backup PIN using PBKDF2-HMAC-SHA256 with 160,000 iterations and a 16-byte random salt. The salt and IV are stored within the backup file alongside the ciphertext. The raw backup PIN is never stored on the device or transmitted anywhere.

6.3 Backup PIN Verification

The backup PIN is verified on-device using a stored PBKDF2-derived hash and salt. The verification uses MessageDigest.isEqual() for constant-time comparison to help reduce timing-attack risks. The raw PIN is never persisted.

6.3a Auto Backup PIN Storage

To support scheduled and 1-Tap backups without requiring the PIN to be entered each time, Zenvut may store a recoverable encrypted copy of the default Auto Backup PIN. This value is protected locally using Android Keystore-backed encryption and is not transmitted to the developer. This is separate from the Vault PIN verification hash and salt.

6.4 Biometric Authentication

Biometric authentication (such as fingerprint or face unlock, where supported by the device) for the Vault is handled entirely by Android biometric system services and the Android Biometric Prompt framework. Zenvut does not collect, receive, store, process, or transmit fingerprint data, face data, biometric templates, or any biometric information. Biometric data is managed exclusively by Android system services.

6.4a Send Feedback

When the user selects Send Feedback, Zenvut asks the installed email application to prepare an email draft addressed to support.zenvut@gmail.com. The draft includes the App version, device manufacturer and model, Android version, and any text entered by the user. The App does not send the email automatically. If the user sends it, the email application and email provider process the message under their own privacy practices.

6.5 Secure Window Flag

To help protect sensitive content, Zenvut may apply the Android FLAG_SECURE window flag on sensitive interfaces while those interfaces are active. When enabled, this helps reduce exposure of protected content in screenshots, screen previews, and the recent apps view.

6.6 Smart Category Engine

The Smart Category Engine analyses note text locally using keyword-based scoring across four categories (Personal, Work, Ideas, and Tasks) and an adaptive learning layer. Keyword scoring awards higher weight to title words than body words. When a user manually corrects a category, the engine records only words longer than three characters in Android Shared Preferences to improve future suggestions for that user. A confidence gap check is applied: if the score difference between the top two candidate categories is less than one point, the engine conservatively retains the existing category rather than suggesting a change. No note content, category data, learning data, reminder data, or derived analysis results are transmitted externally. Analysis is skipped for notes exceeding 60 words to maintain performance.

6.7 Smart Planner and Task Detection

The Smart Task Detector locally analyses eligible active Home notes (non-archived, non-locked, and non-deleted) to identify actionable tasks with recognised date or time references. Detection is skipped for note bodies exceeding 100 words. Notes containing priority keywords such as “urgent”, “asap”, or “critical” result in high-priority reminder records. The ReminderManager uses Levenshtein distance–based title similarity (allowing up to 30% character difference) to match detected reminders to existing records when group identifiers are absent, preventing duplicate reminders when note content is lightly edited. Detected tasks and reminder data remain stored only on-device, and recurring reminders automatically generate new local alarm entries after completion or expiry.

6.8 Decoy Vault

The Vault supports a Decoy mode. When a PIN is entered and confirmed but does not match the real vault PIN, the App displays a set of placeholder notes instead of the actual vault contents. This is an entirely on-device mechanism. No real vault data is exposed or transmitted when Decoy mode is active. Decoy Vault content is generated locally on-device and is separate from the user’s protected vault content.

7. Export, Sharing, Printing, and Backup

Zenvut does not automatically transmit data to the developer or any developer-operated server. However, if the user explicitly enables Auto Backup, the App periodically writes an encrypted .znv backup to app-internal storage or to the user-selected document-provider folder. An external provider may synchronise that encrypted file independently.

The following actions occur only when initiated by the user:

•        Export notes as PDF files using the Android file picker

•        Print notes through the Android Print Manager

•        Copy note content using the Android clipboard system

•        Create encrypted local backup files (.znv, AES-GCM) in user-selected locations

•        Import local backup files selected by the user

Exported or printed content may optionally contain locally generated watermark-style labels, overlays, or identifiers depending on app functionality or user-selected settings. Clipboard contents may also become temporarily accessible to Android system services, accessibility services, clipboard managers, or other installed applications depending on device configuration.

Once content is exported, copied, printed, shared, synchronised, uploaded, or transferred outside the App, it may become subject to the privacy practices, retention policies, accessibility rules, and security measures of third-party services, cloud providers, keyboards, wearable devices, notification-sync systems, printer services, clipboard managers, or other software selected or installed by the user. The developer is not responsible for third-party handling of exported content, and users are solely responsible for reviewing content before distributing it outside the App.

8. Recycle Bin and Deletion Controls

Notes moved to the Recycle Bin remain stored locally until restored or permanently deleted. If Auto Delete Bin is enabled, eligible non-vault notes may be automatically permanently deleted after 30 days. Vault notes removed through “Reset Vault” may be permanently deleted immediately without entering the Recycle Bin.
The developer has no access to deleted notes at any point.

9. No Warranty

Zenvut is provided free of charge on an “AS IS” and “AS AVAILABLE” basis without warranties of any kind, express or implied.

To the maximum extent permitted by applicable law, the developer makes no representations or guarantees regarding:

•        Availability, reliability, or continuous operation

•        Compatibility with any specific device or Android version

•        Protection against every possible security threat, device compromise scenario, or attack vector

•        Stability or freedom from bugs

•        Data preservation or backup integrity

The App may experience unexpected behaviour including crashes, bugs, import or export failures, reminder failures, accidental note deletion, backup issues, or data loss. Users are solely responsible for maintaining their own backups and verifying exported data.

10. Limitation of Liability

To the fullest extent permitted by applicable law, the developer shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from or related to:

•        Use of the App

•        Inability to use the App

•        Lost, corrupted, or unrecoverable notes

•        Backup or import failures

•        Device or operating system malfunctions

•        Security issues caused by the device, Android OS, or third-party software

•        Data loss of any kind

Users use the App entirely at their own discretion and risk.

11. User Responsibility

Users are solely responsible for:

•        Maintaining secure, up-to-date backups of their notes

•        Verifying the integrity of exported and imported backup files

•        Protecting their devices, PINs, and biometric credentials

•        Using the App lawfully and for its intended purpose of personal note-taking and productivity

12. Children’s Privacy

Zenvut is designed without account systems, analytics systems, advertising SDKs, or automatic personal-data collection mechanisms. Because the App operates entirely offline and does not include account systems, user registration, or automatic data transmission, the developer does not maintain personal user databases of any kind.

13. Changes to This Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in the App’s features or applicable legal requirements.

Updated versions will replace previous versions within the App or in the app store listing. Continued use of the App after an update constitutes acceptance of the revised Privacy Policy.

14. Governing Law and Jurisdiction

This Privacy Policy and the use of Zenvut shall be governed by and interpreted in accordance with the laws of India.

To the extent permitted by applicable law, legal matters relating to the App or this Privacy Policy should generally be handled under the laws and jurisdiction of Kolkata, West Bengal, India.

By using the App, users agree to submit to the jurisdiction of such courts.

15. Contact

For privacy-related questions or concerns, please contact the developer:

Developer: Arnab Roy

Email: support.zenvut@gmail.com

16. Acceptance

By installing or using Zenvut, you acknowledge that you have read and understood this Privacy Policy, including the following:

•        The App is provided free of charge

•        Core app data is stored locally on your device unless you intentionally export, print, share, copy, or transfer it

•        The developer does not collect, transmit, or have access to your notes or personal content

•        Use of the App is at your own discretion and risk

•        Continued use of the App constitutes acknowledgement of this Privacy Policy.

Thank you for using Zenvut.