Your privacy is
our highest priority.

This policy explains exactly what data we collect (spoiler: none), what permissions we use, and why.

Last Updated: February 28, 2026

Aeroloom Studio

Global

Zero Data Collection

No Internet Required

No Ads or Tracking

No Cloud Sync

Fully On-Device

Section 01

Our Privacy Promise

App Lock is built with privacy-first principles:

NO data collection whatsoever
NO analytics or tracking services
NO advertisements or ad networks
NO internet connection required
NO cloud storage or syncing
NO third-party integrations
NO user accounts or registration
NO cookies or tracking pixels
NO behavioral profiling
NO data sharing with anyone

Everything you do in App Lock stays on your device. Period.

Section 02

What Data We DO NOT Collect

We want to be crystal clear about what we DON'T collect:

Personal Information: No name, email, phone number, or identifying information
Usage Data: No tracking of which apps you lock or usage patterns
Device Information: No device IDs, IP addresses, or hardware information
Location Data: No location information whatsoever
Photos/Videos: Your vault contents never leave your device
Contacts: We don't access your contacts
Messages: We don't read your SMS or messaging apps
Browsing History: We don't track your web browsing
Crash Reports: We don't collect crash reports or error logs
Performance Metrics: We don't measure app performance or behavior

In short: We collect NOTHING. Zero. Nada. Zilch.

Section 03

How Your Data is Stored

All data is stored locally on your device using Android's secure storage mechanisms with military-grade encryption:

PIN/Pattern/Password: Stored in encrypted SharedPreferences on your device
Security Question & Answer: Stored locally, never transmitted
Locked Apps List: Stored in local app preferences
Vault Photos/Videos: Encrypted using AES-256-GCM encryption and stored in the app's private directory. Files are encrypted with keys stored in Android KeyStore, making them unreadable even if someone gains access to your device storage.
Intruder Photos: Stored locally in the app's private directory
App Settings: All preferences stored in local SharedPreferences

Vault Encryption Details:

Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)
Key Storage: Android KeyStore (hardware-backed when available)
Each file is encrypted with a unique initialization vector (IV)
Files are stored with .enc extension and are completely unreadable without the app
Even with root access or file manager, encrypted files cannot be viewed
Encryption keys never leave the secure hardware element

None of this data is uploaded to any server, shared with any third party, accessible to other apps, backed up to cloud services (unless you enable Android's backup feature), or transmitted over the internet.

Section 04

Android Permissions — Complete Breakdown

Here's every permission we request and exactly why:

PACKAGE_USAGE_STATS Usage Access

WhyTo detect when you open a locked app so we can show the lock screen

When UsedContinuously while the app lock service is running

We SeeOnly the package name of the app being opened

We Don'tWhat you do inside apps, your app content, or any personal data

RevocableYes, but app locking won't work

SYSTEM_ALERT_WINDOW Display Over Apps

WhyTo show the lock screen on top of locked apps

When UsedWhen you try to open a locked app

We SeeNothing - this just allows us to display our UI

RevocableYes, but lock screen won't appear

CAMERA Optional

WhyFor Intruder Selfie feature only

When UsedONLY after 3 wrong PIN attempts (not before)

We StorePhotos stored locally in app's private directory only

We Don'tNever access camera in background, never upload photos, never share with anyone

RevocableYes, intruder selfie won't work but app locking still works

ImportantCamera is NEVER activated when you open a locked app - it only activates after the 3rd wrong PIN attempt

POST_NOTIFICATIONS Android 13+

WhyTo show the persistent notification that App Lock is protecting your apps

When UsedWhile the app lock service is running

We SeeNothing - this just allows us to show notifications

RevocableYes, but you won't see the protection status notification

USE_BIOMETRIC Normal

WhyTo allow fingerprint/face unlock as an alternative to PIN

When UsedOnly when you enable biometric unlock in settings

We SeeNothing - Android handles all biometric authentication

We StoreNothing - biometric data stays in Android's secure hardware

RevocableNo (it's a normal permission), but you can disable biometric unlock in settings

VIBRATE Normal

WhyTo provide haptic feedback when you enter wrong PIN

When UsedOnly when vibration is enabled in settings and you enter wrong PIN

We SeeNothing - this just triggers device vibration

RevocableNo (it's a normal permission), but you can disable it in settings

RECEIVE_BOOT_COMPLETED Normal

WhyTo start app protection automatically when device boots

When UsedOnce when your device starts up

We SeeNothing - this just allows us to start our service

RevocableNo (it's a normal permission)

REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Normal

WhyTo ensure app lock service runs reliably in background

When UsedOnce during setup

We SeeNothing - this just requests battery optimization exemption

RevocableYes, but service may be killed by system

FOREGROUND_SERVICE & FOREGROUND_SERVICE_SPECIAL_USE Required

WhyTo run the app monitoring service that detects locked app launches

When UsedWhile app lock is active

We SeeNothing - these are technical permissions for service operation

RevocableNo (they're required for the service to function)

QUERY_ALL_PACKAGES Required

WhyTo show you a list of installed apps so you can choose which to lock

When UsedWhen you open the app list screen

We SeeList of installed app names and icons

We Don'tApp contents, usage data, or personal information

RevocableNo (it's required to show the app list)

BIND_NOTIFICATION_LISTENER_SERVICE Optional

WhyTo hide notification content from locked apps (optional privacy feature)

When UsedOnly if you enable notification hiding in settings

We SeeNotification package names only (to determine if they're from locked apps)

We Don'tNotification content, messages, or personal data

RevocableYes, notification hiding won't work but app locking still works

IMPORTANT: None of these permissions are used to collect, transmit, or share your data. All permissions are used solely for app functionality on your device.

Section 05

Camera Permission — Detailed Explanation

Since camera access is sensitive, here's exactly how we use it:

INTRUDER SELFIE FEATURE:

ONLY activates after 3 wrong PIN attempts - camera is NEVER accessed before this
Camera is NOT initialized when you open a locked app
Camera is NOT running in the background
Takes a single photo using front camera only after the 3rd wrong attempt
Photo is saved to app's private directory on your device (not accessible to other apps)
Photo is NEVER uploaded, transmitted, or shared with anyone
You can view and delete intruder photos anytime in the Intruder Gallery
Feature can be completely disabled in settings
If camera permission is not granted, feature simply won't work (app locking still works)

CRITICAL PRIVACY NOTE: The camera is NEVER activated when you open a locked app. It only activates after someone enters the wrong PIN 3 times. This ensures your privacy is protected and the camera is only used for security purposes.

WE NEVER:

Access camera in the background or without explicit trigger
Access camera when you open a locked app (only after 3 wrong attempts)
Record video
Upload photos or face data
Share camera data with anyone
Use camera for any purpose other than intruder detection
Store photos anywhere except the app's private directory on your device

WHERE INTRUDER PHOTOS ARE STORED:

Location: App's private directory (/data/data/com.aeroloomstudio.applock/files/intruders/)
Access: Only accessible by App Lock, not by other apps or file managers
Encryption: Stored in app's private storage (protected by Android's app sandboxing)
Deletion: Automatically deleted when you uninstall the app
Manual Deletion: You can delete individual photos or all photos from Intruder Gallery

Section 06

Pro Version & Billing

App Lock offers optional Pro upgrades (Monthly, Yearly, and Lifetime plans) handled securely through Google Play Billing:

Google Play processes all payments (we never see your payment information)
Monthly ($2.99/month) and Yearly ($29.99/year) plans are subscriptions that automatically renew unless canceled
Lifetime plan ($59.99 one-time payment) provides permanent Pro access
You can manage or cancel your subscriptions at any time directly through the Google Play Store app
We only receive a purchase confirmation status from Google Play to unlock Pro features
Pro features work entirely offline and no additional data is collected for Pro users
When you cancel a subscription, Pro features are automatically revoked at the end of the billing period

Section 07

Third-Party Services

App Lock uses ZERO third-party services. No analytics, crash reporting, ad networks, cloud storage, social media integrations, or push notification services.

The ONLY external service involved is Google Play Store for Pro version purchases, which is handled entirely by Google's payment system. We never see your payment information.

Section 08

Children's Privacy

App Lock does not collect any data from anyone, including children under 13. Since we don't collect any personal information, we comply with COPPA by default.

Section 09

Your Rights

Since we don't collect any data about you, there's no data to request, delete, export, or correct. You have complete control over your data because it never leaves your device.

Section 10

Changes to This Policy

If we ever change this privacy policy, we will update the "Last Updated" date at the top of this page. Since we don't collect any data, any changes would likely be to clarify our existing practices or add information about new features.

Questions or Concerns?

If you have any questions about this Privacy Policy, please contact us:
aeroloomstudio@gmail.com

Response time
48–72 hours

Your privacy isour highest priority.