Legal
Privacy Policy
Effective Date: March 19, 2025 · Last Updated: March 19, 2026
🔒 Our Core Promise: Hidelyt stores all your media exclusively on your device.
We do not upload, transmit, or share your photos, videos, or notes with any server or third party — ever.
Hidelyt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains
what information is collected when you use the Hidelyt mobile application ("App"), how it is used,
and your rights regarding your data. By using the App, you agree to the practices described in this policy.
Table of Contents
- Information We Collect
- How We Use Your Information
- Data Storage & Security
- Permissions Explained
- Third-Party Services
- Children's Privacy
- Your Rights & Choices
- Data Retention
- Changes to This Policy
- Contact Us
1. Information We Collect
1.1 Information You Provide
- PIN / Passcode: Your 4-digit unlock PIN is hashed and stored securely on-device using encrypted keychain/keystore storage. It is never transmitted to any server.
- Decoy PIN: If you set an optional decoy PIN, it is stored the same way as your primary PIN — locally encrypted, never transmitted.
- Album names: Custom album titles and organization data are stored in a local encrypted database on your device.
- Private Notes: Note content is stored in an encrypted local database. We never read or transmit your notes.
- App Preferences: Settings such as auto-lock timeout, shake-to-lock, disguise mode, and break-in alert preferences are stored locally in the app's private storage.
1.2 Media You Import
- Photos and videos you choose to import from your device gallery or capture via camera are encrypted and copied into the app's private sandboxed storage on your device.
- Break-in alert photos (captured when an incorrect PIN is entered) are stored encrypted in the app's private storage only — never in your camera roll or on any server.
- We access only the specific media files you explicitly select. We do not scan, read, or index your broader photo library.
1.3 Subscription Information
- Subscription purchases are processed by Apple App Store or Google Play. We do not receive or store your payment card details.
- We receive a subscription status token (active / expired / trial) from RevenueCat to manage your access to premium features.
- No personally identifiable payment information is stored by us.
1.4 Browser History (Private Browser)
- If you use the built-in private browser, browsing history is stored in the app's encrypted local database on your device only.
- You can clear your browser history at any time from within the app.
- We do not receive or process your browsing data on any server.
1.5 Crash & Diagnostic Data
- Anonymized crash reports may be collected to help us improve app stability. These reports contain technical error information only — no media, no PINs, no personal identifiers.
- You may opt out of crash reporting in the app settings.
2. How We Use Your Information
| Purpose | Data Used | Stored Where |
|---|
| Provide vault functionality | Media files, album data | On-device (encrypted) |
| Authenticate app access | PIN hash | On-device (keychain) |
| Break-in alert feature | Front camera photo | On-device (encrypted) |
| Private browser | Browser history, URLs | On-device (encrypted) |
| Manage subscription | RevenueCat status token | RevenueCat servers |
| Improve app stability | Anonymized crash logs | Crash analytics server |
We do not sell, rent, share, or monetize your personal data or media for any advertising, marketing, or analytics purpose.
3. Data Storage & Security
- AES Encryption: All media and sensitive data in the vault is encrypted using industry-standard AES encryption before storage on your device.
- Keychain / Keystore: Your PIN and authentication credentials are stored using Apple's Keychain (iOS) or Android Keystore — the most secure storage available on each platform.
- App Sandbox: Vault contents are stored in the app's private sandboxed directory, inaccessible to other apps or the system file browser.
- No Cloud Backup: Vault contents are intentionally excluded from iCloud and Google Drive backups to protect your privacy.
- No Server Storage: We do not operate servers that store user media. Your vault exists only on your device.
⚠️ Important: Because your data is stored locally and encrypted, Hidelyt cannot recover your vault if you forget your PIN or uninstall the app without creating a backup. Please remember your PIN and use the backup feature regularly.
4. Permissions Explained
| Permission | Platform | Why We Need It |
|---|
| READ_MEDIA_IMAGES | Android 13+ | To browse and select photos from your gallery to import into your vault. |
| READ_MEDIA_VIDEO | Android 13+ | To browse and select videos from your gallery to import into your vault. |
| READ_EXTERNAL_STORAGE | Android ≤ 12 | Same as above for older Android devices. |
| CAMERA | iOS & Android | To capture photos/videos directly into the vault, and for break-in alert selfies. |
| Photo Library | iOS | To let you select photos and videos from your iOS photo library. |
| INTERNET | iOS & Android | For subscription verification (RevenueCat) and the private browser feature. |
You can revoke any permission at any time via your device Settings. Revoking a permission disables the related feature but does not delete your vault data.
5. Third-Party Services
Hidelyt uses the following third-party services for limited, specific purposes:
- RevenueCat: Manages in-app subscriptions and purchase validation. RevenueCat receives an anonymous app user ID and your subscription status. RevenueCat Privacy Policy →
- Apple App Store / Google Play: Handles all payment processing. We never receive your payment card details.
- Crash Reporting (optional): Anonymized crash logs to help us improve stability. Contains no personal data or media.
We do not use advertising SDKs, tracking pixels, or social media integrations in the app.
6. Children's Privacy
Hidelyt is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly
collect personal information from children. If you are a parent or guardian and believe a child has used the app
and provided personal information, please contact us at privacy@hidelyt.com
and we will take appropriate steps.
7. Your Rights & Choices
Depending on your location, you may have the following rights regarding your data:
- Access: View all media and notes stored in your vault at any time through the app.
- Deletion: Delete any or all vault content from within the app. Uninstalling the app removes all locally stored vault data permanently.
- Portability: Use the Backup & Export feature (Premium) to export your entire vault to a file you control.
- Opt-Out of Diagnostics: Disable crash reporting in Settings → About.
- Permission Revocation: Revoke camera or media permissions anytime in your device Settings.
- Subscription Cancellation: Cancel your subscription anytime via the App Store or Google Play. You retain premium access until the end of your billing period.
Since Hidelyt does not collect PII on our servers, most data requests are fulfilled entirely by managing data on your own device. For subscription-related data held by RevenueCat, contact us at privacy@hidelyt.com.
8. Data Retention
- Vault data: Retained on your device until you delete it or uninstall the app.
- Crash logs: Retained for up to 90 days for debugging purposes, then automatically deleted.
- Subscription data: Retained by RevenueCat per their data retention policy.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at
the top of this page and, where required by law, notify users via the app or email. Your continued use of
the app after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: