Calculator Lock / Photo Vault Privacy Policy

1. Who We Are and Scope

Calculator Lock / Photo Vault is operated and published by Sababa Creations. This Policy applies to the Calculator Lock Android app, in-app privacy and legal pages, app support interactions, and related app functionality.

This Policy does not control third-party apps, websites, advertisers, payment services, Google Play, Firebase, AdMob, Meta/Facebook Audience Network, Android, device manufacturers, email providers, file managers, browsers, cloud storage apps, gallery apps, media players, or other services that you choose to use with or through the app. Those services may handle information under their own privacy policies.

For privacy or support questions, contact support@sababasystems.com. The public Privacy Policy page for the app is https://sababasystems.com/calculator-lock/privacy/.

2. Privacy Model Summary

Do not interpret this Policy as saying "no data collected" or "data never leaves your device." The app-owned vault content model is local-first, but third-party SDKs and user-selected actions can involve data processing outside the local vault.

3. Information the App Handles

3.1 Vault content and local vault metadata

• Photos, videos, audio files, PDFs, documents, and other supported files that you import.
• Secure Notes, including encrypted note titles, bodies, pinned state, search/display state, and deletion state.
• Generated thumbnails, previews, indexing records, and limited cache files used to display or manage vault content.
• File information such as file name, MIME type, file size, media type, dimensions, duration, timestamps, hashes, album assignment, favorite status, Trash status, and scheduled deletion time.
• Source-embedded metadata where present in the original file, such as EXIF orientation, camera make/model, capture date, image size, GPS/location metadata, and other media or document metadata.
• Vault/session information such as local vault identifiers, optional vault nicknames shown after unlock, vault creation/last-access timestamps, media counts, storage-used records, session settings, and display preferences.
• Trash records for media and secure notes, including deletion timestamps and retention timing.

3.2 PIN, security, and lock information

• Local authentication records, PIN-derived key material, wrapped vault secrets, and app/device-bound secure preferences used to unlock protected vaults.
• Auto-lock settings, lock state, onboarding state, no-recovery warning acknowledgements, disguise settings, and launcher-display preferences.
• Failed-attempt counters, lockout timestamps, attempt counts, and non-sensitive device labels used for local security features.
• We do not provide a server-side PIN recovery service and do not intentionally send PINs, vault keys, or encryption keys to Sababa Creations.

3.3 Intruder Detection information

• If you enable Intruder Detection, have premium access where required, and grant camera permission, the app may capture a front-camera photo after repeated failed PIN attempts.
• Intruder photos are encrypted before storage and intruder logs are stored locally in the app.
• Intruder log records may include timestamp, attempt count, event label, photo reference, and a non-sensitive device label.
• The app does not intentionally store the incorrect raw PIN entered during failed attempts.

3.4 Support diagnostics you choose to send

• The app can generate a local diagnostic report for support. The report may include report ID, timestamp, manufacturer, model, Android version, API level, screen density, app version, build number, package name, broad storage totals, and number of vaults.
• The support report is designed not to include PINs, passwords, encryption keys, vault secrets, file names, file paths, media metadata, note contents, vault names, album names, raw billing tokens, or protected content.
• The diagnostic report is not sent automatically. It leaves the app only if you copy it, share it, or email it to support.

3.5 Ads, consent, billing, and service data

• Ad request, ad load, ad display, ad click, ad source, placement, consent, frequency-cap, and ad diagnostic information may be processed by Google Mobile Ads / AdMob and configured mediation partners.
• Consent and privacy-choice status may be processed through Google UMP and AdMob privacy messaging.
• Purchase option identifiers, product identifiers, entitlement state, subscription/lifetime state, pending-purchase state, acknowledgement state, restore status, and Google Play Billing response information may be handled by the app and Google Play.
• Firebase and Google services may process app installation identifiers, configuration fetches, app version, device/OS details, app interactions, crash information, performance traces, diagnostic data, timestamps, and network/service information as described in this Policy.

4. Local Vault Storage, Encryption, and Security Limits

Calculator Lock stores protected vault content in app-private storage on your device and uses encryption for vault files, thumbnails, secure notes, and database records. The app also uses Android platform protections, secure preferences, local session isolation, lock controls, screenshot restrictions on sensitive screens, clipboard cleanup paths, and temporary-file cleanup paths to reduce accidental exposure.

Some operations require temporary plaintext handling. For example, the app may temporarily decrypt files, PDFs, thumbnails, or previews in app-private cache locations so you can view, share, export, or open them. The app is designed to clean temporary files when the viewer closes, the vault locks, cleanup runs, or the operation completes.

These protections reduce risk but cannot guarantee perfect secrecy, permanent deletion, concealment, or recovery. A rooted or compromised device, malware, physical access to an unlocked device, device backups created outside the app, operating-system bugs, manufacturer changes, cloud sync chosen in another app, file-system behavior, or your own export/share/copy actions can reduce or bypass app-level protections.

5. No Cloud Vault Backup and No PIN Recovery

• Calculator Lock does not provide a Sababa Creations cloud account for vault content.
• Vault content is not designed to sync to Sababa Creations servers.
• Android backup is disabled for the app-private vault data controlled by the app, but this does not prevent every external backup, copy, export, or cloud-sync path that may exist outside the app.
• Sababa Creations cannot recover your PINs or unlock your vaults for you.
• If you forget a vault PIN, clear app data, uninstall the app, reset or lose your device, or local data is corrupted, protected content may be permanently lost.
• You are responsible for keeping independent backups of files you cannot afford to lose before importing, deleting originals, exporting, deleting vaults, clearing app data, or uninstalling the app.

6. Permissions and Device Access

Photos and videos

The app may request Android media permissions, including access to images, videos, and selected visual media where Android supports partial access. These permissions support browsing, selecting, importing, and managing local media.

Files and legacy storage

The app may use Android file picker, Storage Access Framework, MediaStore, and legacy storage permissions on older Android versions for import, export, file management, and original-deletion flows where Android permits them.

Camera

The app requests camera permission for optional Intruder Detection. If the feature is not enabled, entitlement is not active where required, permission is denied, or a compatible front camera is unavailable, the feature will not capture intruder photos.

Internet and network state

The app uses internet and network-state access for ads, consent, Firebase Remote Config, optional analytics/diagnostics if enabled, Google Play Billing, purchase restore, Google Play in-app updates, legal/support links, and outward actions you initiate.

Billing and updates

Google Play Billing and Google Play in-app update libraries may communicate with Google Play services to show products, process purchases, restore entitlements, manage subscriptions, and check or install app updates.

Clipboard

The app may write support diagnostics or copied PDF text to the Android clipboard when you choose a copy action. Clipboard cleanup is used for sensitive flows, but Android, other apps, or device state may still expose clipboard contents.

7. Imports, Originals, Metadata, and Trash

When you import content, Calculator Lock reads the selected file or media URI, creates an encrypted local vault copy, and stores metadata needed to organize, display, search, restore, and manage it. Imported files may include embedded metadata such as EXIF, GPS/location, camera, audio, or document metadata. Calculator Lock may store this metadata locally in encrypted form and may preserve it when you later export or share the file.

• Imports may come from Android media library flows, system photo/video pickers, Files/SAF document flows, and supported import actions.
• The app may apply configurable per-batch import thresholds based on the current product tier, promotions, rewarded-ad eligibility, or other in-app configuration. The applicable options and limits are shown in the app and may change over time.
• If you choose an album, files may import into that album; otherwise, the app may auto-route files into system folders such as Photos, Videos, Audio, PDF, Files, or Restored.
• After import, original files may remain outside the vault in your public gallery, file manager, cloud-backed provider, or source app.
• The app may offer a post-import delete flow for supported originals, but Android or the source provider may require confirmation or deny deletion for limited-access, read-only, cloud-backed, unavailable, or otherwise restricted sources.
• If original deletion fails or is not available, you must manually delete the originals outside the app if you want them removed from public device locations.
• Deleted media and secure notes move to Trash when supported. Trash retention is currently fixed at 30 days before automatic permanent deletion, unless you permanently delete sooner.

8. Export, Share, Unlock-to-Device, Clipboard, and External Apps

Vault content may leave Calculator Lock when you choose an outward action. Once content leaves the encrypted vault, it may be handled by Android, destination apps, storage providers, recipients, websites, email services, cloud services, backup services, or other third parties outside Sababa Creations' control.

• Share: The app may temporarily decrypt selected files into app-private temporary storage and share them through Android share mechanisms. The destination app handles the shared file under its own practices.
• Export: Export writes an unencrypted copy to a selected destination. Exported files may be visible in gallery apps, file managers, other apps, media scanners, cloud backup, or device backup depending on where you save them.
• Unlock to Device: Unlock-to-device moves content out of the vault into ordinary device storage and may move the vault copy to Trash. After this action, the unencrypted file is outside Calculator Lock's vault protection.
• Clipboard: Copied support text or PDF text may leave the app through the Android clipboard. The app uses cleanup paths, but clipboard privacy cannot be guaranteed on every Android version or device.
• Email and support: If you email support, your email provider and Sababa Creations may receive the information you include, such as diagnostic reports, screenshots, descriptions, and contact details.
• External apps: Opening files, links, websites, app store pages, subscription pages, or other resources outside the app makes those destinations responsible for their handling of information.

9. PDF and Document Handling

The app supports in-app PDF preview for imported PDF files. Non-PDF documents may need to be exported, unlocked to device, shared, or opened with another app if in-app preview is not supported.

• PDF preview is processed locally on the device. To preview an encrypted vaulted PDF, the app may temporarily decrypt it into app-private temporary storage.
• Password-protected PDFs may ask for the PDF document password. PDF document passwords are separate from vault PINs, are not used as vault PINs, and do not count as vault PIN failures.
• Text copied from a PDF is treated as sensitive clipboard data and is handled through the app's clipboard cleanup path.
• External links inside PDFs require confirmation before the app launches another app. If you open a PDF link, the destination app, website, or service handles that activity under its own terms and privacy policy.
• Unlocking a PDF or other document to device creates an unencrypted copy outside the vault.

10. Intruder Detection and Camera Use

Intruder Detection is an optional security feature that may require premium access. After you enable it, grant camera permission, and meet any premium entitlement requirement, the app may capture a front-camera photo after repeated failed PIN attempts without an additional prompt and store an encrypted local intruder log.

• The feature requires camera permission, a compatible front camera, and the relevant app setting and entitlement state.
• Captured intruder photos are designed to be encrypted and stored in app-private storage.
• Intruder photos and logs are not intentionally uploaded to Sababa Creations by the app.
• Visible intruder-log entries can be managed in the app, and app-private records are generally removed when app data is cleared or the app is uninstalled, subject to Android and device storage behavior.
• Use this feature only where you have the right to secure your own device and where your use complies with applicable camera, privacy, consent, employment, household, recording, and evidence laws.

11. Ads, AdMob, UMP Consent, Advertising ID, and Mediation

The free version of Calculator Lock may show ads. Premium access is intended to remove in-app ads while the premium entitlement is active and recognized by the app, but billing, entitlement, network, or restore issues may affect when premium status is reflected.

11.1 Ad services used

• The app uses Google Mobile Ads / AdMob to request and show ads.
• The app is configured for interstitial ads in limited eligible vault flows, such as after import success, after leaving the media viewer, after multi-select unlock-to-device success, or after returning from multi-select share, subject to consent, entitlement, route, frequency, and safety gates.
• The app uses Google UMP to request consent information, show consent or privacy forms where required or available, and provide regional privacy-choice handling.
• The app includes an AdMob mediation path and may use configured mediation partners, including Meta/Facebook Audience Network, when enabled in the ad unit, Remote Config, AdMob configuration, and the release build.
• Ads are intended to be blocked from sensitive surfaces such as the calculator/PIN flow, locked state, intruder logs, settings, notes, Trash, onboarding, and purchase flow.

11.2 Information ad partners may process

Depending on your region, device settings, consent choices, ad serving mode, mediation configuration, and partner availability, Google, AdMob, UMP, Meta/Facebook Audience Network, and other configured ad partners may process:

• IP address, which may be used to estimate approximate location.
• Advertising ID, app set ID, device/account identifiers, and other advertising-related identifiers where available and permitted.
• App interactions, ad interactions, app launch events, taps, video views, ad load/show/click events, and frequency-capping information.
• Device, app, SDK, network, and diagnostic information, such as app version, device model, OS version, performance, load time, hang rate, energy usage, and error signals.
• Consent and privacy-choice signals needed to determine whether ads may be requested and what type of ads may be served.
• Ad measurement, fraud prevention, security, reporting, mediation, and auction-related data.

We do not intentionally send vault file contents, thumbnails, decrypted media, secure note contents, PINs, encryption keys, vault names, album names, file names, file paths, intruder photos, or PDF contents to ad partners.

11.3 Personalized, non-personalized, limited, and restricted ads

Depending on your region, consent status, device settings, Android advertising controls, Google/AdMob configuration, mediation partner configuration, and applicable law, the app may request or receive personalized ads, non-personalized ads, limited ads, technical ad delivery, or other restricted data processing modes. Non-personalized or limited ads do not mean that no data is processed; data may still be used for frequency capping, aggregated reporting, fraud prevention, security, diagnostics, or delivery.

11.4 Advertising ID and Android ad controls

The release build may include Android Advertising ID and Android ad-services permissions through the Google Mobile Ads SDK or related ad dependencies. When available and permitted, ad SDKs may access Advertising ID for advertising, measurement, frequency capping, fraud prevention, and reporting. You can reset or delete your Advertising ID through Android or Google settings where your device supports that control. If the Advertising ID is deleted or unavailable, SDKs may receive a zeroed or unavailable identifier and may use other allowed signals.

11.5 Consent and privacy choices

• Where required or available, the app may show a UMP consent or privacy form before ads are requested.
• The app may provide a privacy options entry point if UMP indicates that privacy options are required or available for your region.
• Your choices may affect whether ads can be requested, whether personalized ads are served, and what processing modes apply.
• Changing ad consent or privacy choices does not disable all network activity. Billing, updates, Remote Config, legal links, support actions, and other functional services may still operate.
• Some privacy choices may also be available through Android settings, Google settings, Google Play, AdMob/Google services, Meta services, or applicable regional privacy mechanisms.

12. Firebase, Analytics, Crash Reporting, Performance, and Remote Config

Calculator Lock separates optional telemetry from functional platform services. Optional analytics, crash reporting, and performance diagnostics are off by default in the app's runtime configuration and may be enabled only if you choose to allow them in the app. Functional services such as Remote Config may still operate to support app configuration.

12.1 Optional analytics and diagnostics

If you enable optional telemetry, Firebase Analytics, Crashlytics, Performance Monitoring, and limited app-owned telemetry may process information such as app version, device model, manufacturer, Android version, locale or region, timestamps, crash data, performance traces, network timing data, broad event labels, broad result categories, coarse calculator-to-vault flow milestones, broad unlock result categories, and coarse app-flow information.

Optional telemetry is intended to help us understand stability, errors, performance, onboarding, import outcomes, feature gates, purchase/restore outcomes, smart tips, help usage, ad placement outcomes, and other broad product-health signals.

12.2 What optional telemetry is designed not to include

• Vault file contents, thumbnails, decrypted media, PDFs, or secure note contents.
• PINs, PIN length, PDF passwords, encryption keys, vault secrets, or key material.
• Vault names, album names, note titles, note bodies, file names, file paths, source URIs, media IDs, album IDs, note IDs, or raw billing tokens.
• Vault IDs, session IDs, raw routes, exact unlock timestamps, raw exception messages, or device/user IDs added by app-owned telemetry.
• EXIF/GPS metadata, audio tags, document contents, intruder photos, or raw support text.
• Full payment-card numbers or Google account passwords.

12.3 Firebase Remote Config and functional configuration

Firebase Remote Config may fetch and activate configuration values such as minimum app version requirements, update behavior, free import thresholds, lifetime-offer display settings, ads enablement, ad serving mode, ad placement switches, and frequency caps. Remote Config may process app installation identifiers and service data needed to deliver configuration values. This may occur even if optional analytics and diagnostics are disabled.

12.4 When telemetry is off

Turning optional telemetry off disables the app's optional Firebase Analytics, Crashlytics, Performance Monitoring, and app-owned telemetry collection paths as configured by the app. It does not disable all third-party SDK service activity, including ads, consent, billing, Remote Config, in-app updates, legal/support links, or user-initiated outward actions.

13. Google Play Billing and In-App Updates

13.1 Purchases, subscriptions, and lifetime purchase paths

Calculator Lock uses Google Play Billing for premium features. The app may offer a free tier, subscription options, and a one-time lifetime purchase option where available in Google Play for your account, region, device, and app version.

• Google Play handles payment processing, payment methods, taxes where applicable, renewal, cancellation, refund flow, purchase authentication, and payment account information.
• The app receives purchase and entitlement information needed to show, unlock, restore, acknowledge, revoke, or remove premium access.
• The app does not receive your full payment-card number or Google account password.
• Pending purchases do not unlock premium features until Google Play reports purchase completion.
• Purchase and entitlement state may be cached locally in encrypted preferences so premium access can be reflected in the app.
• Refunded, charged-back, revoked, cancelled, invalid, unavailable, or expired purchases may remove premium access.

13.2 Google Play in-app updates

The app may use Google Play in-app updates to check for available updates, prompt for optional flexible updates, or require an immediate/mandatory update when needed for security, compatibility, policy, or app functionality. Google Play and Play services handle update availability, download, installation, and related update processing under Google's terms and privacy practices.

14. Third-Party Services and Links

The following links are provided for convenience. Third-party providers may update their policies and documentation independently.

• Google Privacy Policy: https://policies.google.com/privacy
• Google Terms: https://policies.google.com/terms
• Google Play Terms: https://play.google.com/intl/en_in/about/play-terms/
• Google Play Billing: https://developer.android.com/google/play/billing
• Google Play subscription help: https://support.google.com/googleplay/answer/7018481
• Firebase Privacy and Security: https://firebase.google.com/support/privacy
• Google Mobile Ads SDK data disclosure: https://developers.google.com/admob/android/privacy/play-data-disclosure
• Google UMP / AdMob privacy: https://developers.google.com/admob/android/privacy
• AdMob ad serving modes: https://developers.google.com/admob/android/privacy/ad-serving-modes
• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• Meta Audience Network documentation: https://developers.facebook.com/docs/audience-network/

15. Retention and Deletion

• Vault content remains on your device until you delete it, move it to Trash and the retention period expires, delete the vault, clear app data, uninstall the app, reset the device, or the device data is otherwise removed.
• Deleted media and secure notes may remain in Trash for up to 30 days before permanent deletion, unless you permanently delete sooner.
• Temporary decrypted files, PDF previews, share files, thumbnails, and viewer files are designed to be cleaned by viewer close, lock, operation completion, or maintenance routines, but immediate or forensic erasure cannot be guaranteed.
• Local settings, onboarding state, disguise preferences, telemetry choices, consent state, billing cache, Remote Config values, session state, and security state may remain until changed, overwritten, app data is cleared, or the app is uninstalled.
• Visible intruder logs can be cleared in the app. App-private intruder records are generally removed when app data is cleared or the app is uninstalled, subject to Android and device behavior.
• Support emails, diagnostic reports you send, and correspondence may be retained as needed to provide support, maintain business records, comply with law, and prevent abuse, unless deletion is requested and retention is no longer required.
• Google, Firebase, AdMob, Meta/Facebook Audience Network, Google Play, email providers, cloud providers, and other third parties retain information according to their own policies and controls.
• Exported, shared, copied, emailed, opened, or unlocked-to-device content is outside Calculator Lock's encrypted vault and must be deleted from destination apps, recipients, folders, cloud providers, backups, or external services separately.

16. Your Choices and Privacy Requests

• You can choose which files, PDFs, audio, videos, photos, documents, and notes to place in a vault.
• You can keep originals or request original deletion after import where Android and the source provider allow it.
• You can grant, deny, or revoke media/file and camera permissions through Android settings.
• You can leave optional telemetry off or change telemetry settings in the app where available.
• You can use UMP privacy options where shown or required for your region.
• You can reset or delete your Android Advertising ID through Android or Google settings where supported.
• You can avoid enabling Intruder Detection.
• You can avoid exporting, sharing, copying, emailing, opening external links, or unlocking content to device unless you choose to do so.
• You can delete vault items, empty Trash where available, delete vaults, clear app data, or uninstall the app, but these actions may be irreversible.
• You can manage subscriptions, cancellation, and some purchase or refund actions through Google Play.

Depending on your location, you may have rights to request access, correction, deletion, restriction, portability, objection, or information about personal data that Sababa Creations holds about you. Because vault content is local and not stored in a Sababa Creations cloud account, Sababa Creations usually cannot access, correct, export, unlock, or delete your local vault content for you. For support correspondence or other information you have sent to us, contact support@sababasystems.com.

17. Children and Target Audience

Calculator Lock is not directed to children or to users under 18. The app is intended for adults who are legally able to use a privacy vault, manage private files, grant device permissions, make purchases where applicable, and understand the consequences of losing a PIN or exporting content. We do not knowingly seek to collect personal information from children through support, optional diagnostics, ads, or other app features. If you believe a child has provided information to us, contact us so we can review and respond.

18. International Processing

Sababa Creations is based in India. Third-party services such as Google Play, Firebase, AdMob, UMP, Meta/Facebook Audience Network, email providers, cloud storage providers, support channels, and destination apps may process information in countries other than where you live, subject to their own privacy, security, and transfer mechanisms.

19. Changes to This Policy

We may update this Privacy Policy to reflect app changes, SDK changes, ad partner or mediation changes, Google Play requirements, Data Safety updates, legal requirements, security changes, operational changes, or new features. The updated version will be effective when posted with a new effective date. If a change materially affects how the app handles information, we will use reasonable steps to make the updated policy available in the app or on the public policy page.

20. Contact

For privacy questions, support requests, or data-rights requests, contact:

• Sababa Creations
• support@sababasystems.com
• https://sababasystems.com/calculator-lock/privacy/
• https://play.google.com/store/apps/details?id=com.sababa.calculator