What we collect.
And what we don’t.

Introduction

At Protectstar Inc. (“Protectstar,” “we,” “us,” or “our”), your privacy comes first. Please read this disclosure carefully before giving your consent. It explains what personal data we collect from users of our Android apps, why we collect it, how we use it, and with whom it is shared.

This App Data Disclosure supplements our full Privacy Policy for Protectstar Android Apps. It specifically describes data flows relevant to Google Play, in-app disclosures, and sensitive Android permissions. If there is any discrepancy between the app, the Google Play disclosures, and this disclosure, we will correct the information without delay and, where required, obtain renewed express consent before any new data processing begins.

You can find a concise, product-wide overview of our privacy principles at Your Privacy. This page is the detailed technical, app-specific, and Google Play-specific disclosure for Android apps.

We recommend reviewing this disclosure regularly, as we may update it to reflect new features or legal requirements.

Which Protectstar Android apps collect data?

At Protectstar, we place great importance on your privacy and collect only the information necessary to provide our products and services effectively.

The following apps may process personal data or sensitive technical data depending on the feature used. Where required by Google Play or privacy law — especially for cloud analysis, sensitive permissions, or optional online features — we obtain your express consent before the respective processing begins:

• Anti Spy Android
• Antivirus AI Android
• Camera Guard Android
• DNS Changer Android
• Firewall AI Android
• Micro Guard Android
• iShredder Android

iShredder Android transfers personal data to Protectstar only when you use optional online features, in particular MY.PROTECTSTAR, license or purchase verification, in-app purchases, or support features. Secure deletion of files and contacts takes place locally on your device; the contents of deleted files or contacts are not transferred to Protectstar.

For features requiring consent, you will see a clear in-app disclosure asking for your express consent. You can accept or decline. Closing the consent screen, navigating away, or doing nothing is not treated as consent.

Data collection in detail

I. Why we collect your data

We collect certain information to strengthen your security and improve the functionality of our services. These are the reasons why we need specific data:

1. App package name (installed applications): We collect the names of the apps installed on your device. This information helps us tailor our security features to protect the apps you use against potential threats such as malware or spyware. For example, if you have installed apps that are more frequently targeted, our systems can prioritize their protection. Important: We do not access content inside those apps — we collect only the names.
2. SHA-256 and MD5 checksums (app integrity): A checksum is like a digital fingerprint of a file or app. It creates a unique code from the contents of a file or app, allowing us to determine whether it has been changed.
3. File checksums (file integrity): Similar to apps, we collect checksums for files on your device to detect unauthorized changes — without ever accessing their contents.

When we collect checksums, we do not send the entire app or file to our servers. Instead, only the checksum is generated — a code that is unique to the respective version. If a file has been manipulated (for example by malware), its checksum will differ. By comparing checksums, we can detect problems quickly without knowing the actual content.

MD5 and SHA-256 are two different types of these digital fingerprints. MD5 is the older method; SHA-256 is more advanced and more secure. We use both to detect tampering and protect you from security risks.

In other words, no complete apps or files are sent to our servers. Only checksums — digital fingerprints — are transferred, not the actual contents of your apps or files.

The purpose of transferring the collected data (app package names and SHA-256/MD5 checksums) to our Protectstar AI Cloud servers at https://api.protectstar.com is deeper analysis. Cloud servers conserve your device resources and enable more precise results.

Specifically, we use this data to:

• Detect and defend against potential security threats such as malware or spyware
• Assess the security of apps and files installed on your device
• Reduce false positives by accurately distinguishing safe software from harmful software
• Continuously improve app performance and capabilities through real-time analysis

II. What we collect

We collect two main types of data to protect your device:

1. Information about installed applications: The names of the apps installed on your device, so that we can monitor their security and provide targeted protection. Content inside these apps is not read.
2. File and app checksums (SHA-256 / MD5): These are used to verify the integrity of apps and files. By comparing checksums, we can determine whether unauthorized changes have been made.

III. How we use your data

At Protectstar, we use the collected information responsibly to strengthen your security, improve our apps, and provide high-quality support:

• Security analysis: We analyze app package names and checksums to detect malware and threats.
• Threat detection: By comparing checksums, we detect unauthorized changes to apps or files.
• Performance optimization: Resource-intensive analyses run on our secure cloud servers to reduce the load on your device.

All data is transferred to our cloud servers (https://api.protectstar.com) via HTTPS/TLS using modern transport encryption. During processing, we minimize and pseudonymize the data to the extent compatible with the security purpose. Raw security-analysis data is processed only briefly; permanently stored threat information is used only in aggregated or anonymized form.

If you do not want cloud analysis, you can disable the respective online feature or interrupt the app’s internet connection. Please note: this may affect the app’s ability to detect malware and provide real-time protection.

Purpose of data processing

We process your data to:

• identify and analyze potential security threats to your device,
• ensure the security and integrity of the apps installed on your device,
• optimize app performance by offloading resource-intensive analyses to our cloud servers — improving the efficiency of your device.

By processing this data on our cloud servers, we can help protect your device without compromising its performance.

Data collection by app

Below is a transparent overview of all our apps, their specific data collection practices, the respective endpoints, their purpose, and the restricted permissions involved.

The data we collect is used not only for threat detection, but also to tailor our security measures to your device environment. This gives you the most effective protection against evolving digital threats.

Firebase Messaging and privacy

We use Firebase Cloud Messaging (FCM) solely for the technical delivery of push notifications and for managing topic subscriptions (for example, update notices or threat alerts).

In this context, technical identifiers and metadata may be processed where required for push delivery:

• FCM token or Firebase installation ID — addresses your device as the recipient of a push message.
• App version — used to correctly manage topic subscriptions.
• Firebase User-Agent & device metadata — OS version, model, brand, form factor, installation source. Processed by Google/Firebase for delivery logic.

We do not use Firebase Cloud Messaging for advertising, profiling, app activity tracking, or behavioral analysis. Firebase Analytics and Firebase Crashlytics are not enabled or not integrated in the apps listed — in accordance with the Firebase documentation.

More about data processing by Firebase Cloud Messaging: firebase.google.com/docs/android/play-data-disclosure

Data sharing and SDKs

We do not sell personal data and do not share it for advertising, tracking, profiling, or monetization purposes.

Third-party processing occurs only where technically necessary or where it results from your use of a feature:

• Google / Firebase — delivery of push notifications via Firebase Cloud Messaging.
• Google Play Billing — processing of in-app purchases through the Google Play account.
• bunny.net CDN — fast and secure delivery of downloads, update files, or malware signatures, especially for Anti Spy and Antivirus AI where these are retrieved through our CDN. Necessary connection and security data may be processed, for example IP address (anonymized in logs), time, requested path/URL, HTTP headers including User-Agent, country/region, and amount of data transferred. No advertising, no tracking, no profiling.
• OpenStreetMap (OSMF) — provision of map tiles when you use the WhoIs map display in Firewall AI or DNS Changer.
• Hosting/cloud providers — operation of the Protectstar API servers (api.protectstar.com, my-api.protectstar.com) on ISO 27001-certified infrastructure in Germany.

This processing is limited to the purpose described in each case. Hash values (SHA-256, MD5) are digital fingerprints and do not themselves contain personal content; depending on the context, however, accompanying data that is transferred (package name, file path, device model) may create pseudonymous links to your device.

Retention is minimal and separated by data type: security-analysis requests (package names, hashes, and, where necessary, file paths/names for real-time checking) are discarded after a few seconds. Permanent threat statistics contain only aggregated or anonymized security information without file paths, file names, or device-related identifiers. Account and license data as well as technical delivery data for push notifications are processed and deleted according to the retention periods stated in our Privacy Policy.

Currently, none of our apps integrate third-party SDKs that collect or share personal or sensitive data for advertising, tracking, profiling, or monetization purposes. If we use such SDKs in the future, we will fully comply with Google Play policies, update this disclosure accordingly, and obtain your express consent.

Prominent disclosure and user consent

Before we transfer personal or sensitive data as part of a feature that requires consent, or before activating a sensitive Android permission, you will see a clear in-app disclosure explaining:

• what data is collected or transferred,
• why it is needed,
• how it is used,
• whether it is transferred, and to which necessary service providers or technical recipients.

The in-app disclosure appears before the respective data transfer or before activation of the sensitive permission. It is not hidden in the general Privacy Policy, app description, or Terms of Service.

You will be asked to give your express consent by tapping “Accept” or through an equivalently clear action. Closing the screen, navigating away, pressing the Back or Home button, doing nothing, or seeing a notice that disappears automatically does not count as consent.

If you do not consent, we do not transfer security-analysis data to the Protectstar AI Cloud and do not transfer MY.PROTECTSTAR account data for that feature. Technically necessary data processing by Google Play, Firebase Cloud Messaging, OpenStreetMap, or other app features you actively use is described separately in this disclosure.

Consistency with Google Play “Data safety”

We ensure that the information provided in this document matches the information in the “Data safety” section on Google Play, the active app versions, the SDKs used, and the actual data flows. For each app, we maintain a separate Google Play Data safety declaration per package name. These declarations reflect the sum of all active app versions, regions, SDKs, permissions, and optional features, and they are updated whenever data processing changes. We are committed to transparency, review each app per package name, and correct any discrepancies promptly.

Transparency and user control

At Protectstar, you remain in control of your data at all times.

Opt-out: You can stop consent-required cloud analyses and online features at any time — by adjusting app settings, disabling the internet connection, or uninstalling the app. You can withdraw consent you have given at any time. Technically necessary processing such as Google Play Billing, Firebase Cloud Messaging, or features you actively use is described separately in each case.

Notifications: You control push notifications via Firebase Messaging through your device notification settings.

Data retention and protection

Data is transmitted via HTTPS/TLS using modern transport encryption — learn more at protectstar.com/en/our-philosophy. We protect server and storage systems through appropriate technical and organizational measures, including access restrictions, logging, hardening, and state-of-the-art encryption.

Retention periods by data type

• Security-analysis requests (package names, SHA-256/MD5 hashes and, where required for threat checking, file paths/names): a few seconds, solely for cloud analysis — then discarded.
• Threat statistics (aggregated or anonymized security information without file paths, file names, or device-related identifiers): permanently, because they are required to improve detection logic. Raw data such as file paths, file names, or device-related identifiers is not stored in permanent threat aggregates.
• Account, license, and purchase data (MY.PROTECTSTAR, in-app purchases): as long as your account exists or statutory retention obligations apply.
• Technical delivery data for push notifications (FCM token, app version): as long as the app is installed and push notifications are enabled.
• CDN connection and security logs (bunny.net, where a CDN request occurs): currently 3 days, with IP anonymization by default; permanent log storage/forwarding is disabled.
• Support requests: according to the retention periods stated in our Privacy Policy.

Server access and security logs are kept separate from security-analysis content, limited to the necessary minimum, and deleted or anonymized according to fixed schedules.

We do not store data longer than necessary — only long enough for security analysis and feature delivery, without compromising your privacy.

Your rights regarding personal data

In accordance with applicable law, you may have the right to:

• Access: request confirmation as to whether your data is being processed and receive a copy.
• Correction or deletion: correct inaccuracies or request deletion of personal data — subject to legal limitations.
• Objection or restriction: object to data processing in certain cases or restrict it.
• Data portability: request a portable copy of your personal data in a structured, machine-readable format.

To exercise any of these rights, contact us at . We may need to verify your identity before processing the request.

Delete your MY.PROTECTSTAR account

If you have created a MY.PROTECTSTAR account in an app, you can request deletion of your account and the associated data at any time. We do not store plaintext passwords; authentication data is processed only as salted cryptographic verification information.

• In the app: Settings → Account → Delete Account
• Online: my.protectstar.com/app/settings/my-profile → Account Details → Delete Account
• By email:

Statutory retention obligations, fraud prevention, security records, or billing records may require limited further storage of individual data. We will inform you transparently.

Children’s privacy

Our services are not directed to children under 13 years of age (or 16 years in certain jurisdictions). We do not knowingly collect personal data from children.

If you believe that your child has provided data to us, please contact us — we will delete the information promptly.

We encourage parents and guardians to advise their children never to disclose personal information online without parental consent.

International data transfers

Protectstar Inc., headquartered in the United States, operates worldwide. As described above, our state-of-the-art cloud infrastructure is ISO 27001-certified and located in Germany.

In the course of our operations, we may transfer, store, or access your personal data across borders in jurisdictions with different privacy laws. Regardless of where your data is processed, we are committed to ensuring the same level of protection — through strong safeguards such as Standard Contractual Clauses and data protection agreements to comply with international privacy requirements.

For residents of the European Economic Area (EEA), we fully comply with the General Data Protection Regulation (GDPR) when transferring personal data outside the EEA or Switzerland.

Changes to this disclosure

We may update this disclosure from time to time to reflect changes in our practices, technologies, legal requirements, or other relevant factors.

In the event of material updates, we will notify you by email at the address linked to your account, post a notice on our website, and/or highlight the update in our app.

Changes apply from the stated effective date. Where required by law or Google Play policies, we will obtain renewed express consent before new data processing begins. We recommend reviewing this disclosure regularly.

Contact

If you have questions about this disclosure or your data, please contact us at:

Protectstar Inc.
4281 Express Lane, Suite L3604
Sarasota, FL 34249, USA
Email: