Visit our website in dark mode to reduce energy consumption and to reach our goal of becoming CO2-neutral.

Privacy Policy For Android Apps

Effective Date: January 06, 2024



Introduction

Welcome to Protectstar Inc. (“Protectstar”, “we”, “us”, “our”). Your privacy is central to our mission of safeguarding users (“you”, “your”) from theft, disruption, and unauthorized access to online information. In alignment with this mission, this Privacy Policy outlines:

  • What We Do: How we collect, use, and protect the information you provide through our products and services, including our Android apps.
  • Your Choices: Your rights and choices regarding our use of your data.
  • How to Reach Us: How you can contact us with questions or concerns about our privacy practices.

This Policy applies to the information we collect:

  • When you download our products or services.
  • When you install our products or services on your device.

By using our Services, you acknowledge that you have read, understand, and agree to this Privacy Policy. Your use of our Services is also governed by our Terms of Service, including any applicable limitations on damages and resolution of disputes and any applicable End User License Agreement.

As Protectstar evolves, we may update this Policy to reflect changes to our business. We will notify you of any significant modifications by email, in-product notification, or as otherwise required by law. Please revisit this page regularly to stay informed of the most current version.

This Privacy Policy applies to all users of our Services worldwide. Depending on your location, such as within the European Economic Area, additional rights may be available to you, as detailed in this Policy.

Protectstar provides products and services directly to consumers as well as business customers. We care deeply about privacy and security. These values are integral to our core purpose: to protect your online information.

Which Protectstar Android Apps Do Collect Personal Data?

At Protectstar, we put your privacy at the forefront of what we do and only collect necessary information to provide our products and services effectively.

Which Protectstar Android Apps Do Collect Information?

  • Anti Spy Android
  • Antivirus AI Android
  • Camera Guard Android
  • DNS Changer Android
  • Firewall AI Android
  • Micro Guard Android
  • iShredder Android (only if you use a MY.PROTECTSTAR account)

Note about the Firewall AI app:

The Firewall AI app forwards the traffic of allowed connections directly to their destination through the Android VPN Service without using a remote VPN server. Its mode of operation can lead to one of two scenarios concerning your internet traffic:

  • When IP Filtering is Disabled: Any blocked internet traffic is routed into the local VPN service, effectively acting as a sinkhole that drops all blocked traffic.
  • When IP Filtering is Enabled: Both blocked and allowed internet traffic are routed into the local VPN service, but only allowed traffic is forwarded to the intended destination. No traffic is sent to a remote VPN server.

The Android VPN Service (https://developer.android.com/reference/android/net/VpnService.html) is utilized to locally route all internet traffic to Firewall AI. This design means that root access is not required to build or implement this firewall application.

Through transparently explaining these functions, we aim to instill confidence in our users regarding the privacy and integrity of their data when utilizing our Firewall AI applications.

Why We Collect Your Personal Data?

Data collection is required to retrieve diagnostic information to help us identify and resolve technical issues. By understanding the circumstances leading to app crashes, we can develop effective bug fixes to enhance your app experience. This insight empowers us to optimize app performance, increase stability, and confidently introduce new features.

Collecting specific data enables the functionality of certain Protectstar apps such as Anti Spy, and Antivirus AI. This collection helps provide accurate information about malware and enhances the app's security features.

What Kinds of Information Do We Collect?

Some information you provide directly to us, other information we collect automatically through our products and services, and some information are collected from third parties.

Information from Third Parties:

For all Protectstar Apps for which we do collect Data, we use third parties such as Google Play Services and Firebase Crashlytics. These services assist us in gathering and analyzing diagnostic information, playing a crucial role in maintaining app stability and resolving issues efficiently. This data is sent to, but not limited to https://app-measurement.com .This data includes:

  • Crash Logs
  • User IDs
  • Device or other IDs

Link to the privacy policy of third party service providers used by the app:

Information You Provide Directly to Us:

For our Protectstar Apps, which include Anti Spy, and Antivirus AI, we automatically collect and process specific Device Data Information while you use our service Protectstar® AI Cloud. This data includes:

  • Installed app package information (package-name, SHA-256 and MD5 checksum).
  • SHA-256 and MD5 checksum : if you're scanning files for malware (NOT the content of the scanned file!).
  • Details about your device, including IP address, device identifiers, and operating system.
  • When using our products to protect your mobile device, geo-location data is based on the IP address (not related to GPS).

  • Anonymity: We prioritize your privacy and ensure all data transmitted to our cloud server at https://api.protectstar.com/api/get-deep-detective-packages-shas-info and https://api.protectstar.com/api/get-blocklists-info (only Firewall AI) is completely anonymized.
  • Encryption: We employ stringent data transmission practices, including the use of Advanced Encryption Standard (AES) with a 256-bit key, carried over the HTTPS protocol. This robust encryption not only secures your data but also reinforces the impossibility of tracing the data back to individual users.

Opting Out of Data Collection: If you prefer not to have your data collected, you may turn off your internet connection, which could lead to decreased detection of possible malware and other security threats.

Why do we process your data? What is the purpose of sending users' installed application or (file) information?

When you use our Protectstar® apps, we collect certain information to enhance the security and functionality of our services. Here’s why we need specific types of data:

  1. App Package Name: Users’ installed application information. We collect the names of apps installed on your device. This helps us identify which apps are running and enables us to tailor our security measures to the specific apps you use. It's a crucial step in ensuring that our security protocols are effective against threats that might target specific applications.
  2. SHA-256 & MD5 Checksum: These are unique digital fingerprints of an app's APK file. By collecting these checksums, we can verify the integrity of the apps on your device. This is essential for detecting alterations or corruptions in app files that could indicate the presence of malware or spyware.
  3. File Checksums: Similar to the app checksums, we collect SHA-256 and MD5 checksums of files on your device. This allows us to verify the integrity of these files and detect any unauthorized modifications. It’s a vital component in our effort to safeguard your device from malware that might alter or damage your files.

The purpose of sending users’ installed application information, the calculated SHA-256/MD5 checksums to https://api.protectstar.com is to analyze the information by our Protectstar® Artificial Intelligence Cloud (AI Cloud).

Operating on servers, rather than individual devices, the AI Cloud offers efficient, precise analysis without taxing your device's resources.

The collected data is crucial for:

  • Identifying and understanding the behavior of potential threats.
  • Assessing the safety of apps and files on your device.
  • Reducing false alarms by accurately differentiating between safe and harmful software.
  • Continuously enhancing the performance and capabilities of our apps.

Overview about all our apps and their specific data collection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions:

A. Firewall AI + DNS Changer

Data Collection and Usage:

  1. Endpoint: https://api.protectstar.com/api/get-blocklists-info
    • Data Collected: App package name
    • Purpose: To download the latest filter block lists.
  2. Endpoint: https://api.protectstar.com/api/whois
    • Data Collected: IP address of visited URLs, locale of user's device
    • Purpose: To provide localized WhoIs information for an IP address.
  3. Endpoint: https://tile.openstreetmap.org
    • Data Collected: User agent (app package name, version, developer email)
    • Purpose: To display Open Street Map for WhoIs information.

Restricted Permissions:

  1. android.permission.READ_PHONE_STATE (Mandatory, except for DNS Changer)
    • Allows read-only access to phone state, including cellular network information.
  2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
    • Lists all apps installed on the device, enabling user control over app blocking or bypass in the Firewall.
  3. VPNService
    • Redirects Android’s network traffic through the apps for security purposes.

B. Anti Spy + Antivirus AI

Data Collection and Usage:

  1. Endpoint: https://api.protectstar.com/api/get-deep-detective-packages-shas-info
    • Data Collected: SHA256, MD5, Package Name
    • Purpose: To identify potential security threats.
  2. Endpoint: https://api.protectstar.com/api/add-statistic-item, https://api.protectstar.com/api/add-file-statistic-item
    • Data Collected: SHA256, MD5, Package Name, File Path/Name, Installation source, App version/code, Device metadata (OS version, manufacturer, model)
    • Purpose: To analyze and record statistics of detected threats.
  3. Google SafetyNet
    • Data Collected: Package name, application signing certificate, device attestation token
    • Purpose: Verifying app and device integrity, checking Google Play Protect status.

Restricted Permissions:

  1. android.permission.SCHEDULE_EXACT_ALARM (Optional)
    • Enables scans at user-defined times.
  2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
    • Scans all installed apps for threats.
  3. android.permission.SYSTEM_ALERT_WINDOW (Optional)
    • Protects against screen-capture malware.
  4. android.permission.PACKAGE_USAGE_STATS (Optional)
    • Detects foreground apps for toggling screen-capture protection.
  5. android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
  6. android.permission.READ_EXTERNAL_STORAGE (Mandatory)
  7. android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
    • Scans and manages files for threats.

C. iShredder Android

Restricted Permissions:

  1. android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
  2. android.permission.READ_EXTERNAL_STORAGE (Mandatory)
  3. android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
    • Read and write the bytes of files to securely overwrite them.
  4. android.permission.READ_CONTACTS (Optional)
  5. android.permission.WRITE_CONTACTS (Optional)
    • Read and write contacts on your device to securely delete them.

D. Common Features Across All Apps

  1. In-App Billing System
    • Data Collected:
      • Purchase History: Records the history of purchases made within the app.

E. Apps Integrated with MY.PROTECTSTAR (MYPS) user account (optional)

Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, iShredder

  1. Endpoint: https://my-api.protectstar.com
    • Data Collected:
      • User Data: Includes UserId, email, name, surname, and password.
      • Device Type: Information such as user-defined device name (e.g., Peter’s Samsung Galaxy S23), manufacturer, model, industrial design name, board (name of the underlying board, e.g.,"goldfish"), hardware specifications.
      • Product SKU: App's own package name.
      • License Information: Activation ID, activation key.

F. Apps Integrated with Firebase

Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, Camera Guard, Micro Guard

  1. Firebase Crashlytics (Firebase Crashlytics Data Disclosure)
    • Data Collected:
      • Crash Logs/ Stack Traces: Collects stack traces when an application crashes.
      • Application State: Gathers relevant application state during a crash.
      • Device Metadata: Point-in-time metadata about the device during a crash.
      • Crashlytics Installation UUID: Measures the number of users impacted by a crash.
      • User IDs: Including MYPS user id.
    • Purpose: For analytics and improving app stability.
  2. Firebase Messaging (Firebase Messaging Data Disclosure)
    • Data Collected:
      • Device Metadata: OS version, name, model, brand, form factor.
      • Installation Source: Identifies the app used for installation (e.g., Play Store).
      • App Version: Collects the app's version for managing topic subscriptions.
    • Purpose: For developer communications and app updates.

In summary, the data we collect is not just for detecting threats but also for adapting our security measures to the unique environment of your device, ensuring that you have the most effective protection against evolving digital threats.

How do we use the information we collect?

To Help Protect You! When you install or use one of our Services, it will run in the background of your device or environment to help predict threats, and better protect you, your devices, and your information.

We use the data we collect for:

  1. Providing and operating our Services;
  2. Addressing and responding to service, security, and customer support needs;
  3. Detecting and preventing cybersecurity threats, such as malware, on your device;
  4. Identifying potential false positives;
  5. Analyzing data sent to or from your device(s) to isolate and identify threats, vulnerabilities, viruses, suspicious activities, and attacks, and to communicate potential threats to you.

Transmitted user information will only be used for the aforementioned limited purposes, which the user has agreed to.

The specific data processed depends on the product or service in use. We encourage users to carefully review the agreements and related disclosures during the installation or use of any software or service. Regardless of the type of data or the jurisdiction where the data is received or processed, we uphold the highest data protection standards and implement diverse legal, organizational, and technical measures to secure user data. This approach ensures the safety and confidentiality of data and respects user rights under applicable law.

Type of Data We Collect:

The data we collect varies depending on the products and services you use and may include:

  • License/Subscription Information: This data is used to identify legitimate users and to maintain the communication between the product and Protectstar services, which includes sending and receiving product databases, updates, etc.
  • Product Information: Information about the product's operation and its interaction with the user, like the duration of threat scans or the frequency of feature usage, is collected to improve our products and make them more user-friendly.
  • Device Data: Information like device type and operating system is collected to ensure that users do not need to purchase a new license after reinstalling their operating system. It also assists us in analyzing cyber threats by determining the prevalence of specific threats across various devices.
  • Threats Detected: When a threat (new or known) is found on a device, we collect information about it. This allows us to analyze the threat's source, infection principles, etc., leading to improved protection for all users.
  • Information on Installed Applications: This information assists in creating "whitelists" of harmless applications, prevents false identification of such applications as malicious, and helps update categories for Parental Control and Application Startup Control features. It also allows us to offer security solutions that best meet user needs.

PROTECTSTAR ONLY PROCESSES PERSONAL DATA FOR SPECIFIC, PREDEFINED PURPOSES THAT ALIGN WITH APPLICABLE LAWS AND ARE RELEVANT TO OUR BUSINESS OPERATIONS.

When you install or utilize our Services, they operate in your device's background or environment, helping predict potential threats and providing enhanced protection for you, your devices, and your data. For example, Protectstar may leverage this information to:

  • Examine data transacted to and from your devices to isolate, identify, and inform you about threats, vulnerabilities, viruses, suspicious activities, and cyberattacks;
  • Engage in threat intelligence networks, undertake research, and adapt products and services in response to emerging threats;
  • Detect potential misuse of your data through our identity monitoring products;
  • Update antivirus databases;
  • Offer technical support for products and services, and enhance the quality of the same;
  • Perform statistical and other studies based on anonymized data.

To Run Our Business

We also use the information we collect for other business purposes, including to:

  • Authenticating your identity and mitigating fraud;
  • Analyzing user behavior to measure, customize, and improve our site and services, including new product development;
  • Promoting Protectstar products and services that may be of interest to you;
  • Providing customer support, troubleshooting issues, managing subscriptions, and addressing requests, questions, and comments;
  • Undertaking market and consumer research along with trend analyses;
  • Preventing, detecting, identifying, investigating, and responding to potential or actual claims, liabilities, prohibited behaviors, and criminal activities; and
  • Complying with and enforcing legal rights, requirements, agreements, and policies.

Additional Uses

We may also utilize Personal Data for activities where we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you when you provide Personal Data or as per your consent.

Where do we process Information?

Protectstar processes all personal data provided by users in Germany, within the framework of the European Union (EU).

We comply with the Privacy Shield Principles (https://www.privacyshield.gov/EU-US-Framework), upholding the required level of protection and adhering to relevant privacy regulations.

How Do We Protect Your Data?

At Protectstar, we prioritize the security of your Personal Data and employ a robust combination of administrative, organizational, technical, and physical safeguards to uphold its confidentiality, integrity, and availability.

Here's an overview of our comprehensive security measures:

  1. Security Controls: We design our controls to prevent loss, misuse, damage, modification, unauthorized access, or disclosure of information.
  2. Information Security Department: Our dedicated team oversees our information security program's design, implementation, and continuous monitoring.
  3. Security Tools: We employ cutting-edge tools aligned with the latest industry standards for information security.
  4. Pre-Deployment Evaluation: Before commissioning processing systems, we evaluate the performance of applied personal data security measures.
  5. Access Management: We implement stringent controls to identify, authenticate, and authorize access to various services, websites, and data.
  6. Incident Response: In case of unauthorized access to personal data, we swiftly discover the facts and adopt corresponding measures to mitigate the impact.
  7. Data Recovery: We have mechanisms to recover personal data that may have been modified or destroyed.
  8. Access Rules and Monitoring: We establish specific rules for accessing personal data within our systems and record all actions, ensuring traceability. Our monitoring measures detect weaknesses and potential intrusions.
  9. Encryption: Our clients, servers, and data centers use secure encryption protocols to maintain data privacy.
  10. Employee and Contractor Access: Access to personal information is restricted to those with a legitimate need to know, and strict confidentiality obligations bind them. Non-compliance may lead to disciplinary actions or termination of contracts.
  11. Training and Continuous Improvement: Protectstar personnel receive regular training on our security practices. We continually update our security measures to adapt to new risks and technological developments.
  12. Monitoring and Assurance: Comprehensive monitoring ensures the security of personal data, and we regularly review our measures to ensure their effectiveness.

We are committed to safeguarding your information and operate under a transparent and responsible framework.

Who Do We Share Personal Data With?

At Protectstar, we value your privacy. Rest assured, we do NOT share or sell the data you provide with any third parties.

What Choices Do You Have About Your Personal Data?

We respect your right to control your Personal Data. Here's how you can manage your information:

  1. Registered Users of Protectstar Apps:
    • Access and Correction: If you have registered a Protectstar app through MY.PROTECTSTAR at https://my.protectstar.com. You can access, and correct the Personal Data in your profile anytime by visiting your MY.PROTECTSTAR account.
    • Privacy Policy: You can find the specific Privacy Policy for your MY.PROTECTSTAR account at https://my.protectstar.com/app/privacy-policy
  2. Unregistered Users with Installed Protectstar Products:
    • Stop Data Collection: If you haven't registered a Protectstar app but have one installed on your device, you may stop Protectstar's collection of Personal Data from your device by uninstalling that product.
  3. Account Closure and Support:

We're committed to providing you with clear options and support regarding your data. If you have any questions or concerns, please don't hesitate to reach out.

What we aren't going to process

Protectstar never processes "sensitive" personal data such as religion, political views, sexual preference, health, or other special categories of personal data through its products and services. Therefore, we do not wish to receive any such data and will not request it from you.

Protectstar's products must be installed and used by an adult. Children may use the device where Protectstar's product was installed only with permission from their parents or holder of parental responsibility. Except for the "Data for child protection feature", we do not intend to process personal data of children, nor do we want to receive such personal information of children.

How long do we store your Personal Data?

Protectstar is committed to handling your Personal Data with the utmost care. Here's how we manage the storage and deletion of your information:

  1. Storage Location: Your data is stored on in-house servers in Germany, with risk-appropriate technical and organizational security measures applied to ensure its safety.
  2. Retention Periods: We will retain your Personal Data for the following periods:

    • Registered Users: As long as you are a registered subscriber or user of our products.
    • Legal Compliance: For as long as necessary in connection with lawful purposes set out in this Policy or as required by applicable law.
    • Business Needs: For as long as reasonably necessary for internal reporting, reconciliation, warranties, or to provide requested feedback or information.
  3. Selective Data Extraction: Selectively extracted and transmitted data are stored only for the duration technically necessary, usually a few seconds, before secure deletion. Some anonymized statistics may be retained for randomized sample testing.
  4. Data Security: We adhere to generally accepted standards to protect your data during transmission and upon receipt.
  5. Legal Requirements: If legally required, we will delete your data within one year of your last interaction with the Services.
  6. Legal Claims: If relevant legal claims are brought, we may retain your Personal Data for additional periods necessary in connection with that claim.
  7. Final Deletion: Once the applicable retention periods have concluded, we will permanently delete, destroy, or de-identify the relevant Personal Data, ensuring it can no longer be tied to you.

By clearly outlining these procedures, we aim to provide transparency and assurance regarding the privacy and integrity of your data.

Individual Rights in Personal Data

Under the laws that apply to your jurisdiction, you may have specific rights regarding your Personal Data. These include the rights to:

  1. Confirm if we are processing your Personal Data.
  2. Access or obtain a copy of your Personal Data.
  3. Receive a portable copy of your Personal Data or request that we send it to another organization(known as the"right of data portability").
  4. Correct or Amend any inaccurate, untrue, incomplete, or improperly processed Personal Data.
  5. Restrict how we process your Personal Data.
  6. Object to our processing of your Personal Data.
  7. Request Erasure of Personal Data held by us within the boundaries of the law.

To exercise any of these rights, please contact us through the methods provided. We will handle your request in accordance with applicable laws and may verify your identity to ensure your privacy. Note that an administrative fee may apply to some requests where the law permits. We will notify you of any costs before proceeding.

Children’s Privacy

Some of Protectstar’s Services provide security features that parents may use to monitor their child’s activity online, physical location, or use of a registered device. These Services require parental consent, and we do not knowingly use the Personal Data we collect from children’s devices for any purpose except to deliver the Services. These products allow parents to delete their child’s profile at any time. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please contact us as described below. If you are under the age of 18, you must have your parent’s permission to access the Services.

Protectstar urges parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission. If you learn that your child has provided us with Personal Data without your consent, you may alert us by contacting us as described below. Suppose we know that we have collected any Personal Data from children under 13 (and in certain jurisdictions under the age of 16). In that case, we will promptly take steps to delete such information and terminate the child’s account.

Data Transfers

Protectstar is headquartered in the United States (see Contact Us for our address), and we have operations, entities, and service providers in the United States and throughout the world. As such, our service providers and we may transfer your Personal Data to, or store or access it in jurisdictions that may not provide equivalent data protection levels as your home jurisdiction. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it.

We do NOT transfer Personal Data to countries outside of the EEA or Switzerland through a series of intercompany agreements based on the Standard Contractual Clauses in accordance with EU law and applicable EU regulations.

Residents of the European Economic Area

If you are in the European Economic (EEA), the following additional disclosures apply.

Data Controller

Where you purchase one of Protectstar’s consumer products, Protectstar Inc. acts as your personal data controller.

Legal Basis for Processing

When we process your Personal Data, we will only do so in the following situations:

  • We need to use your Personal Data to perform our contract responsibilities with you (e.g., processing payments and providing the Services you purchase or request).
  • We have a legitimate interest in processing your Personal Data. For example, we have a legitimate interest in processing your Personal Data to provide, secure, and improve our Services, communicate with you about changes to our Services, and inform you about new services or products.
  • We have your consent to do so. We need to process your Personal Data to comply with our legal obligations.

Residents of California

Your California Privacy Rights

Protectstar does not share information that identifies you personally with non-affiliated third parties for their marketing use without your permission.

California Consumer Privacy Act

If you are a resident of California, you may submit a request to exercise your rights in Personal Data. For purposes of the California Consumer Privacy Act, Protectstar does not “sell” your Personal Data.

Residents of Nevada

Protectstar does not sell information that identifies you personally with non-affiliated third parties. If you would like to request that we not sell identifying information about you in the future, you may request using the contact information below.

Individual Rights Requests and Withdraw Consent

You may submit a request to exercise your rights in Personal Data using the mechanisms explained under “What Choices Do You Have About Your Personal Data?” above. If you initially consented to our processing of your Personal Data, you may withdraw your consent using those mechanisms or by contacting us using the contact information below.

Changes to This Privacy Policy

We may modify our Privacy Policy at our discretion. If changes are made, we will notify you by posting the updated Privacy Policy on this page at https://www.protectstar.com/en/policy-for-apps

These changes will take effect immediately after being posted, so we encourage you to review this page periodically to stay informed.

How to Contact Us

If you have questions, comments, or need assistance with updating or removing your information or preferences, you can reach us at:

Protectstar Inc.
4281 Express Lane
Suite L3604
Sarasota, FL 34249
USA

Phone:+1-561-246-3351
General Inquiries:
Privacy Inquiries: