English
Deutsch
Español
Français
Italiano
Português
Русский
العربية
हिन्दी
日本語
简体中文
Android
iOS
Mac
Windows
Last updated: November 10, 2025
Your data
belongs to you.
We protect people from digital threats—not the other way around. Here is a transparent look at what that means in practice.
At a glance
No tracking
No advertising IDs, no ad profiling, no user profiles.
No GPS location
No GPS or motion data. In any of our apps.
During a user-initiated WhoIs lookup in Firewall AI, IP/geo information may be processed briefly.
TLS 1.2/1.3 · AES-256
Strong encryption in transit and at rest.
Servers in Germany
ISO 27001-certified. GDPR-compliant.
Typically deleted within seconds
Data is removed as quickly as possible after analysis.
No tracking SDKs
No third-party analytics, advertising, or crash-reporting services.
What happens to your data
Never
GPS or motion data
Advertising or tracking IDs
File or app contents
Selling or sharing your data
Sensitive categories
Health, religion, politics—never processed
Automated profiling
Only the minimum necessary
App names & package identifiers
To detect malware and spyware
Checksums (SHA-256 & MD5)
Digital fingerprints—never file contents
Device metadata (optional)
OS version, model—to minimize errors
Firebase notification token
Delivery only—Firebase Analytics permanently disabled
Protectstar vs. the industry
What tracking SDKs do—and why we leave them out
Many security apps bundle dozens of third-party libraries that collect data far beyond their security purpose—for advertising, behavioral analytics, or third-party use. We chose not to do that.
Typical SDKs in the industry
Crash-reporting services
Social media analytics
Behavioral analytics platforms
Attribution & marketing SDKs
Ad networks & ad SDKs
Protectstar
Firebase Messaging—delivery only
Firebase Analytics permanently disabled. No other third-party SDKs.
Not a single third-party tracking or analytics service—a deliberate foundational decision since day one, not a later adjustment.
Key data points by app
Anti Spy
Android
Antivirus AI
Android · Mac
Firewall AI
Android
Camera Guard
Android · Mac
Micro Guard
Android
iShredder
Android · iOS · Mac · Windows
Analysis data is processed primarily via
api.protectstar.com. Other endpoints: Firebase Messaging, WhoIs, OpenStreetMap (Firewall AI), bunny.net CDN. Typically deleted within seconds after analysis. Full overview in the Disclosure → Technical details
Imagine every page of a book has a unique serial number. If a page is altered, the number no longer matches—making the change immediately visible without reading the page itself. That is exactly how checksums work: every app gets a unique code. If it changes, that may indicate possible tampering. We never analyze the content—only the fingerprint.
Why SHA-256 and MD5? SHA-256 is the modern, cryptographically stronger standard. MD5 is also used because many signature databases have historically been built on MD5 hashes—the combination improves detection accuracy while keeping the data footprint minimal.
SHA-256 (primary standard) MD5 (complementary, signature databases) No access to file contents
Why SHA-256 and MD5? SHA-256 is the modern, cryptographically stronger standard. MD5 is also used because many signature databases have historically been built on MD5 hashes—the combination improves detection accuracy while keeping the data footprint minimal.
SHA-256 (primary standard) MD5 (complementary, signature databases) No access to file contents
All transmissions use TLS 1.2/1.3 with modern cipher suites. Data at rest is encrypted with AES-256. Our cloud infrastructure (
TLS 1.2/1.3 AES-256 ISO 27001 GDPR bunny.net EU CDN
api.protectstar.com) runs on ISO 27001-certified servers in Germany. For global downloads, we use bunny.net—a European CDN that is also ISO 27001-certified, with IP anonymization, EU routing, and log retention of no more than 3 days. TLS 1.2/1.3 AES-256 ISO 27001 GDPR bunny.net EU CDN
Firebase Messaging is used exclusively to deliver security alerts. Firebase Analytics is permanently disabled—built into the code, no usage tracking, no profiling, no advertising purpose. Push notifications can be turned off at any time in the device's system settings.
No analytics No Crashlytics No marketing tracking
No analytics No Crashlytics No marketing tracking
To stop data transmission, disable the app's internet connection (cloud scans will then be limited).
With a MY.PROTECTSTAR account: Delete your data in the account settings or by email at [email protected]. We usually respond within one month.
Without an account: After uninstallation, local data is removed and cloud data is deleted after analysis. Statutory retention obligations may still apply.
Our apps are not intended for children under 13. No automated profiling with legal or similarly significant effects.
Access & correction Right to deletion Opt out anytime GDPR · CCPA · UK GDPR
With a MY.PROTECTSTAR account: Delete your data in the account settings or by email at [email protected]. We usually respond within one month.
Without an account: After uninstallation, local data is removed and cloud data is deleted after analysis. Statutory retention obligations may still apply.
Our apps are not intended for children under 13. No automated profiling with legal or similarly significant effects.
Access & correction Right to deletion Opt out anytime GDPR · CCPA · UK GDPR
Protectstar Inc. is headquartered in Sarasota, Florida, USA. All app data is processed on ISO 27001-certified servers in Germany. For cross-border transfers, we use EU Standard Contractual Clauses (SCCs) and data processing agreements (DPAs) with all processors.
Processing in Germany EU Standard Contractual Clauses DPAs with all processors
Processing in Germany EU Standard Contractual Clauses DPAs with all processors
Their apps are reliable, efficient, and respect users' privacy—which is becoming increasingly rare. It is refreshing to find security solutions that are ad-free and built on real performance, certifications, and user trust rather than hype.
Contact & documentation
Full documentation
Frequently asked questions
No. We do not collect personal data such as your name, email address, location, or device identifiers that can be linked back to you as an individual. The minimal data we process consists of technical signals used for threat detection—app names, checksums, and optional device metadata—always anonymized and typically deleted within seconds.
No—and that was never an option. We do not share data with third parties or sell it. We monetize exclusively through in-app purchases and subscriptions, not through data or advertising.
To reliably detect malware and spyware, some apps (Anti Spy, Antivirus AI, Firewall AI) compare app fingerprints and package identifiers against our cloud database. That comparison is at the core of the protection function—and it works without access to file contents. Apps such as Camera Guard and Micro Guard do not transmit any scan data to the cloud.
Technical analysis data is typically permanently deleted within seconds after analysis is complete. CDN connection logs are retained for no more than 3 days. Data from MY.PROTECTSTAR accounts is deleted on request. Statutory retention obligations may still apply.
Yes. Disabling the app's internet connection stops all cloud transmission—however, real-time detection and cloud scans will then be limited. Push notifications can be disabled in the device's system settings. When the app is uninstalled, all local data is removed; cloud data is deleted after the last analysis. For further deletion requests: .
Your privacy is not a business model.
At Protectstar, privacy was never a marketing claim—it was a technical and business decision from the outset. That is the difference.
Last updated: November 10, 2025 · Protectstar Inc. · Sarasota, FL, USA