Privacy Policy

1. Introduction

Salva (“we,” “our,” or “us”) is a parental screen-lock and household management application for Android that helps parents protect their children’s screens from accidental touches, manage screen time, monitor on-screen content, and coordinate rules across multiple family devices. This Privacy Policy explains what information we collect, how we use it, how we store and protect it, and your rights regarding your data.

Salva is designed for parents and caregivers — not for children directly. Children interact with the protected device screen; parents control all settings, rules, and monitoring.

By installing or using Salva, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Data Stored On-Device Only (Never Uploaded)

The following data is stored exclusively on your device and is never transmitted to any server:

2.2 Data Stored in the Cloud

If you create or join a household, the following data is synced to our cloud backend (hosted on Supabase):

2.3 Data We Do NOT Collect

• No advertising or ad tracking IDs
• No precise location data — IP addresses are truncated before storage; only a coarse region (e.g., “US-CA”) is derived on demand for anti-abuse checks
• No contacts, call logs, or messages
• No photos, videos, or microphone recordings — the camera permission is used exclusively for QR code scanning during household pairing and is declared as optional
• No browsing history
• Opt-in product analytics only — we use Firebase Analytics for product analytics, but only when you explicitly opt in via Account → Privacy & Data. Analytics is disabled by default. When enabled, events are limited to: subscription purchase, mode switch, “aha moment” indicators, and onboarding day numbers. No email, name, device identifier, household identifier, screen content, or other personally identifying information is included in any event. We do not use Mixpanel, Amplitude, or any other third-party analytics SDK. We also use Firebase Crashlytics for crash and error reporting (no user-identifiable data is collected).
• No personal content from screen scans — Screen Sentinel processes text entirely on-device. When a keyword match triggers an alert, only a category label, app name, and a maximum 100-character snippet are stored (auto-deleted after 7 days). No full raw screen-text dump or continuous screen contents leave the device.
• Limited foreground-app metadata in heartbeat — As disclosed in Section 2.2, the heartbeat includes the current foreground app package name (e.g., com.example.app) to power the Family Dashboard and parent-side Smart Rules. We do NOT collect: app usage durations, in-app activity, screen contents from third-party apps, notification text from third-party apps, or app-specific user data. The latest heartbeat value overwrites the previous one (no rolling history is retained).

3. How We Use Your Information

We use the information we collect to:

• Provide core functionality — screen protection, touch blocking, mode switching, and scheduled protection
• Enable household management — let parents monitor and manage child devices remotely through the Family Dashboard
• Deliver content alerts — notify parents of potentially concerning on-screen content detected by Screen Sentinel
• Sync rules and rewards — keep Smart Rules and Screen Time Rewards consistent across household devices
• Verify subscriptions — confirm your subscription status and entitlements through Google Play Billing
• Prevent abuse — detect and mitigate fraudulent device pairing, geo-spread anomalies, and stolen entitlements
• Provide technical support — use device metadata for debugging and troubleshooting

We do not use your data for advertising, profiling, or sale to third parties.

4. Permissions We Request

All permissions are used solely for their stated purpose. The Accessibility Service is used exclusively for screen protection, touch interception, and content monitoring — never for collecting personal information.

5. Children’s Privacy

Salva is a tool for parents, not a child-directed app. We take children’s privacy seriously:

• Child devices do not require a Google account. They are paired to a household via QR code or 6-digit pairing code with the physical presence of a parent.
• No IP address is stored for child devices (lastIp and lastRegion are set to NULL by a database trigger). Parent devices’ IP addresses are truncated to a /24 prefix and a coarse region (e.g., “US-CA”) is retained for the periods listed in Section 2.2 — this is used solely for anti-abuse geo-spread detection and never associated with a child device.
• Only a pseudonymous device fingerprint (SHA-256 hash of device identifiers) is collected from child devices — no personal data.
• Geo-spread detection for child devices relies on the parent device’s region at pairing time, not the child device’s location.
• Content alerts from child devices include only a category label, app name, and short snippet (max 100 characters), and are automatically purged after 7 days.
• Screen Sentinel processes all screen text locally on the child device. No raw screen content leaves the device.
• Children see no popups, notifications, or interruptions from Salva’s monitoring features — all alerts go exclusively to the parent.

COPPA scope statement. We do not knowingly collect personal information from children as defined by the U.S. Children’s Online Privacy Protection Act (COPPA — name, address, phone number, email, photo, audio recording, geolocation, persistent identifier tied to a real-world identity, or other identifier that permits the physical or online contacting of a specific child). The data we do collect from a paired child device — a pseudonymous SHA-256 device fingerprint, a device-bound token, household identifier, and the protection telemetry described in Section 2.2 — is used solely to operate the parental-control service the parent has set up. Content alerts may include a category label, the app name where text was matched, and a short text snippet (max 100 characters) from screen content read by the Accessibility Service; these snippets can incidentally contain text the child saw on screen, are visible only to the parent on the same household account, and are auto-purged after 7 days. We never sell, share for advertising, or otherwise disclose child-device data outside the household; we do not direct any advertising to children.

6. Third-Party Services

We do not use:

• Advertising networks (no AdMob, no ads of any kind)
• Mixpanel, Amplitude, or any third-party analytics service other than the opt-in Firebase Analytics described above
• Social media tracking pixels
• Any data broker services
• Advertising IDs (we do not collect Google Advertising ID or any equivalent)

Note on Firebase Crashlytics: used for crash and error reporting only. It does not collect user-identifiable data, browsing activity, or analytics events. Crashlytics data is retained for 90 days. Debug-build crashes are not collected (setCrashlyticsCollectionEnabled(false) in debug).

7. Data Security

We implement the following security measures to protect your data:

• On-device encryption — Sensitive local data such as auth and billing tokens is stored primarily in Android’s EncryptedSharedPreferences backed by the Android Keystore. Ghost Mode knock patterns are also stored this way on supported devices, but may fall back to app-private SharedPreferences if Android Keystore / EncryptedSharedPreferences fails. A plaintext recovery copy of the device token and household identifier is retained for up to 30 days to handle Keystore corruption; this recovery copy is protected only by Android’s app-sandbox file permissions and is not separately encrypted. Non-sensitive general preferences use standard Android DataStore.
• Transport encryption — All communication between the app and our cloud backend uses HTTPS/TLS
• Pseudonymous identifiers — Device fingerprints are SHA-256 hashed before storage
• IP truncation — Full IP addresses are never stored; the IP is truncated to a /24 prefix by our database before storage
• Token-based authentication — Device-bound refresh tokens with Keystore binding for entitlement verification
• Row-level security — Supabase row-level security (RLS) policies restrict authenticated end-user access so a user can only read and write data scoped to households they belong to. Server-side functions (SECURITY DEFINER stored procedures and our backend edge functions) run with elevated privileges and intentionally bypass RLS in order to validate device tokens, resolve household membership, and perform administrative operations; their access patterns are constrained by their own authentication and authorisation logic rather than by RLS.
• Integrity verification — Google Play Integrity API checks ensure the app is running on genuine, untampered devices
• Anti-abuse monitoring — Automated detection of suspicious pairing patterns, geo-spread anomalies, and device farming

8. Data Retention & Deletion

Automated Retention Schedules

User-Initiated Deletion

You can delete your data at any time through the following methods:

• Clear individual alerts — Manually remove specific content alerts from the parent dashboard
• Remove a device from household — All cloud data for that device (heartbeat, alerts, rewards) is permanently deleted
• Delete household — Settings → Account → Manage Household → “Delete Household” removes all household data from the cloud with cascading deletion of all associated records
• Delete My Data — Settings → Account → “Delete My Data” deletes your account and all associated household data from our cloud servers: your devices are removed (and with them all stored IP and region fields), and your household’s abuse-detection records and device removal logs are permanently deleted. The app then wipes all local data on this device — sign-in tokens, app preferences, Screen Sentinel state, and the cached alert history — and signs you out. Uninstalling the app removes any remaining local files. Purchase-verification records are retained for billing and tax compliance as described in the retention schedule above, with your user and household identifiers removed.
• Uninstall the app — Removes all local data (settings, reports, patterns) from your device. Cloud data persists until you use one of the deletion options above or until automated retention schedules expire.

9. Subscriptions & Payments

• All payments are processed exclusively through Google Play Billing. We never collect or store your credit card number, bank account details, or other financial information directly.
• Salva offers a free tier with core protection features — no ads, no hidden charges.
• Premium plans (Individual, Family, Family+) are available. The Individual plan covers up to 2 devices total (including the parent device). Family plans (6 devices) and Family+ plans (12 devices) add household management features including Family Dashboard and Remote Control.
• All premium plans include a 7-day free trial, managed by the app. Only one trial is allowed per Google account. There is no automatic charge at trial end — when the trial expires, Salva reverts to the Free plan unless you actively choose a paid subscription.
• You can manage or cancel your subscription at any time through the Google Play Store.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access — Request a copy of the data we hold about you
• Right to rectification — Request correction of inaccurate data
• Right to erasure — Request deletion of your data (available in-app via “Delete My Data”)
• Right to data portability — Request your data in a portable format
• Right to restrict processing — Request that we limit how we use your data
• Right to object — Object to specific data processing activities
• Right to withdraw consent — Withdraw consent at any time by disabling permissions, removing devices, or deleting your account

To exercise any of these rights, contact us at info@getsalva.com. We will respond within 30 days.

For EU/EEA residents (GDPR): Our legal bases for processing data include: (a) performance of a contract (providing the service you subscribed to), (b) legitimate interests (security, anti-fraud), and (c) consent (optional features like Screen Sentinel alerts).

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of your personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information. To exercise your rights, use the in-app “Delete My Data” feature or contact us at info@getsalva.com. We will verify your identity and respond within 45 days.

11. International Data Transfers

Our cloud backend is hosted on Supabase infrastructure in the eu-central-1 AWS region (Frankfurt, Germany — within the European Union). For users located in the EU/EEA, your primary household data does not leave the EU for storage purposes. For users located outside the EU/EEA, your data is transferred to and stored in the EU; we rely on the standard Supabase Data Processing Addendum (DPA), which incorporates Standard Contractual Clauses (SCCs) where applicable, as the safeguard for any onward processing by Supabase’s subprocessors. Supabase publishes its current subprocessor list at https://supabase.com/legal/subprocessors. Firebase services described in Section 6 are operated by Google LLC and are subject to Google’s published transfer mechanisms.

Salva is operated by Anthony Mallah from Abu Dhabi, United Arab Emirates.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this policy and notify users through an in-app notification or update notes.

We encourage you to review this Privacy Policy periodically. Your continued use of Salva after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@getsalva.com
Developer: Anthony Mallah
Website: https://getsalva.com
App: Salva for Android

This privacy policy applies to the Salva Android application (package: com.salva.app) distributed through the Google Play Store.