🔐 Legal Document

Privacy Policy

Last updated: May 1, 2026 · Effective date: May 1, 2026 · App version: 1.4.0+ · Package: com.binan.statussaver

      The short version: StatusVault processes all WhatsApp status media 100% on your device. We do not upload, store, or view your statuses, images, or videos. The only data we collect is what is strictly necessary for Pro subscription verification (via Firebase) and anonymized ad analytics (via AdMob for free users). Your media never leaves your phone.
    

1. Who We Are

StatusVault ("App", "we", "us") is an independent Android application developed by Binan (the "Developer"). The app allows users to view, save, and share WhatsApp and WhatsApp Business statuses that are already stored locally on their Android device.

Contact: ahmedsameerbinan2@gmail.com

This Privacy Policy applies to the StatusVault Android application (package: com.binan.statussaver) and associated web properties.

2. Information We Collect

2.1 Information You Provide (Optional)

Google Account (optional): If you choose to sign in with Google to sync your Pro subscription across devices, we collect your Google UID, email address, and display name. Sign-in is only required for Pro subscription sync—not for core app functionality.
Payment Information: Payments are processed by Razorpay. We never see or store your card number, bank details, UPI PIN, or CVV. Razorpay shares only a payment confirmation token and your email/phone with us, which we store solely to verify your Pro subscription status.

2.2 Information Collected Automatically

Device Identifier: A unique identifier generated on your device (via expo-device), used only to associate your subscription with your device when you are not signed in with Google.
Android Version & Device Model: Collected to determine the correct storage access method (Legacy / Scoped Storage / Storage Access Framework) for your specific Android version.
Subscription Status: Stored in Google Firebase Firestore (Google Cloud) to validate your Pro membership status across devices and app sessions. This includes your purchase timestamp and plan duration.
AdMob Analytics (Free Tier Only): Google AdMob may collect anonymized analytics and ad-interaction data (e.g., ad impressions, clicks) as described in Google's Privacy Policy. This applies only to free-tier users who see ads.
Crash & Error Reports: If the app crashes, anonymized crash data (stack traces, device info) may be sent via Expo/EAS or Firebase Crashlytics to help us fix bugs. No personal data, media files, or WhatsApp content is included.
App Usage Metrics (Optional): Basic, anonymized usage events (e.g., "app opened", "status saved") may be logged locally via @react-native-async-storage/async-storage for feature improvement. This data is never transmitted to our servers unless you explicitly opt-in to analytics.

2.3 What We Do NOT Collect

❌ We do not access, read, upload, or transmit any WhatsApp statuses, images, or videos to any server.
❌ We do not read your WhatsApp messages, contacts, or chat history.
❌ We do not track your location, IP address, or network information.
❌ We do not sell, rent, or share your personal data with third parties for marketing.
❌ We do not use your data for targeted advertising beyond what Google AdMob autonomously serves to free-tier users.
❌ We do not request or use sensitive permissions like READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, RECORD_AUDIO, or SYSTEM_ALERT_WINDOW (these are explicitly blocked in our app configuration).

3. How We Use Your Information

To verify and activate your Pro subscription across devices (when signed in with Google).
To send you a payment receipt via Razorpay's email/SMS system.
To display non-personalized ads to free-tier users via Google AdMob.
To diagnose and fix technical issues using anonymized crash data.
To communicate with you about support requests you initiate via email.
To comply with legal obligations (e.g., Indian GST record-keeping for payment logs).

4. Data Storage & Security

Subscription and authentication data is stored in Google Firebase Firestore, hosted on Google Cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+).

Security measures we implement:

HMAC-SHA256 signature verification on all Razorpay payment webhooks
Firebase Authentication token verification on every authenticated API request
No raw payment credentials, passwords, or media files stored on our servers
All API communication enforced over HTTPS with certificate pinning (via Expo)
Local auth tokens stored in encrypted AsyncStorage with React Native persistence
Regular security audits of Firebase security rules and server endpoints

Payment records are retained for up to 7 years as required by Indian tax law (GST compliance). All other personal data is deleted within 30 days of account deletion request.

5. Third-Party Services

💳

Razorpay – Payment processing (RBI licensed). Privacy Policy →

🔥

Google Firebase – Authentication, Firestore database, Crashlytics. Privacy Policy →

📱

Google AdMob – Advertising (free users only). Privacy Policy →

🔑

Google Sign-In – Optional account authentication for Pro sync. Privacy Policy →

⚡

Expo / EAS – App runtime, build services, and optional crash reporting. Privacy Policy →

We do not share your personal data with these services beyond what is strictly necessary for their documented functionality.

6. Android Permissions Explained

StatusVault requests only the minimum permissions required to function. All file operations happen locally—no files are transmitted to any server.

WRITE_EXTERNAL_STORAGE

Required to save WhatsApp statuses to your device gallery (Android < 10). On Android 10+, we use Scoped Storage APIs instead.

POST_NOTIFICATIONS

Optional: Enables status reminder notifications. You can disable this anytime in Android Settings → Apps → StatusVault → Notifications.

RECEIVE_BOOT_COMPLETED

Allows scheduled notifications to persist after device restart. No data is collected or transmitted.

VIBRATE

Provides haptic feedback for UI interactions. No data collected.

READ_MEDIA_IMAGES / VIDEO

Explicitly blocked in our app configuration. We access WhatsApp status files via Android's public status directory, not your media library.

RECORD_AUDIO / LOCATION

Explicitly blocked. StatusVault never records audio or accesses your location.

7. Children's Privacy

StatusVault is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will delete it promptly.

8. Your Rights (GDPR & Indian IT Act)

If you are in the European Economic Area or India, you have the following rights regarding your personal data:

Access: Request a copy of your personal data we hold.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data. You can do this directly in the app via Settings → Delete Account, or by emailing us.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing of your data for legitimate interests.
Withdraw Consent: Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at ahmedsameerbinan2@gmail.com. We respond to all legitimate requests within 7 working days.

9. Data Retention Schedule

Subscription records Retained for 7 years (Indian GST/tax compliance requirement)

Account data (Google UID, email) Deleted within 30 days of account deletion request

Payment order logs (Razorpay) Retained for 7 years (financial regulatory requirement)

Crash/analytics data Anonymized; retained per Expo/Firebase policy (typically 90 days)

Local app preferences Stored on your device only; deleted when you uninstall the app

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last updated" date at the top of this page.

Continued use of the app after changes constitutes acceptance of the updated policy. For material changes that affect your rights, we will notify you via an in-app notice at least 7 days before the changes take effect.

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

11. Contact Us

Developer: Binan (Ahmed Sameer Binan)

App: StatusVault (com.binan.statussaver)

Email: ahmedsameerbinan2@gmail.com

Response time: Within 7 working days

Grievance Officer (India): Binan — reachable at the email above as per the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

Source Code: Public repository at github.com/binan-maker/WAStatusSaver