Effective date: July 13, 2026
1. Scope
This Privacy Policy explains how the SafeBox Android application and the website at msafebox.com handle information. “SafeBox,” “we,” “us,” and “our” refer to the independent developer operating the application and website.
2. Information handled by the SafeBox app
2.1 Vault content stored on your device
SafeBox may store information that you choose to add, including account records, passwords, notes, identity-document images, voice attachments, and personal photos. This content is stored locally in the app’s private storage and is protected using the app’s encryption and access-control mechanisms.
We do not operate a centralized SafeBox server that receives a readable copy of your vault content.
2.2 Security and recovery information
The app may store local security settings, encrypted key-wrapping records, recovery-code verification data, backup metadata, and operation journals. SafeBox is designed not to store your master PIN, recovery code, or encryption keys in plaintext. You are responsible for keeping your PIN and recovery code secure.
2.3 Camera, photos, and microphone
With your permission, SafeBox may use the camera, photo storage, or microphone when you actively capture or import content. If you enable the intrusion-alert feature, the app may capture a photo after configured failed-unlock conditions. Intrusion captures are handled according to the settings you choose.
2.4 Google Drive backup
If you connect Google Drive, SafeBox requests the limited drive.file permission. This permission allows the app to create and manage files that SafeBox creates or that you explicitly make available to SafeBox. SafeBox uploads encrypted backup objects and related non-content metadata needed to locate, verify, and restore those backups.
SafeBox may keep limited account-display metadata on your device, such as a masked email address, display name, provider status, and the identifier of the app-created backup folder. Access tokens are intended to be short-lived and are not stored as permanent credentials by SafeBox.
SafeBox’s use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including its Limited Use requirements.
2.5 Dropbox backup
If you connect Dropbox, SafeBox accesses the application area or files used for SafeBox backups. Encrypted backup objects and the metadata required to manage them are transferred to Dropbox. Dropbox processes this information under its own terms and privacy policy.
2.6 Email and SMTP features
If you configure email-based alerts or recovery features, SafeBox uses the email server settings and credentials that you provide to send messages. Depending on your settings, a message may include an intrusion photo or recovery-related information. Your email provider processes those messages and connection data under its own policies.
2.7 Purchases and advertising
Google Play processes purchases, subscriptions, transaction status, and related account information. If advertising is enabled, Google Mobile Ads or other disclosed advertising providers may process device information, advertising identifiers, IP address, approximate location derived from IP, ad interactions, and diagnostic data according to their own policies and your device consent settings.
3. Website information
The SafeBox website is hosted using GitHub Pages. Hosting providers may process standard request information such as IP address, browser type, requested page, and access time for security and operation. The website may use Google Analytics and Google advertising services, which may use cookies or similar technologies to measure usage and serve or measure advertising.
4. How information is used
- To provide local encrypted storage, search, display, backup, restore, and device-transfer functions.
- To authenticate optional cloud connections and perform actions you request.
- To send alerts or recovery messages when you enable and configure those features.
- To process purchases, enforce feature entitlements, prevent abuse, and maintain security.
- To diagnose failures and improve reliability using non-sensitive technical information.
- To operate, secure, and understand use of the public website.
5. Sharing and disclosure
We do not sell your vault content or Google user data. Information is shared only as necessary to provide a feature you request, comply with law, protect users and the service, or work with service providers acting under their own policies. Relevant providers may include Google Play, Google Drive, Dropbox, email providers, GitHub Pages, analytics providers, and advertising providers.
6. Retention and deletion
- Local app data: remains on your device until you delete it, reset the app, or uninstall the app. Uninstalling normally deletes the app’s private local data.
- Cloud backups: remain in your Google Drive or Dropbox until you delete them or the provider removes them. Disconnecting a provider from SafeBox does not automatically delete remote backups unless the app clearly says otherwise and you confirm.
- Email messages: are retained according to the settings and policies of your email provider and recipient.
- Website and advertising data: are retained according to the applicable provider’s policy and settings.
You can delete local vault items from within SafeBox. You can delete cloud backups from the relevant provider or through an available SafeBox deletion function. You may revoke Google access from your Google Account permissions page and Dropbox access from your Dropbox connected-app settings.
7. Security
SafeBox uses technical safeguards intended to protect local content and encrypted backups. No software, device, network, or storage provider can be guaranteed to be completely secure. You should keep your device updated, use a strong PIN, protect your recovery code, and maintain independent backups where appropriate.
8. Your choices and rights
You can choose whether to grant camera, microphone, notification, nearby-device, Google Drive, Dropbox, and other optional permissions. You may withdraw permissions through Android or the relevant provider. Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to processing of personal information that we control. Most vault content is controlled directly by you on your device.
9. Children
SafeBox is not directed to children under the minimum age required to consent to digital services in their country. We do not knowingly collect children’s personal information through a centralized SafeBox account service.
10. International processing
Third-party providers may process information in countries other than yours. Their processing is governed by their own legal terms, privacy policies, and transfer safeguards.
11. Changes to this policy
We may update this policy when the app, website, law, or third-party integrations change. The revised date will be shown at the top. Material changes affecting Google user data will be disclosed before the new use is applied where required.
12. Contact
Questions or privacy requests can be sent to [email protected].