Effective date: July 13, 2026

SafeBox is designed as a local-first privacy application. Your vault content is normally stored on your device in encrypted form. Optional cloud backup, email, advertising, and purchase features involve the third-party services described below.

1. Scope

This Privacy Policy explains how the SafeBox Android application and the website at msafebox.com handle information. “SafeBox,” “we,” “us,” and “our” refer to the independent developer operating the application and website.

2. Information handled by the SafeBox app

2.1 Vault content stored on your device

SafeBox may store information that you choose to add, including account records, passwords, notes, identity-document images, voice attachments, and personal photos. This content is stored locally in the app’s private storage and is protected using the app’s encryption and access-control mechanisms.

We do not operate a centralized SafeBox server that receives a readable copy of your vault content.

2.2 Security and recovery information

The app may store local security settings, encrypted key-wrapping records, recovery-code verification data, backup metadata, and operation journals. SafeBox is designed not to store your master PIN, recovery code, or encryption keys in plaintext. You are responsible for keeping your PIN and recovery code secure.

2.3 Camera, photos, and microphone

With your permission, SafeBox may use the camera, photo storage, or microphone when you actively capture or import content. If you enable the intrusion-alert feature, the app may capture a photo after configured failed-unlock conditions. Intrusion captures are handled according to the settings you choose.

2.4 Google Drive backup

If you connect Google Drive, SafeBox requests the limited drive.file permission. This permission allows the app to create and manage files that SafeBox creates or that you explicitly make available to SafeBox. SafeBox uploads encrypted backup objects and related non-content metadata needed to locate, verify, and restore those backups.

SafeBox may keep limited account-display metadata on your device, such as a masked email address, display name, provider status, and the identifier of the app-created backup folder. Access tokens are intended to be short-lived and are not stored as permanent credentials by SafeBox.

SafeBox’s use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including its Limited Use requirements.

2.5 Dropbox backup

If you connect Dropbox, SafeBox accesses the application area or files used for SafeBox backups. Encrypted backup objects and the metadata required to manage them are transferred to Dropbox. Dropbox processes this information under its own terms and privacy policy.

2.6 Email and SMTP features

If you configure email-based alerts or recovery features, SafeBox uses the email server settings and credentials that you provide to send messages. Depending on your settings, a message may include an intrusion photo or recovery-related information. Your email provider processes those messages and connection data under its own policies.

2.7 Purchases and advertising

Google Play processes purchases, subscriptions, transaction status, and related account information. If advertising is enabled, Google Mobile Ads or other disclosed advertising providers may process device information, advertising identifiers, IP address, approximate location derived from IP, ad interactions, and diagnostic data according to their own policies and your device consent settings.

3. Website information

The SafeBox website is hosted using GitHub Pages. Hosting providers may process standard request information such as IP address, browser type, requested page, and access time for security and operation. The website may use Google Analytics and Google advertising services, which may use cookies or similar technologies to measure usage and serve or measure advertising.

4. How information is used

5. Sharing and disclosure

We do not sell your vault content or Google user data. Information is shared only as necessary to provide a feature you request, comply with law, protect users and the service, or work with service providers acting under their own policies. Relevant providers may include Google Play, Google Drive, Dropbox, email providers, GitHub Pages, analytics providers, and advertising providers.

6. Retention and deletion

You can delete local vault items from within SafeBox. You can delete cloud backups from the relevant provider or through an available SafeBox deletion function. You may revoke Google access from your Google Account permissions page and Dropbox access from your Dropbox connected-app settings.

7. Security

SafeBox uses technical safeguards intended to protect local content and encrypted backups. No software, device, network, or storage provider can be guaranteed to be completely secure. You should keep your device updated, use a strong PIN, protect your recovery code, and maintain independent backups where appropriate.

8. Your choices and rights

You can choose whether to grant camera, microphone, notification, nearby-device, Google Drive, Dropbox, and other optional permissions. You may withdraw permissions through Android or the relevant provider. Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to processing of personal information that we control. Most vault content is controlled directly by you on your device.

9. Children

SafeBox is not directed to children under the minimum age required to consent to digital services in their country. We do not knowingly collect children’s personal information through a centralized SafeBox account service.

10. International processing

Third-party providers may process information in countries other than yours. Their processing is governed by their own legal terms, privacy policies, and transfer safeguards.

11. Changes to this policy

We may update this policy when the app, website, law, or third-party integrations change. The revised date will be shown at the top. Material changes affecting Google user data will be disclosed before the new use is applied where required.

12. Contact

Questions or privacy requests can be sent to [email protected].