🔒 Privacy Policy

Effective Date: February 1, 2026

Last Updated: April 18, 2026

Welcome to MsgVault – Delete Recovery (also referred to as "MsgVault", "App", "we", "us", or "our"). This Privacy Policy explains exactly how we collect, use, store, and protect your information when you use our application. It is written to match the App's actual behaviour precisely and to satisfy Google Play's Data Safety requirements.

        🛡Privacy First: Your message and notification data is stored only on your device in app-private, sandboxed storage. We do not upload, transmit, or share your message content with any external server or third party.
    

1. Information We Collect

1.1 Data Collected via Notification Listener (Core Feature)

To provide its primary function — capturing and archiving messages — the App uses Android's Notification Listener Service. When granted permission, it reads:

Notification text content: The visible text (title and body) of notifications from apps you choose to monitor (e.g., WhatsApp, Telegram, Signal).
Sender name / identifier: The display name shown in the notification.
Timestamp: The time the notification was received.
App source: The package name of the app that sent the notification (e.g., com.whatsapp).
Notification media (optional): Profile pictures or image previews extracted directly from the notification payload using Android's EXTRA_LARGE_ICON, EXTRA_PICTURE, and MessagingStyle APIs. No external storage files are read.
Deletion events: When a notification is removed by the source app, the App records this to identify potentially deleted messages.

All of this data is stored exclusively in app-private storage on your device. It is never transmitted to us or any external server by this App.

1.2 Data You Provide Directly

Scheduled Messages & Reminders: Text you write for scheduled or repeated messages, stored locally in the app-private database. Never transmitted.
Message Templates: Custom text templates you create, stored locally. Never transmitted.
Contact Notes: Personal notes you write about contacts, stored locally. Never transmitted.
Direct Chat History (phone numbers): When you use the Direct Chat feature (open a conversation in a messaging app without saving a contact), the phone numbers you enter are saved in an app-private SharedPreferences file on your device so you can quickly re-open recent conversations. These phone numbers are never transmitted to us or any third party. You can clear this history at any time via the Direct Chat screen.
PIN (App Lock & Secret Vault): Your chosen PIN is never stored in plaintext. It is hashed using PBKDF2-HmacSHA256 with a unique cryptographic salt (10,000 iterations, 256-bit key) and stored in Android's Encrypted SharedPreferences (AES-256-GCM encryption via Jetpack Security Crypto). The encrypted file is explicitly excluded from all cloud and device-transfer backup operations.
Status Saver: If you use the Status Saver feature, the App reads publicly visible status media (images and videos) from the shared storage directory on your device. These files are only displayed within the App and, if you choose to save them, are copied to your device’s gallery. This data is never uploaded, transmitted, or shared with us or any third party. On Android 12 and below (API ≤ 32), this feature requires the READ_EXTERNAL_STORAGE permission, which is requested at runtime with a clear explanation.
Auto-Reply Rules: When you create an auto-reply rule, you configure a trigger keyword and a reply text. When an incoming notification matches the trigger keyword, the App uses the notification’s own RemoteInput reply action — the same mechanism used when you reply from the notification shade — to deliver the reply text through the original messaging app’s notification infrastructure. No message content is routed through our servers. The reply is sent entirely on-device using the PendingIntent provided by the original app’s notification. Auto-reply rule data (keywords, reply texts, scheduling windows) is stored locally and never transmitted.
Scheduled & Repeat Messages: If you use Scheduled Messages or the Repeater tool, you configure a message text, a target contact/app, and a time or interval. At the scheduled time, the App opens the target messaging app directly using a deep-link URL (e.g., https://wa.me/ for WhatsApp). The App does not send messages autonomously — it simply launches the messaging app with pre-filled text; the user must confirm the send action within the original app. The scheduled message text is stored locally only and is never transmitted to us.

1.3 Data Collected by Third-Party SDKs

The App integrates the following third-party services, which may collect data independently under their own privacy policies:

Google AdMob & User Messaging Platform (UMP)

AdMob may collect your Advertising ID, device information, IP address, and app-interaction data to serve personalised or non-personalised advertisements.
The Google UMP SDK is used to request your GDPR/consent preferences before AdMob is initialised. No personalised ads are served to EU/EEA users without explicit consent. MobileAds is never initialised before the consent form has been presented and responded to.
You can change your ad consent preference at any time via Settings → Ad Privacy Settings inside the App.
Google Privacy Policy: https://policies.google.com/privacy
AdMob data practices: https://support.google.com/admob/answer/6128543

Google Play Billing

If you purchase a premium subscription, Google Play Billing processes the payment. The App receives only a purchase token and subscription status — it never receives or stores your payment card details.
Only the subscription type (weekly/monthly/yearly/lifetime) and expiry timestamp are cached locally to determine feature access and ad suppression.

Google ML Kit Smart Reply (On-Device AI Only)

The App uses Google ML Kit Smart Reply to suggest contextual reply options when viewing a conversation. This feature runs entirely on your device — no message text is sent to Google or any external server for processing.
ML Kit Smart Reply uses a locally bundled machine-learning model. The model receives the last few messages from a conversation as input and returns suggested reply text. This input and output never leaves your device.
Google ML Kit Privacy Policy: https://developers.google.com/ml-kit/terms

2. Permissions Declared and Why

Below is a complete, accurate disclosure of every permission declared in the App's manifest (AndroidManifest.xml), including its classification, purpose, and necessity.

Permission	Classification	Purpose & Justification
`INTERNET`	Normal	Required for AdMob ads to load and Google Play Billing to connect to Google's servers for subscription verification.
`ACCESS_NETWORK_STATE`	Normal	Checks network availability before attempting ad loading or billing operations, preventing unnecessary errors on offline devices.
`FOREGROUND_SERVICE`	Normal	Required to run the Notification Capture Service as a foreground service so Android does not terminate it while the user uses other apps.
`FOREGROUND_SERVICE_SPECIAL_USE`	Sensitive / Restricted	Android 14+ requires this permission for notification listener services that do not fit into a predefined foreground service type. Both the Notification Capture Service and the Repeat Message Service declare `android:foregroundServiceType="specialUse"` as required. This use case is declared in the Google Play Console with a full justification.
`POST_NOTIFICATIONS`	Dangerous (runtime)	Required on Android 13+ to display the foreground service notification (indicating the service is active) and to deliver message reminder notifications. Requested at runtime with a clear user explanation before the prompt is shown.
`WAKE_LOCK`	Normal	Allows the notification service to briefly hold a CPU wake lock when a notification arrives, ensuring the notification is fully processed before the device enters deep sleep. The wake lock is released immediately after processing (10-second maximum).
`SCHEDULE_EXACT_ALARM`	Special / User-granted	Required for the Message Reminders feature, which lets users set time-exact reminders for specific messages. On Android 12+, the user must grant this manually via Settings → Special app access → Alarms & Reminders. The code gracefully falls back to an inexact alarm if the permission is not granted. Note: `USE_EXACT_ALARM` is intentionally NOT declared, as Google Play restricts it to alarm-clock and calendar apps only.
`REQUEST_IGNORE_BATTERY_OPTIMIZATIONS`	Sensitive	Required to keep the Notification Listener Service running reliably on devices with aggressive battery management (Doze Mode). Without this, the OS may suspend the service and cause missed messages. Users are shown a clear explanation in the onboarding flow before this is requested, and the App functions (with reduced reliability) if the user declines.
`USE_BIOMETRIC`	Normal	Powers the optional App Lock feature, which lets users protect the App with fingerprint or face authentication. Only used if the user explicitly enables biometric lock in Settings.
`VIBRATE`	Normal	Provides haptic feedback during PIN input and on certain button interactions for improved user experience. Carries no privacy risk.
`RECEIVE_BOOT_COMPLETED`	Normal	Allows the App to restart the Notification Listener Service after the device reboots, ensuring uninterrupted message capture. The Boot Receiver responds to `BOOT_COMPLETED` and `LOCKED_BOOT_COMPLETED`. No user data is read during boot — only the service is restarted.
`READ_EXTERNAL_STORAGE` (maxSdkVersion 32)	Dangerous — requested at runtime on API ≤ 32 only	Required by the Status Saver feature on Android 12 and below to read publicly visible status media (images/videos) from the shared storage directory. This permission is not requested or used on Android 13+ (API 33+), where the directory is accessible directly without a general storage permission. Users are shown an explanation dialog before the permission is requested.
`WRITE_EXTERNAL_STORAGE` (maxSdkVersion 28)	Dangerous — requested at runtime on API ≤ 28 only	Required only on Android 9 (API 28) and below to save status media to the device gallery via the Status Saver feature. On Android 10+ (API 29+) the App uses the `MediaStore` API to save files, which requires no storage permission.

3. How We Use Your Data

Notification content is used solely to display captured messages inside the App and to detect deleted messages. It is never transmitted externally by us.
PIN data is used solely for authentication when App Lock or Secret Vault is enabled. It is stored encrypted and never transmitted.
Subscription status is used solely to enable premium features and to control which ad formats are displayed. Specifically: free users see all ad types; weekly and monthly subscribers have interstitial, banner, app-open, and rewarded ads removed but continue to see native ads between content items; yearly and lifetime subscribers have all ad formats removed entirely.
Scheduled message & reminder data is used solely to trigger the in-app alarms and to launch the target messaging app at the configured time with pre-filled message text.
Message classification data (OTP, Bank, Shopping, Promotion, Appointment, Urgent, etc.) is computed locally on your device to help you organise your messages. It is not transmitted.
Auto-reply rules are processed locally to match incoming notification text against your configured keyword triggers. When a match is found, the App sends the configured reply text using the notification’s own RemoteInput PendingIntent — i.e., the same reply channel the original messaging app exposes in its notification. This action occurs entirely on-device. No message content is sent to our servers or any external service.
Package visibility data (whether specific messaging apps are installed) is used exclusively to populate the Direct Chat app selector and the notification service app icon display. This information is never stored persistently or transmitted.

4. Data Storage and Retention

All message data is stored in a local Room (SQLite) database inside Android's app-private storage, inaccessible to other apps without root access.
Android Auto Backup (Google Cloud) is completely disabled for MsgVault via declared backup rules (fullBackupContent and dataExtractionRules in the App manifest). MsgVault does not use Google Drive or any cloud sync for your data — zero bytes of app data are ever sent to Google's backup servers.
Profile pictures and media thumbnails extracted from notifications are stored in private profile_pics and media_thumbs folders inside app-private storage.
Encrypted SharedPreferences (containing Vault PIN and App Lock credentials) are encrypted with AES-256-GCM and stored in Android's sandboxed storage only.
Data is retained until you delete it within the App or uninstall the App. Uninstalling removes all locally stored data.
Auto-cleanup is available at 7-day, 30-day, and 90-day intervals and must be explicitly enabled by the user in Settings.
You can create a local ZIP backup of your data at any time via Settings → Backup & Restore. These backups are stored on your device only and are never uploaded by the App.

5. Data Sharing

We do not sell, rent, or share your personal data with any third party, except as follows:

Google AdMob: Advertising data (Advertising ID, device info) is shared with Google for ad serving. EU/EEA users control this via the UMP consent prompt and the in-app Ad Privacy Settings.
Google Play Billing: Purchase tokens are exchanged with Google Play to verify subscription status. We receive only the subscription outcome — not payment details.
Legal compliance: We may disclose data if required by applicable law or a valid governmental request, to the extent permitted by law and to the minimum extent necessary.

6. Security

All message data is stored in Android's sandboxed app-private storage, inaccessible to other apps.
The message database is explicitly excluded from Android Auto Backup (cloud sync) via backup rules configuration.
PINs are hashed using PBKDF2-HmacSHA256 (10,000 iterations, 256-bit key) with a unique cryptographically-random salt, and stored in Android Encrypted SharedPreferences (AES-256-GCM).
The optional App Lock (PIN and/or Biometric) provides an additional access-control layer at the app entry point, re-locking immediately when the app goes to background.
No network transmission of your message, notification, or chat data occurs at any time.
Release builds use code shrinking and obfuscation (R8/ProGuard) to harden the application against reverse engineering.
All network communications from third-party SDKs (AdMob, Play Billing) use HTTPS/TLS. Cleartext traffic is explicitly disabled.
The App maintains five notification channels, all created at first launch so they are fully visible and configurable in Android Settings → Notifications:
- Backup Service — persistent silent service indicator (no sound, no vibration)
- New Message Saved — alerts when a notification is captured
- Deleted Message Alert — high-priority alert for recovered deleted messages
- Message Reminders — time-based reminder alerts
- App Icon Badge — minimum-priority channel used only to update the unread count badge dot on the launcher icon; produces no sound, light, or vibration

7. Children's Privacy

This App is not directed to children. It requires users to be at least 13 years of age (or 16 in the EU/EEA, where GDPR applies a higher minimum age for data processing consent). We do not knowingly collect personal information from children. If you believe a child has provided personal data through this App, please contact us at mhorayra01@gmail.com and we will promptly delete that information.

The App is not configured as child-directed in the AdMob dashboard, and child-directed ad treatment is not applied.

8. Your Rights and Choices

Access & Deletion: All your data is on your device. You can view and delete any message, chat, or contact note directly within the App. Uninstalling the App removes all locally stored data.
Notification Listener: You can revoke Notification Listener access at any time via Android Settings → Apps → Special app access → Notification access. The App will stop capturing new messages immediately.
Battery Optimisation: You can re-enable battery optimisation for this App at any time via Android Settings → Apps → [App name] → Battery.
Ad Personalisation: EU/EEA users can modify their ad consent at any time via Settings → Ad Privacy Settings inside the App. All users can reset or limit ad tracking via Android Settings → Privacy → Ads.
GDPR / CCPA: If you are in the EU/EEA or California, you have rights regarding your personal data. Since your message data is stored locally only and we do not hold it on any server, most rights are exercised directly on your device. For data held by third parties (Google AdMob, Google Play Billing), please refer to Google's privacy policies. For any concerns about your rights, contact us at mhorayra01@gmail.com.
Auto-Cleanup: You can configure automatic data cleanup at 7, 30, or 90 day intervals from Settings, or delete all data immediately via Settings → Delete All Data.

9. Package Visibility (Installed Apps)

The App declares specific package visibility queries in its manifest to detect whether certain messaging apps (WhatsApp, Telegram, Signal, Viber, IMO, LINE, Skype, Facebook Messenger) are installed. This information is used exclusively for the Direct Chat feature, which allows you to open a conversation in those apps directly from MsgVault. The App does not enumerate all installed apps, does not log which specific apps are installed, and does not transmit this information to us or any third party.

10. Google Play Data Safety Summary

In compliance with Google Play's Data Safety requirements, here is a complete and accurate summary of this App's data practices:

Data Type	Collected?	Shared?	Purpose	User Control
Messages / Notification content	Yes — locally on device only	No	Core functionality	Delete in-app or uninstall
Advertising ID	By AdMob (consent-gated for EU/EEA)	With Google (AdMob)	Advertising	Ad Privacy Settings / Android Ad ID
Device & App Info	By AdMob	With Google (AdMob)	Analytics & Advertising	Ad Privacy Settings
Purchase / Subscription Status	Yes — subscription type & expiry only	No	Premium feature access	Cancel via Google Play
PIN hash (encrypted)	Yes — encrypted locally (AES-256-GCM)	No	App Lock & Vault security	Disable App Lock in Settings
Scheduled / reminder text	Yes — locally only	No	Reminders & scheduling feature	Delete in-app
Auto-reply rules & keyword triggers	Yes — locally only	No	Auto-reply feature	Delete in-app
Direct Chat History (phone numbers entered by user)	Yes — locally only (SharedPreferences)	No	Direct Chat recent history	Clear history in-app
Notification thumbnails / avatars	Yes — locally only	No	Contact avatars display	Delete in-app
Smart Reply suggestions (ML Kit)	Processed on-device only — never stored or transmitted	No	Suggest replies in Chat view	Feature is opt-in per conversation
Auto-reply text sent via RemoteInput	Sent on-device via notification PendingIntent only — never transmitted to us	No	Auto-reply feature	Disable/delete rules in-app
Installed app list (partial)	No — only detects specific messaging apps listed in manifest <queries>	No	Direct Chat app selector; notification icon display	—
Location data	No	No	—	—
Phone numbers (contacts list)	No — only Direct Chat history entered by user	No	—	—
Precise device identifiers (IMEI, etc.)	No	No	—	—

11. International Users

Your message data is stored locally on your device and is not transferred internationally by us. Third-party advertising and billing services (Google) may transfer data internationally as described in their own privacy policies. EU and UK users: the Google UMP SDK manages your GDPR/PECR consent for personalised advertising before any AdMob initialisation occurs.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App's features or applicable law. We will notify you of significant changes by:

Updating the "Last Updated" date at the top of this policy.
Showing an in-app notification for material changes.
Requiring re-acknowledgement where changes affect how your data is handled.

Continued use of the App after a policy update constitutes acceptance of the updated terms.

13. Third-Party Links & Apps

The Direct Chat feature launches third-party messaging applications already installed on your device. We do not access, store, or transmit any data from those apps. We are not responsible for the privacy practices of any third-party app or service you choose to open.

14. Disclaimer

        ⚠Important: MsgVault – Delete Recovery is an independent application. It is NOT affiliated with, endorsed by, sponsored by, or associated with WhatsApp, Meta Platforms Inc., Telegram Messenger Inc., Signal Foundation, Rakuten Viber, IMO, LINE Corporation, Microsoft (Skype), or any other messaging service provider. All product names, logos, and trademarks are property of their respective owners.
    

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: mhorayra01@gmail.com

We aim to respond to all inquiries within a reasonable timeframe.

Search This Blog

MsgVault

MsgVault Privacy policy