CalcLok logo
CalcLok Private Vault App

Privacy Policy

Effective date: March 7, 2026

Last updated: March 7, 2026

1. Overview

CalcLok ("we", "us", "our") is a private vault application for Android and desktop. We are committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

CalcLok is designed as a privacy-first application. Your vault content is encrypted on your device and we cannot access it.

2. Information We Collect

Information you provide:

  • Email address (if you contact support)
  • License key activation data (device fingerprint, device label) for license verification
  • Payment information processed by Google Play or BTCPay Server (we do not store payment details)

Information collected automatically:

  • Basic device information for license activation (device model, anonymized device ID)
  • App crash reports (if enabled)

Information we do NOT collect:

  • Photos, videos, or files stored in your vault
  • Notes, passwords, or contacts stored in the app
  • Vault access codes or biometric data
  • Browsing history, location data, or usage analytics

3. How We Use Your Information

  • To verify and manage license key activations
  • To process subscription payments via Google Play Billing
  • To respond to support requests
  • To improve app stability through crash reporting

4. Vault Data and Encryption

All vault content (photos, videos, notes, passwords, audio, contacts) is encrypted using AES-256-GCM on your device. Encryption keys are derived from your vault access code and stored securely in the Android Keystore or platform equivalent.

We have no ability to decrypt, access, or view your vault content. If you lose your access code, we cannot recover your data.

5. Biometric Data

CalcLok supports fingerprint and face unlock through the Android BiometricPrompt API. Biometric data is processed entirely by your device's operating system and hardware. CalcLok never receives, stores, or transmits biometric data.

6. Cloud Backup

If you enable cloud backup, your vault data is encrypted on your device before being uploaded to Google Drive. The backup is stored in your personal Google Drive account. We do not have access to your Google Drive or backup files.

7. WiFi Transfer

The WiFi transfer feature creates a temporary, PIN-protected local connection between your device and computer. Data is transferred directly over your local network. No data passes through our servers.

8. Intruder Detection

If enabled, the intruder detection feature captures a photo using the front camera when an incorrect access code is entered. These photos are stored only on your device within the encrypted vault. They are never transmitted to us or any third party.

9. License Key Activation

When you activate a license key, we collect an anonymized device fingerprint (a hash of your Android ID, a random UUID, and the app package name) and your device model name. This information is used solely to enforce the per-device activation limit (up to 3 devices per license) and to validate your license status.

10. Device Permissions

CalcLok requests only the permissions necessary for its features:

  • Camera: Intruder detection photos
  • Storage/Media: Importing files into the vault
  • Biometrics: Fingerprint and face unlock
  • Location: Intruder alert GPS capture (only when enabled)
  • WiFi/Network: Local file transfer and cloud backup

All permissions are optional and requested only when you use the relevant feature.

11. Data Retention

License activation records are retained for the duration of your license. If you deactivate a device or your license expires, activation records are deleted. Support correspondence is retained for up to 12 months.

Vault data is stored entirely on your device (and optionally in your Google Drive backup) and is deleted when you uninstall the app or manually clear it.

12. Data Sharing

We do not sell, trade, or share your personal information with third parties, except:

  • Google Play Billing for subscription processing
  • BTCPay Server for cryptocurrency payment processing (self-hosted, no third-party access)
  • When required by law or legal process

13. Security

We use industry-standard security measures including:

  • AES-256-GCM encryption for all vault content
  • TLS/HTTPS for all network communications
  • Certificate pinning for license API connections
  • Android Keystore for secure key storage
  • JWT tokens with short expiry for API authentication

14. Children's Privacy

CalcLok is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

15. Your Rights

You have the right to:

  • Request information about what data we hold about you
  • Request deletion of your license activation data
  • Deactivate your license from any device at any time
  • Export or delete your vault data at any time through the app

16. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of CalcLok after changes constitutes acceptance of the updated policy.

17. Contact

For privacy questions or data requests, contact us at:

Email: support@calclok.com