Privacy Policy

Last updated: May 24, 2026

Overview

SafeYou is built for privacy. We collect the minimum amount of data necessary to provide our service. Your vault content is encrypted on your device before it ever leaves — we cannot read it.

Data We Collect

• Account data: When you sign in with Apple or Google, we receive a unique identifier and email address to manage your account.
• Encrypted vault data: If you enable Cloud Sync, your encrypted files are stored on our servers. We cannot decrypt or access this content.
• Chat metadata: We store encrypted messages and participant identifiers to deliver the chat service. Messages auto-delete after 24 hours.
• Attribution & install measurement: To understand which marketing channels bring new users to SafeYou, we use the AppsFlyer SDK. See the section below for the exact data collected.

Data We Do Not Collect

• We do not track your activity or behavior inside your vault — the content you store, view, or share is invisible to us.
• We do not use advertising SDKs and we do not display ads inside the app.
• We do not request the IDFA (Apple's advertising identifier) — no App Tracking Transparency prompt is shown.
• We do not sell, share, or monetize your personal data in any way.

Encryption

All vault content is encrypted using AES-256-GCM on your device. Your encryption keys are derived from your credentials and never leave your device in plaintext. Even with access to our servers, we cannot decrypt your data.

Data Retention

Your data is retained as long as your account is active. Chat messages are automatically deleted 24 hours after being sent. You can delete your account and all associated data at any time from the app.

Third-Party Services

• Firebase (Google): Used for authentication, database, and file storage. Subject to Google's privacy policy.
• Apple Sign In / Google Sign In: Used for account authentication only.
• AppsFlyer: Mobile attribution provider that helps us measure the performance of our marketing campaigns and resolve deferred deep links (e.g. shared chat invites). Subject to the AppsFlyer Services Privacy Policy.
• Apple SKAdNetwork: Privacy-preserving install attribution provided by Apple. No user-level identifiers are shared.

AppsFlyer SDK — Data Collected

SafeYou uses the AppsFlyer SDK strictly for install attribution, marketing measurement, and OneLink deep-link resolution. The SDK is fully disabled in decoy (fake) mode, so no signal ever leaves your device when you are using the decoy vault.

When enabled, AppsFlyer collects:

• Device identifiers: IDFV (Apple's Identifier For Vendor, which is unique to SafeYou on your device). We explicitly do not collect the IDFA.
• Device & environment data: device model, operating system version, language and locale, time zone, carrier, network type, IP address (used at install time and not persisted for tracking).
• App lifecycle events: install, app open, and session timestamps.
• In-app events (counts only — no vault content, file names, or message contents are ever sent): passcode setup completion, "media added to vault", chat invite created, chat invite used, and subscription purchases (with the product identifier, price, and currency for revenue attribution).
• Attribution & deep-link data: the marketing source, campaign identifier, and OneLink click parameters used to open the app.

AppsFlyer does not receive your email address, your Apple/Google account identifier, your encryption keys, your vault contents, your chat messages, or any participant identifiers.

Age Requirement

SafeYou is intended for users aged 13 and older. We do not knowingly collect personal information from anyone under 13.

Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

If you have questions about this privacy policy, please contact us.