Privacy Policy
Introduction
Joseph Daryl Locsin ("we," "us," or "our") operates the SecureShot mobile application (the "App"). This Privacy Policy explains how we handle information in connection with your use of the App.
Our Commitment to Privacy
SecureShot encrypts file contents on your device before upload. Zero-knowledge of decryption secrets means passphrases, master-key material, and other secrets required to decrypt your files are not available to us — we cannot turn ciphertext into your photos, videos, or documents without those secrets.
That is not the same as “we learn nothing.” To operate sync, accounts, and your library, we process account data and file metadata (see below), and we store ciphertext in cloud storage. We do not use your file contents for advertising or profiling.
Information We Collect
1. Account Information
When you create an account, we collect:
- Email address (for authentication)
- Account creation timestamp
- Authentication tokens
2. File Metadata
We store metadata about your encrypted files so the App can list, sync, and organize them. This is separate from file contents (which we do not receive in plaintext):
- File name (as you choose to name it)
- File and record identifiers
- Original and encrypted sizes
- Timestamps (e.g. creation, upload)
- File type identifier (e.g. image, video)
- Information needed for sharing or account features, as applicable
Important: File contents are encrypted on your device before upload. We do not have usable decryption secrets; we cannot decrypt your ciphertext into viewable media without your keys or passphrase on your device.
3. Technical Information
We automatically collect certain technical information:
- Device type and operating system version
- App version
- Crash logs and error reports (anonymized)
- Network connection type (for sync optimization)
4. Usage Analytics
We may collect aggregated or anonymized usage data to improve the App (for example feature usage, session duration, performance). Analytics are not intended to capture plaintext file contents or passphrases. Certain product events may include coarse technical fields; they are separate from the full file metadata stored for sync in your account. You may opt out where the App or platform provides that control.
Information We Do NOT Collect (or Hold in Usable Form)
- Your file encryption passphrases — Not sent to our servers in a form we can use to decrypt your files
- Your master decryption key material — Remains under your control (e.g. device keychain / secure storage), not available to us as a usable server-side secret
- Decrypted file contents — We do not receive or store your photos, videos, or notes as plaintext in our cloud for normal operation
- Browsing history or location data (not part of core SecureShot design)
- Contacts (not required for core features)
- Biometric templates — Biometrics unlock local secure storage; we do not receive biometric data
How We Use Information
We use collected information solely to:
- Provide and maintain the App's functionality
- Authenticate your identity
- Store and sync your encrypted files
- Improve app performance and fix bugs
- Respond to support requests
- Comply with legal obligations
Data Storage and Security
Cloud Storage
Your encrypted files are stored using secure cloud infrastructure (e.g. Firebase Storage). Blob contents are ciphertext. We do not possess your passphrases or master-key material on the server, so we cannot decrypt those blobs into plaintext media for routine operation.
Local Storage
The App stores encrypted files locally in your device's secure sandbox. These files are removed only when you delete the app or manually clear the cache.
Security Measures
We implement industry-standard security practices including:
- Encrypted data transmission (TLS/SSL)
- Secure authentication mechanisms
- Regular security audits
- Minimal data retention policies
Data Sharing and Disclosure
We do NOT sell, trade, or rent your personal information to third parties.
We may disclose information only in the following circumstances:
- With your consent — When you explicitly authorize sharing
- Legal requirements — When required by law, subpoena, or court order
- Service providers — With trusted third parties who help us operate the App (e.g., cloud hosting), under strict confidentiality agreements
Note: Legal process may compel production of data we hold (for example account records or ciphertext). We do not hold your passphrases or usable master keys on the server; decryption of your file contents still requires your secrets on a device you control.
Your Rights
You have the right to:
- Access your account information
- Delete your account and all associated data
- Export your encrypted files
- Opt out of analytics collection
- Request information about data we hold
To exercise these rights, contact us at privacy@secureshotapp.com
Data Retention
- Encrypted Files: Retained until you delete them or close your account
- Account Information: Retained while your account is active
- Analytics Data: Retained for up to 24 months in anonymized form
- Deleted Data: Permanently removed within 30 days of deletion request
Children's Privacy
SecureShot is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.
International Data Transfers
Your information may be stored and processed in any country where we or our service providers operate. By using the App, you consent to the transfer of information to countries outside your country of residence.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy in the App
- Updating the "Last Updated" date
- Sending an email notification (for significant changes)
Your continued use of the App after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this Privacy Policy, please contact us: