Privacy Policy
Local Safe — Android App
Last Updated:
Overview
Local Safe is a privacy-first, offline wallet app designed to keep your sensitive data completely under your control. We are committed to your privacy and have built the app to collect zero personal data — all information stays on your device, encrypted.
Data Collection & Storage
- Your data stays on your device. All card information, documents, bank details, and addresses are stored locally on your Android device only.
- No cloud uploads. Local Safe never syncs your vault data to our servers, to Google servers, or to any third-party service — with one exception: optional Google Drive backups, which you explicitly authorize.
- No tracking. We do not use analytics, crash reporting, or any tracking libraries that report your usage to us or third parties.
- No ads. Local Safe contains no advertisements or ad-serving libraries.
Encryption
- AES-256 encryption.
All sensitive data on your device is encrypted using AES-256 (military-grade)
encryption via
react-native-encrypted-storageand Android Keystore. - Encryption is mandatory. Even if you uninstall the app, your data cannot be accessed without the encryption keys, which are securely stored on your device only.
- CVV masking. Credit card CVVs are stored encrypted and are revealed only after biometric verification, then auto-hide after 8 seconds.
Permissions & Why We Request Them
| Permission | Purpose | Data Shared? |
|---|---|---|
| CAMERA | Scan cards via OCR and documents via camera | No — processed locally, never uploaded |
| NFC | Read card details from NFC-enabled cards (Android) | No — processed locally |
| BIOMETRIC | Authenticate access to your vault | No — managed by device OS only |
| INTERNET | Optional: Google Drive backups & Nominatim reverse geocoding for Address Book | Only when you explicitly request; encrypted before upload |
| LOCATION | Optional: Auto-fill address fields via Nominatim reverse geocoding | Only the coordinates sent to Nominatim; no other data |
Optional Features
Google Drive Backups
- You control it. Backups are created only when you explicitly tap "Backup to Google Drive."
- Encrypted before upload. Your backup file is encrypted with AES-256 using a passphrase you provide — Google cannot decrypt it.
- Google account info. If you link your Google account for PIN recovery or backups, that credential is stored locally on your device only — we never see it or store it on our servers.
Nominatim Reverse Geocoding (Address Book)
- Your location stays private. When you use "Use Current Location" in the Address Book, your device sends only GPS coordinates to Nominatim (a free, open-source geocoding service).
- No personal data sent. The request is anonymous — Nominatim does not receive any identifying information about you.
- You can disable it. This feature is optional; you can enter addresses manually if you prefer not to use location services.
Biometric Authentication
- Device-managed. Biometric data (fingerprint, face recognition) is managed entirely by your device's OS and is never stored in the app or transmitted anywhere.
- PIN fallback. If biometrics fail or are not available, you can authenticate using your 6-digit PIN.
Data Retention
Your data persists on your device until you:
- Delete an individual card, document, or bank account
- Uninstall the app
- Clear app data from Settings
Uninstall wipes everything. Uninstalling Local Safe permanently removes all encrypted data from your device.
Third-Party Libraries & Services
Local Safe uses the following open-source libraries:
-
react-native-encrypted-storageLocal AES-256 encryption -
react-native-keychainSecure credential storage (device Keychain/Keystore) -
react-native-vision-cameraCamera functionality for OCR and NFC -
@react-native-ml-kit/ml-kit-text-recognitionOn-device OCR (no data sent to servers) -
react-native-nfc-managerNFC reading (Android) -
react-native-google-signinGoogle account linking (for backups & PIN recovery only)
None of these libraries collect analytics or transmit data without your explicit action.
Government & Law Enforcement Requests
We do not store data on servers, so we cannot provide user data to governments or law enforcement agencies — only you have access to your encrypted vault.
US Export Compliance
Local Safe contains AES-256 encryption, which is classified as an "encryption product" under US Export Administration Regulations (EAR). The app complies with US export regulations and is not distributed to embargoed countries.
Your Rights
You have full control over your data:
- Access: All your data is visible within the app — you own it completely.
- Modify: You can edit or delete any item at any time.
- Export: You can export all your data to an encrypted
.lsafebackup file and restore it anytime. - Delete: Uninstall the app to permanently delete all local data.
Policy Updates
We may update this Privacy Policy occasionally. Changes will be reflected here with an updated "Last Updated" date. Continued use of Local Safe after changes means you accept the updated policy.
Data Deletion
Since all data is stored exclusively on your device, uninstalling Local Safe permanently deletes all your data — no server-side deletion request is needed.
If you have a specific deletion concern or question, you can submit a request via our data deletion form:
- Data Deletion Request Form: Submit a request
Contact Us
If you have privacy concerns or questions about how Local Safe handles your data, please submit a request via:
- Data Deletion / Privacy Request Form: Submit a request
Local Safe respects your privacy. Your data is yours alone.