Privacy Policy for Protectstar Android Apps

Last Updated: November 10, 2025

• Introduction
• Which Protectstar Android apps collect personal data?
• Types of data we collect
• Data collection: Why, what, and how
• How we handle your data
• Data collection and use by specific apps
• Emphasis on data minimization and privacy techniques
• Firebase Messaging and privacy
• Cooperation with operating‑system features
• What we will never process
• No location data or advertising IDs
• In‑app purchases & subscriptions
• Data sharing and use of SDKs
• Prominent disclosure and user consent
• Transparency and user control over data
• Data retention and deletion
• Consistency with Google Play’s Data Safety sections
• How we protect your data
• Use of a Content Delivery Network (CDN): bunny.net
• Your rights regarding personal data
• Children’s privacy
• International data transfers
• No automated decision‑making
• Changes to this Privacy Policy
• Contact us

Introduction

At Protectstar Inc. (“Protectstar,” “we,” “us,” “our”), we respect and protect your privacy. Our core mission is to safeguard you (“you,” “your”) in the digital world against unauthorized access, data theft, and other threats. This Privacy Policy explains what data we collect when you use our Android apps and related services, how we use that information, and what measures we take to protect your data.

We view privacy as a fundamental right that is closely tied to our security promise. In this Privacy Policy, we explain:

• Data collection: What we collect and why it is required for our security features.

• Use of data: How and for what purposes we process your data.

• Your rights and choices: How you can access, correct, or request deletion of your data.

• Contact: How to reach us with privacy questions or concerns.

This Privacy Policy applies to your use of our apps and services, including downloading, installing, or using them on an Android device. By using our services, you agree to this Privacy Policy as well as our Terms of Use and End User License Agreement (EULA). Because we continually improve our products and processes, we may update this Privacy Policy. We will notify you of material changes by email, in‑app notices, or as otherwise required by law. We encourage you to visit this page regularly to stay informed.

This Privacy Policy applies globally to all users of our Android apps and services. Users in the European Economic Area (EEA) or in similarly regulated jurisdictions benefit from additional rights and safeguards.

Which Protectstar Android apps collect personal data?

Protectstar follows a strict data‑minimization approach and collects personal data only to the extent necessary for our apps to function properly. The following apps may collect personal data:

• Anti Spy Android
• Antivirus AI Android
• Camera Guard Android
• DNS Changer Android
• Firewall AI Android
• Micro Guard Android
• iShredder Android (only when using a MY.PROTECTSTAR online account)

Important:
iShredder Android does not generate or transmit checksums (SHA‑256 or MD5) to our servers. However, if you use a MY.PROTECTSTAR online account (e.g., for license management or updates), necessary sign‑in data or account information may be processed in that context.

Types of data we collect

Our Android apps (except iShredder Android) collect—within their anti‑spyware and anti‑malware functions—two main types of data:

1. Information about installed applications
   • We collect only the package names (app identifiers) of the apps installed on your device to provide targeted protection against malware, spyware, or other security threats. We do not access content from those apps.
2. Checksums (SHA‑256 & MD5)
   • To protect against tampering or security gaps, we create digital fingerprints (checksums) of installed apps and files.
   • These checksums allow us to quickly detect anomalies without analyzing full files or their content.

Data collection: Why, what, and how

We collect certain information to enhance your security and continuously improve our apps. Below we explain why we collect data, what we collect, and how it is processed.

I. Purpose: Why we collect your data

We collect specific data in order to:

• Detect and mitigate security risks: Using app names and checksums, we can identify known malware, spyware, or dangerous modifications.
• Ensure the integrity of your apps and files: Checksums help us determine whether installed apps or files have been altered.
• Optimize user experience: Ongoing analysis and refinement of our detection mechanisms reduce false positives and improve our service.

II. What we collect

1. App package names
   • Needed to prioritize protection for specific apps and to pinpoint potential vulnerabilities.
   • We do not access app content; we collect only names and package identifiers.
2. Checksums (SHA‑256 & MD5) of apps and files
   • Serve as digital fingerprints to reveal changes or tampering.
   • MD5 is an older, and SHA‑256 a more modern, hash function. Using both increases reliability in detecting changes.

No transmission of content
We never send entire apps or files to our servers—only the checksums we generate. Your personal files and app data therefore remain protected and are not disclosed.

III. How we process this data

Information about installed apps (name/package name) and the generated SHA‑256/MD5 checksums are transmitted to our Protectstar AI Cloud (https://api.protectstar.com). There, advanced detection algorithms analyze the data to:

• Identify and block malware and spyware,
• Detect unauthorized modifications to apps and files, and
• Minimize false positives (by comparing against known safe and malicious patterns).

This allows us to continuously optimize our security features and provide an efficient, resource‑friendly app that does not unnecessarily burden your device.

Note:
If you do not want this data to be collected, you can disable your internet connection. Please be aware that doing so may limit core functionality—such as malware detection and real‑time protection.

How we handle your data

• Anonymity: We place great importance on your privacy and ensure that all data transmitted to our cloud servers at https://api.protectstar.com/api/get-deep-detective-packages-shas-info (Antivirus AI and Anti Spy only) and https://api.protectstar.com/api/get-blocklists-info (Firewall AI only) is anonymized.
  Where feasible, we pseudonymize or anonymize the data we transmit (for example, using package names and cryptographic hashes rather than file contents). We do not attempt to re‑identify users and we do not combine these data with other information to single you out. Note: Under Google Play’s Data safety rules, such technical measures do not change the fact that these data are collected; our Play disclosures reflect this accordingly.
• Encryption: We protect transmissions with TLS 1.2/1.3 (HTTPS) and modern cipher suites. Where applicable, data at rest is encrypted using strong, industry‑proven methods. Transport encryption protects confidentiality and integrity during transmission.

Data collection and use by specific apps

1) Firewall AI & DNS Changer

Note for Both Apps:
Firewall AI and DNS Changer route traffic from allowed connections directly to its destination using the Android VpnService, without using a remote VPN server.

This design can lead to two scenarios for your internet traffic:

• If IP filtering is disabled: Any blocked traffic is directed to the local VPN service and acts like a sinkhole that drops blocked traffic.
• If IP filtering is enabled: Both blocked and allowed traffic pass through the local VPN service, but only allowed traffic is forwarded to its intended destination. No traffic is sent to a remote VPN server.

The Android VPN service (https://developer.android.com/reference/android/net/VpnService.html) is used to route all internet traffic locally to Firewall AI. This means no root access is required to create or operate this firewall.

Use of VpnService is documented in the Play Store listing; a prominent in‑app disclosure is presented in a separate dialog before activation and requires affirmative consent (tap‑to‑accept).

Data collection and use

1. Endpoint: https://api.protectstar.com/api/get-blocklists-info
   • Data Collected: App package name
   • Purpose: To download the latest filter blocklists.
2. Endpoint: https://api.protectstar.com/api/whois
   • Data Collected: IP address being looked up by the user, device locale
   • Purpose: To provide localized WHOIS information for a user‑selected IP address.
3. Endpoint: https://tile.openstreetmap.org
   • Data Collected: User‑Agent (app package name, app version, developer email)
   • Purpose: To display OpenStreetMap tiles for WHOIS information.

Limited Permissions:

1. android.permission.READ_PHONE_STATE (Required, except for DNS Changer)
   • Read‑only access to phone state, including mobile network information.
   • We do not access phone numbers, IMEI/MEID, or call logs. READ_PHONE_STATE is used only to read network state and to avoid interference with active calls; no related data is transmitted off‑device.
2. android.permission.QUERY_ALL_PACKAGES (Required)
   • Lists all installed apps so users can allowlist/block apps in the firewall.
3. VpnService
   • Routes Android network traffic through the apps for security.

2) Anti Spy & Antivirus AI

Data collection and use

1. Endpoint: https://api.protectstar.com/api/get-deep-detective-packages-shas-info
   • Data Collected: SHA‑256, MD5, package name
   • Purpose: To identify potential threats during manual and real‑time scans.
2. Endpoint:
   https://api.protectstar.com/api/add-statistic-item,
   https://api.protectstar.com/api/add-file-statistic-item
   • Data Collected: SHA‑256, MD5, package name, file path/name, installation source, app version/code, device data (OS version, manufacturer, model)
   • Purpose: To analyze and record statistics of detected threats.

Limited Permissions:

1. android.permission.SCHEDULE_EXACT_ALARM (Optional)
   • Enables scans at user‑defined times.
2. android.permission.QUERY_ALL_PACKAGES (Required)
   • Scans all installed apps for threats; required for threat detection/file protection.
3. android.permission.SYSTEM_ALERT_WINDOW (Optional)
   • Protects against screen‑capture malware.
4. android.permission.PACKAGE_USAGE_STATS (Optional)
   • Detects foreground apps to enable screen‑capture protection.
5. android.permission.MANAGE_EXTERNAL_STORAGE (Required)
   • Required for core security/antivirus functions (threat detection/file protection).
6. android.permission.READ_EXTERNAL_STORAGE (Required)
7. android.permission.WRITE_EXTERNAL_STORAGE (Required)
   • Scans and manages files to detect threats.

3) iShredder Android

Limited permissions

1. android.permission.MANAGE_EXTERNAL_STORAGE (Required)
2. android.permission.READ_EXTERNAL_STORAGE (Required)
3. android.permission.WRITE_EXTERNAL_STORAGE (Required)
   • Securely reads and overwrites the bytes of files.
4. android.permission.READ_CONTACTS (Optional)
5. android.permission.WRITE_CONTACTS (Optional)
   • Reads and writes contacts on your device to securely erase them.

Common features across all apps

In-App Billing System

1. Data Collected:
   • Purchase history: Records your in‑app purchase history (for the app only).

Apps integrated with a MY.PROTECTSTAR (MYPS) account (optional)

Included Apps: Anti Spy, Antivirus AI, Firewall AI, DNS Changer, iShredder, Micro Guard

1. Endpoint: https://my-api.protectstar.com
   • Data Collected:
     • User data: MYPS UserId, email, first name, last name, password.
     • Device type: User‑defined device name (e.g., “Peter’s Samsung Galaxy S23”), manufacturer, model, industrial design name, board (e.g., “goldfish”), hardware specifications.
     • Product SKU: App package name.
     • License information: Activation ID, activation key.

Apps integrated with Firebase Messaging

Included apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, Camera Guard, Micro Guard

• Data collected: Device data (OS version, name, model, brand, form factor), installation source (e.g., Play Store), app version (to manage topic subscriptions).
• Purpose: Developer communications and app updates.
• Settings: Data collection and use for Analytics is permanently disabled per https://firebase.google.com/docs/analytics/configure-data-collection?platform=android.

In short, data collection helps not only detect threats but also tailor our security measures to your device’s environment for effective protection against evolving digital threats.

Emphasis on data minimization and privacy techniques

All data transmitted to our cloud is encrypted in transit. Where possible, we anonymize or pseudonymize data during processing — for example, by working with package names, checksums, and minimal device metadata rather than file contents. We apply strict internal controls to prevent re‑identification.

Firebase Messaging and privacy

We use Firebase Cloud Messaging (FCM) strictly for message delivery. A technical identifier (token/app‑instance ID) is used; Analytics is disabled and no profiling/marketing takes place. You can control notifications at any time in your device settings.

Selected device metadata, app version, and installation source are used solely to ensure reliable delivery and topic management. Personal or sensitive usage data is not processed via FCM for marketing or tracking purposes.

More information on disabling Analytics data collection: https://firebase.google.com/docs/analytics/configure-data-collection?platform=android

Cooperation with operating‑system features

FLAG_SECURE & screen capture
In accordance with Google’s requirements (as of November 2022), our apps respect the security settings of other applications (e.g., protected screenshots). We do not circumvent system or third‑party protections such as FLAG_SECURE and thus support compliance with Google’s screen‑capture‑protection policies. Our screen‑capture malware detection relies exclusively on our own security mechanisms and does not interfere with system‑level protections of other apps.

What we will never process

Protectstar never processes “sensitive” personal data through its products and services—such as religion, political views, sexual preferences, health, or other special categories of personal data. We do not want to receive such data and will not ask you for it.

Protectstar products must be installed and used by an adult. Children may use the device on which a Protectstar product is installed only with parental or guardian permission. Except for any “child protection data” feature, we do not intend to process personal data of children and do not wish to receive such personal information from children.

No location data or advertising IDs

Our apps do not collect location (GPS) data and do not use advertising or tracking IDs. That means we do not process or store any location‑related data or unique advertising identifiers (such as the device advertising ID). This ensures no sensitive data relating to user location or ad preferences is collected.

In‑app purchases & subscriptions

Advertising
Our apps do not display third‑party advertising, and no data is transmitted to third parties for advertising purposes. If we ever introduce advertising, we will update this Privacy Policy and clearly inform users.

In‑app purchases and subscriptions
Some apps offer paid features unlocked via in‑app purchases or subscriptions. If you purchase a subscription, you can cancel or manage it at any time through Google Play.

Monetization model
Our base versions are free; advanced or additional features can be unlocked via in‑app purchase or subscription. We do not monetize in any other way—specifically, we do not sell data and do not display advertising. We want to ensure your privacy is not compromised by ads or data sharing.

Data sharing and use of SDKs

We do not share or sell your personal data to third parties. All information we collect—such as hashes like SHA‑256 or MD5—is processed in a minimized way and used solely to improve app functionality and protect your device. Service providers we use (processors), including bunny.net as a CDN (for Anti Spy and Antivirus AI only), operate under contract on our behalf and are not considered “third parties” for purposes of the GDPR/CPRA.

During app use, we collect data such as app checksums or file metadata. These serve as unique digital fingerprints that allow us to verify the integrity of apps and files on your device without accessing their actual content. As a result, these data do not allow us to infer your identity.

Data storage is highly restrictive: information is processed on secure servers in Germany and deleted within seconds after analysis is completed. The only exception is purely technical connection/security logs kept by our CDN provider bunny.net (see “CDN: bunny.net”); these are provided with IP anonymization by default and currently retained for 3 days; permanent log storage/forwarding is disabled.

Currently, our apps do not integrate third‑party SDKs that collect or share personal or sensitive user data. If we introduce third‑party SDKs in the future, they will fully comply with Google Play policies. We will promptly update this Privacy Policy and obtain your explicit consent before any data is collected.

Prominent disclosure and user consent

Before we collect personal or sensitive data, you will see a clear in‑app notice explaining:

• What data is collected
• Why it is needed
• How it is used

You will be asked to give your explicit consent by tapping “Accept.” This consent dialog typically appears when you first start the app or when you enable a feature that collects personal data. The app will proceed with data collection only after you have consented. If you choose not to consent, you can dismiss the notice and no data will be collected.

The dialog explicitly names the data types (installed app package names, SHA‑256/MD5 checksums, file names/paths, FCM token) and purposes (security / app functionality) before any collection begins.

Transparency and user control over data

We are committed to giving you control over your data at all times.

• Opt‑out options: You can stop data collection and transmission at any time by adjusting app settings, disabling your internet connection, or uninstalling the app. We collect only the minimum data strictly necessary to provide the requested features (e.g., threat detection). For any data collection that is not essential or not reasonably expected, we show a prominent in‑app disclosure and seek affirmative consentbefore collection; you can withdraw consent at any time.
• Control over notifications:You can manage notifications delivered via Firebase Messaging through your device’s notification settings.

Data retention and deletion

We retain your data only for the minimum time necessary to fulfill the relevant purpose. For example, the checksums and metadata we collect during security analysis are processed on our secure servers and permanently deleted within seconds after the analysis is complete. This ensures your data is not stored longer than necessary and maintains privacy without compromising security.

We strive to give you control over your data, including the ability to request deletion. How we handle deletion depends on whether you have created an account:

• Registered users: If you have a MY.PROTECTSTAR account, you can request deletion of your account and all associated personal data directly from your account settings. You can also contact us at privacy@protectstar.com for assistance. After we receive your request, we will delete your personal data unless retention is required for legal, security, or compliance reasons.
• Unregistered users: If you use our apps without a registered account, you can stop data collection at any time by uninstalling the app. Uninstalling deletes all locally stored data, and any data processed on our cloud servers is deleted promptly after the necessary analysis—generally within seconds. You may also contact privacy@protectstar.com to request deletion of any residual data.
• Legal retention obligations: In some cases, we may retain certain data as required by law (e.g., for fraud prevention or legal compliance). Any retained data is handled securely and kept only for the required period.

Consistency with Google Play’s Data Safety sections

We ensure that the information provided in this Privacy Policy aligns with the details disclosed in the “Data Safety” section of our Google Play Store listings. Our Data Safety disclosures summarize the types of data collected, the purposes of collection, and our security measures. We encourage you to review the “Data Safety” section in the app’s Play Store listing for a quick overview of how we handle your data. Any discrepancies or updates between this Privacy Policy and the Data Safety section will be addressed promptly to maintain consistency.

How we protect your data

Information security is a top priority at Protectstar. We combine organizational, technical, and physical measures that we continuously review and enhance, including:

• Governance & risk analysis: Documented ISMS, regular risk/vulnerability assessments, and a secure SDLC with security sign‑off before go‑live.
• Access & logging: Need‑to‑know/least‑privilege access, role/rights management, logged admin access, confidentiality commitments.
• Technical controls: Firewalls, IDS/IPS, system hardening and patch management; backups with regular restore testing.
• Encryption: TLS 1.2/1.3 for transport; AES‑256 encryption for data at rest where technically applicable.
• Incident management: Defined incident‑response process, including notifications as required by law.
• Training & awareness: Ongoing security and privacy training for employees.

Additional measures: Operation in an ISO 27001‑certified environment, regular audits, and real‑time monitoring.

Use of a Content Delivery Network (CDN): bunny.net

Why we use a CDN

To deliver downloads (e.g., update files and malware signatures) worldwide quickly, reliably, and securely, we use the European CDN bunny.net. This reduces latency and helps mitigate attacks (e.g., DDoS). bunny.net is ISO 27001‑certified.

What data is technically processed

When content is delivered via the CDN, necessary connection data is processed, such as IP address (see anonymization below), timestamp, requested path/URL, HTTP headers including User‑Agent, country/region for latency optimization, and data volume transferred. The CDN needs these data for delivery, performance control, and abuse prevention. bunny.net typically acts as our processor (service provider).

Our privacy‑by‑default settings

• IP anonymization enabled: Logs at bunny.net are provided with anonymized IPs by default. Full‑IP logs are disabled and would only be possible after execution of a DPA and an intentional configuration change.
• EU routing (where appropriate): For access from the EEA we use routing filters so EEA traffic is processed exclusively via EU PoPs; outside the EU this may involve performance trade‑offs. DNS is separate and normally contains no personal content.
• No permanent log storage: Searchable CDN logs are currently retained for 3 days. Features like permanent log storage/forwarding are not enabled.
• Transport security: Delivery exclusively via HTTPS/TLS (HSTS on our domains).

Security features & cookies (only if enabled)

If we enable Bunny Shield (WAF/bot protection), the system may set technically necessary, first‑party cookies (e.g., bunny_shield, bunny_shield_chk, bunny_shield_id, bunny_shield_bd) to block bots and validate legitimate access. These cookies are used only for security, contain no personal marketing information, and are limited to the purpose of protection/integrity.

Role & agreements

bunny.net is operated by BunnyWay d.o.o. (Ljubljana, Slovenia/EU). We have a Data Processing Agreement (DPA) in place with bunny.net.

Location of processing & international transfers

We prioritize processing within the EU (EU routing). For global requests, processing outside the EEA may occur to the extent required for delivery. We limit data to what is technically necessary and use regional controls and safeguards (e.g., IP anonymization, routing filters).

Legal bases (internationally compatible)

• EU/Germany (GDPR): Art. 6(1)(b) (contract/performance) for fast and reliable delivery; Art. 6(1)(f) (legitimate interests) for operational security, DDoS/abuse prevention, and efficient scaling.
• USA (CCPA/CPRA): We treat bunny.net as a “Service Provider” (processing on our behalf, contractual purpose limitation). No “sale” and no “sharing” of personal data within the meaning of the CPRA (sharing = cross‑context behavioral advertising). Your CPRA rights (access, deletion, opt‑out, etc.) remain available through our usual channels.

No profiling, no tracking
The CDN is used solely for technical delivery and protection of our downloads—no ad IDs, no marketing trackers, no profiling.

Your rights regarding personal data

Under applicable data‑protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you may have certain rights regarding your personal data.

EU/EEA, UK, CH (GDPR/UK‑GDPR/CH‑FADP):

Right of access, rectification, deletion, restriction, objection (including to direct marketing, where applicable), and data portability. You also have the right to lodge a complaint with a supervisory authority.

USA (e.g., California, Virginia, Colorado):

Rights to know/access, correct, delete, and opt out of sale, sharing, or targeted advertising—where applicable. We do not sell or share personal data for advertising purposes; corresponding opt‑outs are currently not required.

Exercising your rights:

Contact us (see “Contact Us”). For security, we will verify your identity and respond within the statutory timeframes (in the EU, generally within 1 month). We will communicate transparently about the handling of your request.

Children’s privacy

Our apps are not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children. If we learn that data from children has been collected, we will delete it promptly. Parents or guardians may contact privacy@protectstar.com at any time to request deletion of such data.

International data transfers

Protectstar Inc. is headquartered in the United States and operates globally—with offices and service providers around the world. Our cloud servers in Germany run in an ISO 27001‑certified environment—an internationally recognized standard for information security management.

In the course of business, we may transfer, store, or process your personal data across borders in countries with data‑protection laws different from those in your home country. Regardless of where processing occurs, we commit to protecting your data at a consistent level. We use robust safeguards such as Standard Contractual Clauses and data‑protection agreements to comply with applicable international privacy requirements. For residents of the EEA, we ensure that transfers of personal data outside the EEA or Switzerland fully comply with the GDPR.

No automated decision‑making

We do not make automated decisions (including automated profiling) that produce legal or similarly significant effects on you. Our focus is exclusively on detecting and preventing malware or spyware and improving app functionality. We process your data only for the security and optimization purposes described and do not use it to create user profiles or for automated decision‑making.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When changes are made, we will post the updated Privacy Policy at https://www.protectstar.com/en/policy-for-apps. These changes take effect immediately upon posting. We encourage you to check this page regularly to stay informed.

Contact us

If you have questions about this Privacy Policy or our data practices, please contact us:

Protectstar Inc.
4281 Express Lane, Suite L3604
Sarasota, FL 34249, USA
Email: