A
AppXpose Get the app ↗
Legal

Privacy Policy

Last updated: 2026-04-09

AppXpose is built on a single principle: we cannot leak what we never had. This page explains exactly what we do and don't process. If anything here is unclear, email mahere@appxpose.app.

1. Who we are

"AppXpose", "we", "us" refers to the developer of the AppXpose Android application, available on the Google Play Store. The developer is an independent solo operator. There is no parent company.

2. What data we collect

We collect the minimum necessary to operate the service:

  • Device fingerprint: a one-way hash derived from device characteristics. It is used to enforce the free-tier quota and cannot be reversed to identify you. It changes when you reinstall the app or factory reset.
  • Quota usage: number of API calls in the current weekly window.
  • Premium status: whether the device has an active Pro or GUARD entitlement (verified via Google Play Billing).
  • Community votes and comments: when you choose to vote or comment, the content is stored without author identity. A profanity filter applies.
  • Anonymous analytics events: aggregate metrics via Firebase Analytics (e.g., "scan_started", "paywall_shown"). No personal identifiers are sent.
  • Crash reports: if you opt in, Firebase Crashlytics may collect device model, OS version, and stack traces.

3. What we do NOT collect

  • No email address. No name. No phone number.
  • No Google Advertising ID.
  • No IMEI, MAC address, or other persistent hardware identifier.
  • No location, contacts, photos, or media.
  • No app content, messages, or files from inside the apps you scan.
  • No tracking across other apps or websites.

4. On-device processing

The actual app analysis (DEX bytecode parsing, tracker signature matching, permission mapping) runs entirely on your device. The bytes of the apps you scan are never uploaded.

5. Third parties

We use the following processors:

  • Cloudflare (USA / global edge): hosts our Worker, D1 database, and edge caching.
  • Google Firebase (USA): anonymous analytics and optional crash reporting.
  • Google Play Billing: handles all purchases. We never see your card details.
  • Have I Been Pwned (HIBP): proxied breach lookups (k-anonymity, no personal data sent).
  • Unity Ads / AdMob (free tier only): ad mediation. Pro and GUARD users see no ads and no ad requests.

6. Your rights (GDPR / CCPA)

Because we don't store personal identifiers, most data subject rights (access, rectification, portability) are technically void. There is nothing tied to "you" to retrieve. You may still:

  • Request deletion of community votes or comments by contacting us with the device fingerprint shown in Settings.
  • Disable Firebase Analytics in Settings → Privacy.
  • Disable crash reporting in Settings → Privacy.
  • Uninstall the app at any time. All local data is removed.

7. Children

AppXpose is not directed at children under 13. We do not knowingly collect data from anyone under 13.

8. Changes

If we change this policy, the "Last updated" date at the top changes too. Material changes will be announced in-app.

9. Contact

Privacy questions, data deletion requests, or anything else: mahere@appxpose.app