[Gen Art Studios]

1. Overview & Our Commitment to Privacy

SpectraScan (“we,” “us,” or “our”) is a hidden camera and spy device detector application for Android, developed to help users protect their personal privacy. We believe a privacy app must itself be private by design.

This Privacy Policy describes how SpectraScan handles information when you use the application and our website. By installing or using SpectraScan, you agree to the practices described in this policy.

2. Information We Collect

SpectraScan collects the absolute minimum information required for the app to function. Here is a complete picture:

2a. Information Collected and Stored Locally Only

• Scan session records — scan type (EMF / IR / Network), start and end timestamps, peak and average threat level, and optional user notes. Stored in an encrypted database on your device only.
• EMF sensor readings — raw magnetometer axis values and computed threat levels recorded during a scan session. Stored locally and never transmitted.
• Network device records — IP addresses, MAC addresses, manufacturer names, and hostnames of devices discovered on your local Wi-Fi network during a scan. Stored locally and never transmitted.
• Location data (optional) — if you grant location permission, we may store GPS coordinates and a reverse-geocoded place name alongside a scan session so you can identify where a scan was conducted. This data is stored locally only and is never shared with us or any third party.
• App settings — your preferences (haptic feedback, audio settings, sensitivity thresholds, premium status) stored locally in an encrypted database.

2b. Information Processed Temporarily (Never Stored)

• Camera frames — when using IR Lens Detection mode, your camera feed is analyzed in real time on your device to identify bright points that may indicate an infrared lens or LED. No images, screenshots, or video are stored or transmitted at any time.
• Wi-Fi network data — during a network scan, SpectraScan reads your current Wi-Fi connection details and sends network reachability probes solely within your local network subnet. No data is sent to us or any external server.

3. Information We Do NOT Collect

To be unambiguous, SpectraScan does not collect, transmit, or store any of the following:

• Your name, email address, phone number, or any other personal identifier
• Your account credentials of any kind
• Photos, videos, or camera images of any kind
• Your location in real time or in aggregate
• Device contacts, messages, or call logs
• Any data from other apps on your device
• Behavioral profiles or usage fingerprints transmitted to us

All scan results, readings, and history remain on your device under your sole control.

4. On-Device Data Storage

All data SpectraScan stores is held in a local SQLite database managed by Android’s Room library. This database is encrypted using SQLCipher with a device-bound encryption key stored in the Android Keystore system — a hardware-backed secure enclave on compatible devices. This means your scan history is protected even if your device is accessed by another party.

The database is stored in your device’s private internal storage, which is not accessible to other apps on your device.

Data Retention

Scan sessions are retained indefinitely by default so you can refer back to past results. You can delete individual scans or clear your entire history at any time from the Settings screen. An optional auto-cleanup setting (disabled by default) can automatically remove scans older than 90 days.

5. Android Permissions Explained

SpectraScan requests only the permissions necessary for its core detection features. Each permission is requested in context — when you first use the feature that requires it — not during initial app launch.

CAMERA (Runtime permission)

Used exclusively to power the IR Lens Detection feature. The camera preview is analyzed on-device in real time to detect bright point sources. No images or video are captured, stored, or transmitted.

ACCESS_FINE_LOCATION (Runtime permission)

Required by Android OS for two purposes: (1) Android mandates this permission to perform Wi-Fi network scans; without it, the Network Scanner cannot enumerate devices. (2) If you choose to enable location tagging, this permission lets us record the approximate location of a scan session. Location data is stored locally only and never shared.

INTERNET (Normal permission — granted at install)

Required for Google AdMob to serve ads in the free tier and for Google Play Billing to process the premium upgrade. Premium users who have disabled ads do not benefit from this permission after purchase, though it remains declared in the app manifest as required by the AdMob SDK.

ACCESS_WIFI_STATE / CHANGE_WIFI_STATE (Normal)

Used to read your current Wi-Fi connection details (subnet, gateway IP) for the Network Scanner feature.

VIBRATE (Normal)

Used to produce haptic feedback during scanning when threat thresholds are crossed.

HIGH_SAMPLING_RATE_SENSORS (Normal)

Required on Android 12 and above to access the magnetometer at high sample rates needed for accurate EMF detection.

FLASHLIGHT (Normal)

Used to activate the device’s LED flash as an illumination source during IR Lens Detection mode, which improves detection of reflective camera lenses.

6. Advertising — Google AdMob (Free Tier Only)

The free tier of SpectraScan displays non-intrusive advertisements powered by Google AdMob. AdMob may collect and use certain device information to serve and measure ads. This is the only external data flow in the free version of the app.

What AdMob may collect

• Android Advertising ID (AAID) — a resettable device identifier used for ad personalization
• Approximate location derived from IP address
• Device model, OS version, and language
• Interaction signals with ads (views, clicks)

How ads are placed

• Banner ads appear only on the History and Settings screens — never during an active scan.
• Interstitial ads appear only after a completed scan session, with a maximum of one interstitial per 5-minute window.
• We have restricted ad content categories to exclude surveillance products, spy equipment, and adult content.

Opting out of personalized ads

You can opt out of personalized advertising at any time by resetting your Android Advertising ID or enabling “Opt out of Ads Personalization” in your device’s Google settings (Settings > Google > Ads). You can also review and manage Google’s ad settings at adssettings.google.com.

Google’s Privacy Policy, which governs AdMob’s data practices, is available at policies.google.com/privacy.

7. In-App Purchases — Google Play Billing

The one-time premium upgrade ($5.99) is processed entirely through Google Play Billing. We do not receive, process, or store your payment card information or billing details at any point. All payment handling is managed by Google under their terms and privacy policy. We receive only a confirmation of a successful purchase from Google Play’s API in order to unlock premium features on your device.

8. Analytics

SpectraScan may optionally include Firebase Analytics. If enabled, Firebase may collect anonymized and aggregated usage data — such as which screens are visited and how often features are used — to help us understand how the app is used and improve future versions. Firebase Analytics does not collect scan results, sensor readings, camera data, or network device data.

If Firebase Analytics is included in a version of the app you have installed, it will be disclosed in the Google Play Data Safety section for that version. You may opt out of analytics data collection by enabling “Opt out of Ads Personalization” in your device settings, which also applies to Firebase Analytics measurement.

9. Children’s Privacy

SpectraScan is rated “Everyone” and is not directed at children under the age of 13. We do not knowingly collect personal information from children. Because SpectraScan does not collect personal data from any user, no special risks arise from use by minors. If you believe a child has provided personal data through the app, please contact us so we can address the situation.

10. Your Rights & Data Control

Because SpectraScan does not collect or transmit your personal data to our servers, the majority of your data rights are exercised directly on your device:

• Access and export — View your scan history at any time in the History tab. Premium users can export scan reports as text files.
• Delete — Delete individual scans or clear all history from the Settings screen. Uninstalling the app removes all locally stored data.
• Location data — Revoke location permission at any time via Android Settings > Apps > SpectraScan > Permissions. Location tagging will cease immediately.
• Camera access — Revoke camera permission at any time. IR Lens Detection will be unavailable until permission is re-granted.
• Ad personalization — Opt out via your Android device’s Google Ad settings as described in Section 6.

Residents of California (CCPA)

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. SpectraScan does not sell personal information. Because we do not collect personal information on our servers, most CCPA requests are satisfied by deleting the app from your device. For any remaining questions, contact us using the information in Section 13.

Residents of the European Economic Area (GDPR)

EU/EEA residents have rights including access, rectification, erasure, restriction of processing, and data portability. As SpectraScan does not process personal data on our servers, the primary controller of your on-device data is you. Google acts as the data controller for AdMob and Play Billing data under their own GDPR frameworks. For questions about our practices, contact us at the address below.

11. Security

We take reasonable and appropriate measures to protect your data:

• All locally stored data is encrypted with SQLCipher using an Android Keystore-managed key.
• Scan data is stored in app-private internal storage, inaccessible to other applications.
• Network calls are limited to AdMob, Google Play Billing, and — if enabled — Firebase Analytics. All such calls use TLS encryption.
• The app binary is built with ProGuard/R8 code obfuscation to reduce reverse-engineering risk.
• No user credentials or authentication tokens are ever stored by SpectraScan.

While we strive to protect your information, no security system is impenetrable. We encourage you to keep your device OS and SpectraScan updated to benefit from the latest security patches.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. If changes are material, we will notify you through an in-app notice or a notice on this page. Your continued use of SpectraScan after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or SpectraScan’s data practices, please contact us:

• Email: privacy@[yourdomain].com
• Website: [yourdomain].com/support

We aim to respond to all privacy inquiries within 5 business days.