Privacy Policy

0. Provision of the Website (Web Hosting)

For hosting this website we use the services of ALL-INKL.COM - Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter "All-Inkl").

When you access this website, the All-Inkl web server automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL (the previously visited page)
• Hostname of the accessing computer
• Time of the server request
• IP address (anonymized according to All-Inkl)

This data cannot be attributed to specific individuals by us. This data is not merged with other data sources. Processing takes place on the basis of Art. 6(1)(f) GDPR to ensure error-free operation and the security of our website. We have concluded a data processing agreement (DPA) with All-Inkl pursuant to Art. 28 GDPR.

1. Data Controller

Email: contact@mylocalsafe.eu

VAT identification number according to § 27a German VAT Act: DE285502830

2. Type and Purpose of Data Processing (Legal Basis)

Your data is processed to provide the app's functionality (Art. 6(1)(b) GDPR) and to ensure IT security and integrity on your device (Art. 6(1)(f) GDPR). Our legitimate interest lies in providing the app securely and reliably.

You are under no statutory or contractual obligation to provide your data. Without certain inputs (e.g. master password), however, essential functions of the app cannot be used.

Categories of processed data

• Credentials: passwords, usernames.
• Authentication data: two-factor keys (2FA secrets).
• Content: notes, photos, documents.
• Technically generated data: temporary cache files for file previews.

3. Principle of Local Storage & Security

MyLocalSafe is designed so that we have no access to your data. All input is stored exclusively locally on your device. According to the state of the art, access to the stored data is not possible without your master password.

Encryption: Sensitive content is protected using AES-256 encryption. Keys are derived locally from your master password; key management is handled by the hardware-backed Android Keystore System. You are responsible for the security of exports made outside the app (e.g. cloud services).

4. Third Parties & Recipients (Third Country Transfer)

Recipients of personal data are — if any at all — exclusively the following third parties in the scope of the described functions:

4.1. Google Play Billing

For purchase processing. We only receive a transaction ID.

4.2. Google Play Services (ML Kit)

For local QR-code scanning.

Third country notice

Transmission of technical data to third countries (USA) cannot be excluded. Google uses Standard Contractual Clauses pursuant to Art. 46 GDPR and may, according to its own statements, be subject to the EU-US Data Privacy Framework. We have no influence over the data processing carried out by Google. The use of these services is required for certain features of the app. Further information: policies.google.com/privacy

5. Permissions

• Biometrics: processed exclusively locally by the operating system (Android).
• Autofill (BIND_AUTOFILL_SERVICE): only active after you explicitly enable it in system settings.
• Camera: used for scanning QR codes (when receiving shared entries) and for capturing photos to attach to entries. The app itself does not request a camera permission — QR scanning runs via the system code scanner module (Google Play Services), and photo captures are delegated to the device's installed camera app. No images are stored or transmitted without your action.
• Vibration: required for haptic feedback on user interactions.
• Storage access: only needed on older Android versions for archive export.
• Network: used exclusively by Google system modules (Billing / Scanner).

6. Special Security Features & Deletion

Clipboard: copied data is cleared after 60 seconds. Despite automatic clearing, access by other apps with the corresponding permissions cannot be entirely excluded.

Secure Preview: to open documents, a temporary copy is created in the protected app cache and automatically deleted when the view is closed or the app is restarted.

Sharing function: the app lets you export selected entries in an encrypted container (.mls-share file or QR code) and pass them on via third-party apps of your choice (e.g. email, messenger). The container is encrypted with a separate sharing password that you set. This password is outside the app's control; you are responsible for transmitting it securely to the recipient. QR codes are generated locally on the device and displayed visually only — no server transmission takes place.

Profiling: no automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

7. Your Rights & Retention

You have the right to information, rectification, deletion, and data portability (Art. 15–21 GDPR). As processing takes place locally, these rights can technically only be exercised by yourself within the app. Data remains on the device until you delete it or uninstall the app. No commissioned processing within the meaning of Art. 28 GDPR is performed by us.

8. Right to Complain & Changes

Competent supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

We reserve the right to adapt this privacy policy in response to technical or legal changes. The current version is available at: mylocalsafe.eu/datenschutz.html.