...

XProtego – User Data Policy

1) Overview

eTuitus S.r.l. (“we“, “us“) is committed to protecting your privacy. This policy explains what data XProtego collects, how we use it, if/when we share it, and your choices. We collect and use data only as described here and provide clear in‑app disclosures whenever a feature requires additional data or device access.

Google Play Developer Distribution Agreement (§4.8) commitment: If XProtego accesses usernames, passwords, tokens, or other personal information, we clearly inform you that this information will be available to the app and provide legally adequate privacy notice and protections, including secure handling and limited‑purpose use.

2) What we collect

A) Information you provide

  • Account or login data (if you create/sign in): username, email.
  • Support messages & feedback: text and attachments you choose to send.
  • Feature inputs: settings you configure, labels, device nickname.

Credentials: XProtego never stores passwords in plaintext. Where applicable, we use secure protocols and tokens.

B) Information collected automatically

  • Device & app info: device model, OS version, app version, language, non‑precise region/country.
  • App activity & diagnostics: feature usage events, performance metrics, crash logs.
  • Security telemetry (for protection features): scan results metadata (e.g., app/package identifiers, signatures, flags), threat detections, remediation status. We do not collect the contents of your personal files for scanning; where scanning is required, it is performed on‑device whenever possible.

C) Permissions used (feature‑dependent)

When a feature needs extra access, XProtego requests runtime permission and shows a concise in‑app disclosure:

  • Storage/Files: to scan selected files or quarantines you choose to analyze.
  • Network access/State: to update threat definitions, verify licenses, and submit anonymized telemetry or crash reports.
  • Package Usage/App list: to scan installed apps and detect potentially harmful software.
  • Accessibility/Notification access/Device admin (if offered): for advanced protection such as real‑time blocking, safe‑browsing overlays, or anti‑tamper. These are optional and clearly explained before enabling.

You can deny or revoke any permission in system settings. Some features may not function without their corresponding permission.

3) How we use data

  • Core functionality: provide scans, real‑time protection, threat remediation, and updates.
  • Security & abuse prevention: detect, investigate, and respond to malware, fraud, or policy violations.
  • App improvement & reliability: analytics, diagnostics, crash resolution, experience quality.
  • Account & support: authenticate you, send important notices, respond to requests.
  • Legal compliance: meet regulatory and law‑enforcement obligations.

No ads, no data selling. We do not sell personal data and we do not use your data for targeted advertising.

4) Sharing and disclosures

We do not share your personal information except:

  • Service providers (processors): cloud hosting, analytics, crash reporting, and security intelligence under contracts that limit use to our instructions and require strong safeguards.
  • Legal & safety: when required by law or to protect users, our services, or the public.
  • Business transfers: in a merger, acquisition, or asset sale, subject to protections consistent with this policy.

Where feasible, we share aggregated, de‑identified, or minimized data.

5) Data retention

  • Security telemetry & scan logs: retained only as long as needed for protection (typically rolling windows) to improve detection and reduce false positives.
  • Account data: retained while your account is active.
  • Diagnostics/crash logs: retained for a limited time to resolve issues.

When data is no longer needed, we delete or anonymize it.

6) Your choices & rights

  • Permissions: grant/revoke in device settings at any time.
  • Access/Deletion/Correction: request a copy, correction, or deletion of your personal data.
  • Opt‑out of optional analytics/telemetry: where offered in settings.

We will verify requests and respond within applicable legal timeframes.

7) Security

We apply industry‑standard safeguards: encryption in transit and at rest, least‑privilege access controls, credential hashing/tokenization, audit logging, and periodic security reviews. No system is perfectly secure; we monitor and remediate issues promptly.

8) International data transfers

As an Italian company, we comply with the GDPR where applicable. Data may be processed in the EU/EEA and in other countries where our providers operate. When data leaves the EEA, we rely on adequacy decisions or Standard Contractual Clauses and additional safeguards.

9) Children

XProtego is not directed to children under 13 (or the higher age required by your jurisdiction). We do not knowingly collect personal data from children without appropriate consent.

10) Transparency for credentials & sensitive access (Google Play §4.8)

  • If XProtego accesses usernames, passwords, tokens, or personal information, we disclose this clearly and timely in‑app, explaining what is accessed and why.
  • We use such information only to provide the requested functionality (e.g., sign‑in, license checks) and protect it with appropriate technical and organizational measures.
  • We never disclose your credentials to third parties and never store them in plaintext.

11) In‑app disclosures for antivirus & security features

As required by Google Play for antivirus/security apps, XProtego provides concise, standalone disclosures that:

  • Identify the data or permission being used (e.g., Accessibility, Usage Access).
  • Explain how the data is used (e.g., real‑time threat blocking, app scanning).
  • State whether data leaves the device and, if so, for what purpose (e.g., verifying a suspicious hash against our threat database).
  • Offer a clear way to decline or turn off the feature.

12) Third‑party SDKs and links

If XProtego includes third‑party SDKs, they operate under our instructions and this policy. External websites linked from the app are governed by their own privacy policies.

13) Changes to this policy

We may update this policy to reflect changes in our practices. Material changes will be communicated in‑app and/or on our website before they take effect.

14) Contact eTuitus S.r.l.

Questions or privacy requests? Please contact us through the in‑app support channel or the contact page on our website. We will guide you through access, deletion, or permission‑related requests.

Play Store disclosure (short summary)

  • Data collected: device/app info, app activity, diagnostics; limited security telemetry for protection.
  • Purposes: app functionality, security, fraud prevention, analytics, compliance.
  • Sharing: service providers only; no sale, no advertising.
  • Security: encryption, access controls, minimization.
  • User control: permissions revocable; data access/deletion on request.