1. About Max Royen Studio
Max Royen Studio is an independent mobile app publishing label operated by Hassan Tahir ("we", "us", "our"). This Privacy Policy applies to all apps published under the Max Royen Studio name, including Safe Vault (com.hassantahir.safevault).
Contact: maxroyen99@gmail.com
2. Information We Collect
We do not collect personal information through our apps.
- No account or sign-up is required to use Safe Vault.
- No analytics, telemetry, or usage statistics are transmitted to us.
- No crash reports are sent to any server we control.
- No advertising identifiers are collected.
- No location data is collected.
- Your master password never leaves your device.
3. Data You Store in the App
You may store passwords, notes, files, photos, videos, payment card details, and 2FA secrets within Safe Vault. This data is:
- Encrypted at rest using AES-256-CBC with a key derived from your master password (PBKDF2-HMAC-SHA256).
- Verified for integrity using HMAC-SHA256.
- Stored only on your device's local storage.
- Never transmitted to any server we operate.
Because of the zero-knowledge design, we cannot read, access, or recover your vault data. If you forget your master password, your encrypted data cannot be recovered by us or anyone else.
4. Optional Google Drive Sync
Safe Vault offers an optional encrypted backup feature that uses Google Drive's app-data folder. If you choose to enable it:
- You authenticate with your own Google account through Google's standard OAuth flow.
- The backup file is encrypted on your device, using your master password, before it is uploaded.
- We do not receive your Google account credentials, your Google account data, or the contents of your backup.
- Google processes the sign-in and Drive API interaction under Google's own Privacy Policy and Terms of Service.
- Backup data is stored in Safe Vault's private app-data folder, which is not visible to other apps or accessible through the Google Drive web interface.
Google Drive Sync is entirely optional. All core vault features work offline without it.
5. App Permissions
Safe Vault requests the following permissions. We do not request permissions we do not use.
| Permission | Purpose |
|---|---|
| Biometric / Fingerprint | Optional vault unlock in place of the master password. |
| Camera | Capturing documents for encrypted storage, scanning 2FA QR codes, and optional Intruder Selfie (must be enabled by you). |
| Photos / Media | Importing user-selected photos or videos into the encrypted vault. Only items you explicitly choose are accessed. |
| Internet | Used only when Google Drive Sync is enabled. Not used otherwise. |
| Vibration | Haptic feedback for UI interactions. |
We explicitly do not request: RECORD_AUDIO, ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, READ_CONTACTS, MANAGE_EXTERNAL_STORAGE, or any permission unrelated to the app's stated features.
6. Backups
Manual backup exports (available from the app's settings) produce an encrypted file that you save to your own storage. This file is encrypted with your master password before export. Anyone restoring from a backup must know the original master password.
7. Data Retention and Deletion
Since we do not receive your data, there is nothing for us to retain or delete on our end.
To delete your local vault data, you can:
- Use the Reset Vault option in the app settings (permanently deletes all local vault data).
- Uninstall Safe Vault from your device (removes all local data).
If you used Google Drive Sync, you can remove the app's backup data by navigating to your Google Drive account settings and revoking Safe Vault's access, or by deleting the app data folder from Google Drive directly.
8. Children's Privacy
Safe Vault is not designed for or directed at children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided information through our app, please contact us at the address below.
9. Security
We have designed Safe Vault with strong local encryption as the primary security mechanism. However, no software system is perfect. Your security also depends on:
- The strength and uniqueness of your master password.
- The security of your physical device and operating system.
- Keeping the app updated to receive security patches.
We are not liable for unauthorized access to your device or for data loss resulting from a forgotten master password.
10. Third-Party Services
Safe Vault does not integrate any third-party analytics SDKs, advertising SDKs, or crash-reporting services. Optional third-party interactions are limited to:
- Google Drive — for optional encrypted backup, as described in Section 4.
- Google Play Billing — if you choose to purchase the optional premium unlock, Google Play processes the transaction. We receive only a purchase confirmation from Google Play to verify that premium features should be enabled. We do not receive, store, or have access to your payment card details, billing address, or other financial information.
The app is distributed through the Google Play Store. Google may collect device and installation data as part of their standard store operations, governed by their own Privacy Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will also update the app store listing. Continued use of Safe Vault after changes constitutes acceptance of the updated policy.
12. Contact
For privacy questions, data requests, or concerns, contact us directly. We respond to every message.
maxroyen99@gmail.comHassan Tahir · Max Royen Studio