Qencrypt Mobile — Privacy Policy

This Privacy Policy describes how FiveRivers Technologies Pvt Ltd (“FiveRivers”, “we”, “us”, “our”) collects, uses, and shares information in connection with the Qencrypt mobile application for iOS (the “App”). By using the App, you agree to this policy. If you do not agree, do not use the App.
We may update this Privacy Policy from time to time. We will post the updated version and change the “Last updated” date. Continued use of the App after changes means you accept the updated policy.

1. Who we are

Controller: FiveRivers Technologies Pvt Ltd
Product: Qencrypt — encryption and vault software for your personal files on your device.
Contact (privacy questions): support@qencrypt.app
For requests under privacy laws (access, deletion, etc.), use the same address and include “Privacy Request” in the subject line where helpful.

2. Scope

This policy applies to the Qencrypt iOS App. It does not govern third-party websites or services you open from the App (for example, Apple’s subscription management or a web page we link to); those services have their own policies.

3. Information the App processes

3.1 Information you provide or that is created on your device
• Account and authentication: If you create or use an account, we may process identifiers you provide (such as email address) and authentication-related data needed to operate sign-in, password recovery, and session management as implemented in the App.
• Vault and encryption: The App is designed so that your encrypted files, vault contents, master password, and cryptographic keys are stored and processed primarily on your device using the App’s security features. We do not intend to upload the contents of your vault or your master password to our servers for routine storage; operation of the vault is local to the device unless you use a feature that explicitly sends data elsewhere (for example, sharing a file through another app you choose).
• Recovery and keys: If you use recovery codes, key export/import, or backup features, related data is handled according to the feature (e.g. files you save to a location you choose).
• Settings and preferences: The App stores preferences on the device (for example, display, security, and plan-related settings).
3.2 Information collected automatically (device and diagnostics)
When you use the App, we use analytics and diagnostic logging to understand stability, improve the product, and measure feature usage. This is sent to our analytics provider over the internet when the device is online.
The App may process and transmit:
• App and device identifiers used in logs: such as app version/build, device model (e.g. device type identifier on iOS), and operational event data (for example, that a screen was viewed, a button was tapped, a folder was created, or an encryption flow completed or failed).
• Authentication-related analytics: for certain sign-in and sign-up events, email address may be included in analytics payloads where the App is designed to associate that event with the account identifier you used, for product and security analytics.
• Operational messages: short text descriptions of events (for example, vault actions, encryption/decryption counts and timing, or error reasons that do not include your file contents). We do not transmit the contents of your encrypted files as part of this logging.
This data is sent to PostHog, our analytics and logs platform, using industry-standard transport. PostHog’s processing may occur in the United States and other regions where PostHog or its subprocessors operate. See Section 6.
3.3 Apple In-App Purchases and subscriptions
Payments for subscriptions are processed by Apple, not by FiveRivers. We do not receive your full payment card number from Apple. Apple provides us subscription status information through Apple’s systems as needed to unlock Premium features in the App. Apple’s use of your information is governed by Apple’s Privacy Policy and your Apple ID settings.
3.4 Permissions on your device
The App may request access to:
• Photo Library — to let you choose photos/videos to encrypt and, where applicable, to save exported content.
• Face ID / Touch ID — to unlock the vault or authenticate you, when you enable it.
• Notifications — only if the App requests notification permission for features that use it.
You can allow or deny these in iOS Settings. Denying permission may limit features.
If an Apple system permission string appears that references features you do not use, it may be required by the operating system or a bundled capability; we only use permissions for the purposes described in the App and in iOS permission prompts.

4. How we use information

We use information:
• To provide and maintain the App, including encryption, vault, backup, and account features.
• To authenticate you and protect accounts.
• To improve the App and fix issues (analytics and diagnostics).
• To comply with law and respond to lawful requests.
• To enforce our terms and protect users and the service.
We do not sell your personal information as “sale” is commonly defined under U.S. state privacy laws.

5. Legal bases (where applicable)

If the GDPR or similar laws apply, we rely on:
• Performance of a contract — providing the App you requested.
• Legitimate interests — securing the service, improving the product, and analytics that are not overridden by your rights.
• Consent — where required (for example, optional marketing or certain tracking, if we add such features and ask you).
• Legal obligation — where we must retain or disclose data by law.

6. Sharing and subprocessors

We may share information with:
• PostHog — hosting and processing analytics and application logs as described in Section 3.2.
• Infrastructure and IT vendors — who help us operate our business under strict terms.
• Apple — for In-App Purchase and subscription status as described in Section 3.3.
• Authorities — if required by law or to protect rights, safety, and security.
We require service providers to protect information and use it only for the purposes we specify.

7. International transfers

If you are outside the country where we or PostHog process data, your information may be transferred internationally, including to the United States. Where required, we use appropriate safeguards (such as standard contractual clauses) or other lawful mechanisms.

8. Retention

We retain information only as long as needed for the purposes above and as required by law. Analytics and log data may be retained for a limited period according to our configuration with PostHog. Account-related data may be retained until you delete your account or we delete it in accordance with this policy and applicable law. On-device data remains on your device until you delete it or remove the App (subject to iOS backup behavior).

9. Security

We implement appropriate technical and organizational measures designed to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Your rights and choices

Depending on where you live, you may have the right to:
• Access a copy of certain personal information we hold.
• Correct inaccurate information.
• Delete certain information.
• Object or restrict certain processing.
• Portability of data you provided, where applicable.
• Withdraw consent where processing is consent-based.
In the App: Where available, you may delete your account from the App settings; this is intended to remove or irreversibly disassociate your account data from our systems as implemented.
To exercise rights: Email support@qencrypt.app. We may need to verify your identity.
California residents (CCPA/CPRA): You may have additional rights (know, delete, opt out of certain sharing). We do not sell personal information for money. To submit a request, email us at the address above with “California Privacy Request” in the subject.
European Economic Area / UK: You may lodge a complaint with your local supervisory authority.

11. Children

The App is not directed at children under 13 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

12. Third-party links

The App may contain links to third-party sites or services (including Apple). We are not responsible for their privacy practices. Read their policies.

13. Changes

We may update this Privacy Policy. The new version will be indicated by the “Last updated” date. Material changes may be communicated in the App or by other reasonable means where appropriate.

14. Contact

FiveRivers Technologies Pvt Ltd
Email: support@qencrypt.app