🛡️

Privacy Policy

Secure Files — end-to-end encrypted cloud storage for your photos, videos, and documents.

Secure Files by JITS
Effective Date: February 27, 2026

JITS ("we", "our", "us") operates the Secure Files mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. We are committed to protecting your privacy and keeping your data secure.

📋 1. Information We Collect

Account Information

When you sign in with Google, we receive:

  • Your Google account email address
  • Your Google account display name
  • Your Google account ID (used for encryption key derivation)

We do not receive or store your Google password.

Media Files

The App syncs files you choose (photos, videos, documents, audio, archives) from your device to secure cloud storage. We store:

  • The file content (encrypted if you enable encryption)
  • Thumbnails for gallery preview (not encrypted for performance)
  • Metadata: file name, size, type, creation date, sync timestamp

App Usage Data

  • Error & crash logs — only collected if you opt in via Settings → Diagnostics
  • Sync statistics — file counts, sizes, and sync timestamps (stored locally and in the cloud)

We do not collect analytics, advertising identifiers, location data, contacts, or browsing history.

Subscription & Billing

If you subscribe to a paid plan, payments are processed by Google Play Billing. We receive only:

  • Subscription status (active, cancelled, expired)
  • Plan tier and billing period

We never see or store your credit card number, bank details, or billing address.

🔒 We never collect: Precise location, contacts, call logs, SMS, browsing history, advertising identifiers, or any data beyond what is described above.

⚙️ 2. How We Use Your Information

Data Purpose Legal Basis
Google account info Authentication, encryption key derivation, identify your storage Contract
Media files Store and sync your files securely in the cloud Contract
File metadata Gallery display, search, sorting, deduplication Contract
Error logs Diagnose issues and improve app stability Consent
Subscription status Determine your storage quota and feature access Contract

We do not use your data for advertising, profiling, or any purpose other than providing and improving the App.

🏗️ 3. Data Storage & Security

Your files are stored in Cloud Storage with the following protections:

  • Encryption at rest — server-side AES-256 encryption on all stored objects
  • Encryption in transit — all data transmitted over TLS 1.2+
  • Private access controls — no public access to your files
  • Signed URLs — CDN access via time-limited, cryptographically signed URLs
  • Credential isolation — cloud credentials are encrypted with AES-256-GCM in the app binary and never stored in plaintext

Local Device Security

  • All sensitive settings (credentials, encryption PINs, tokens) stored in Android EncryptedSharedPreferences (AES-256)
  • Optional biometric lock (fingerprint/face) to access the app

🔐 4. End-to-End Encryption

When you enable file encryption in Settings, all files are encrypted on your device before upload:

  • Algorithm: AES-256-GCM with a unique random IV per file
  • Key derivation: PBKDF2-HMAC-SHA256 (120,000 iterations) from your Google ID + PIN
  • Zero-knowledge: Your encryption key never leaves your device. We cannot decrypt your files.
  • Recovery: You can decrypt on any device by signing in with the same Google account and entering your PIN
🛡️ Zero-Knowledge Architecture: When encryption is enabled, even JITS cannot access the contents of your files. Only you hold the key (your Google ID + PIN).
⚠️ Important: If you forget your encryption PIN, your encrypted files cannot be recovered. We do not have access to your encryption key and cannot reset it for you.

🔗 5. Third-Party Services

The App uses the following third-party services, each with their own privacy policies:

Service Purpose Data Shared
Google Sign-In User authentication Email, name, account ID
Cloud Storage Provider Cloud file storage, CDN delivery Encrypted files, metadata
Google Play Billing Subscription payment processing Subscription status only
Google Drive API Optional data export to your Drive Files (only when you export)

We do not use advertising SDKs, analytics trackers, or social media integrations.

🤝 6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data.

We may disclose information only in the following limited circumstances:

  • With your consent — e.g., when you choose to export to Google Drive
  • Service providers — Cloud infrastructure providers process data on our behalf under strict contractual obligations
  • Legal requirements — if required by law, regulation, or legal process. However, if encryption is enabled, we cannot provide file contents as we do not hold the encryption keys.
  • Safety — to protect the rights, property, or safety of JITS, our users, or the public

🗂️ 7. Data Retention

Data Type Retention Deletion
Your files Until you delete them User-controlled
Thumbnails Until parent file is deleted Automatic
Account info While account is active On request
Error logs 90 days Auto-purge
Deleted files (S3) 30-day recovery window Permanent after 30 days

You can delete individual files from within the App at any time. To delete all data and close your account, contact us at the address below.

8. Your Rights & Choices

You have the right to:

  • Access — View all your synced files in the Gallery
  • Export — Download all your data via Settings → Export Data (to device or Google Drive)
  • Delete — Remove individual files or request full account deletion
  • Opt out of diagnostics — Disable error log submission in Settings → Diagnostics
  • Revoke Google access — Remove the app's access at Google Account Permissions
  • Biometric control — Enable or disable biometric lock at any time
  • Encryption control — Enable encryption, change your PIN (note: encryption cannot be disabled once enabled)

For data subject requests under GDPR, CCPA, or similar regulations, contact us using the details in Section 12.

👶 9. Children's Privacy

Secure Files is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

🌍 10. International Data Transfers

Your data is stored in data centers in the United States. If you are located outside the United States, your data will be transferred to and processed in the US. We rely on our cloud provider’s compliance certifications (SOC 2, ISO 27001, GDPR DPA) to ensure appropriate safeguards.

📝 11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Notify you via the App (in-app notification or update notes)

Your continued use of the App after changes constitutes acceptance of the updated policy.

📬 12. Contact Us

If you have questions, concerns, or data subject requests, please reach out:

We aim to respond to all privacy inquiries within 30 days.