Legal

Privacy Policy

Simple, honest, and complete. We collect nothing.

Contents

Effective Date: January 1, 2025
Last Updated: January 1, 2025
App Version: EcoPass v1.0
🚫
No Data Collected
We collect absolutely nothing
📡
No Internet Required
Fully offline app
👤
No Account
No login, no sign-up
📢
No Ads
Completely ad-free

1. Overview

This Privacy Policy describes how ECO NOSTALGIC (SMC-PRIVATE) LIMITED ("we", "us", or "our") operates the EcoPass password manager application ("App") available on the Google Play Store.

EcoPass is designed from the ground up with privacy as a core principle. The App functions entirely on your device and does not communicate with any server, cloud service, or third-party system of any kind. We have deliberately built the App to require no personal information whatsoever.

The short version: EcoPass collects zero personal data. Nothing you do inside the App is transmitted, stored, or accessible outside of your own device. Your passwords belong to you and only you.

2. Information We Collect

We do not collect any personal information. Specifically, we do not collect:

  • Your name, email address, phone number, or any contact information
  • Your passwords, passphrases, or any vault content
  • Device identifiers (IMEI, Advertising ID, etc.)
  • Location data (GPS or network-based)
  • Usage data, analytics, or behavioral statistics
  • Crash reports or diagnostic data (no Crashlytics or Firebase)
  • Biometric data (fingerprints or face data)
  • IP address or network information
  • Camera, microphone, or media content
  • Contacts, calendar, or any other device data

The App does not send any data over the internet at any point during its operation. There is no backend server, no database hosted by us, and no analytics pipeline.

3. Local Data Storage

All data you create within EcoPass — including saved passwords, labels, categories, and preferences — is stored exclusively in a local encrypted database on your device. This database is created and managed by the Android Room Persistence Library and resides in your device's private application storage, which is inaccessible to other apps.

Your data is stored only in the following locations on your device:

  • Encrypted Room database — all vault entries (passwords, labels, categories)
  • SharedPreferences — your hashed PIN and app settings (biometric toggle, etc.)
  • Android Keystore — the AES encryption key used to protect your vault

When you uninstall the App, all of the above data is permanently deleted from your device by the Android operating system. We have no copy of your data and cannot recover it.

Important: If you uninstall EcoPass, all saved passwords and vault entries will be permanently erased. There is no cloud backup. Please export your vault (CSV) from Settings before uninstalling if you wish to keep a copy.

4. Encryption & Security

EcoPass uses industry-standard encryption to protect your stored passwords:

  • Algorithm: AES (Advanced Encryption Standard) / CBC mode / PKCS7 padding
  • Key Storage: Android Keystore System — hardware-backed on supported devices, meaning the encryption key never leaves the secure element
  • PIN Storage: Your PIN is never stored in plain text. It is hashed using SHA-256 before storage
  • Biometric: Biometric authentication uses Android's BiometricPrompt API. Your fingerprint or face data is processed entirely by the device's secure hardware and is never accessed or stored by the App

The encryption key is tied to your specific device and cannot be extracted or transferred. This means your encrypted vault data cannot be decrypted on another device even if the database file were somehow obtained.

5. App Permissions

EcoPass requests only the following permissions, each with a specific purpose:

  • USE_BIOMETRIC / USE_FINGERPRINT — Required to offer fingerprint or face unlock as an alternative to the PIN. This permission does not give the App access to your biometric data; it only allows the App to trigger the system's biometric authentication dialog.
  • INTERNET — Required solely to load the Privacy Policy page within the App's built-in browser. The App itself does not make any network requests, transmit data, or connect to any server.

The App does not request permissions for camera, microphone, location, contacts, storage, SMS, phone calls, or any other sensitive system resource.

6. Third-Party Services

EcoPass does not integrate with any third-party services. This includes but is not limited to:

  • No analytics services (Google Analytics, Firebase Analytics, Mixpanel, etc.)
  • No crash reporting services (Crashlytics, Sentry, Bugsnag, etc.)
  • No advertising networks (AdMob, Facebook Audience Network, etc.)
  • No social media SDKs (Facebook, Twitter, Google Sign-In, etc.)
  • No cloud storage or backup services
  • No payment processors (the App is free with no in-app purchases)
  • No remote configuration services (Firebase Remote Config, etc.)
  • No push notification services

The only external network activity the App performs is loading the Privacy Policy URL when you tap "Privacy Policy" in the App's Settings screen. This is a one-way web page load (like opening a browser); no App data is transmitted.

7. Advertising

EcoPass contains no advertisements of any kind. There are no banner ads, interstitial ads, rewarded video ads, or any other form of advertising content within the App. We do not work with any advertising networks and we do not receive advertising revenue. The App is free because we believe privacy tools should be accessible to everyone.

8. No Account Required

EcoPass does not require you to create an account, register, or provide any personal information to use the App. There is:

  • No sign-up process
  • No login screen requiring email or password
  • No user profile
  • No email verification
  • No password recovery via email (recovery is not possible by design)

The only credential the App uses is the PIN you create on first launch. This PIN is hashed and stored locally on your device only.

9. Children's Privacy

EcoPass does not knowingly collect any information from children under the age of 13, or under the applicable age of digital consent in their jurisdiction. Since the App collects no personal information from any user at all, it inherently does not collect data from children.

The App is a general-purpose utility application suitable for users of all ages. It does not contain any content directed at children, nor does it include chat features, social features, or user-generated content sharing.

If you are a parent or guardian and believe your child has used the App in a way that concerns you, please note that no personal data has been transmitted or stored outside the device, and you may uninstall the App at any time to remove all associated data.

10. Data Security

We take the security of your data seriously and have implemented the following measures:

  • AES/CBC/PKCS7 encryption for all stored vault entries
  • Android Keystore hardware-backed key storage on supported devices
  • SHA-256 hashing for PIN storage (the raw PIN is never stored)
  • Private application storage inaccessible to other apps (without root)
  • No network transmission means no interception risk
  • Clipboard auto-clear after 30 seconds when a password is copied

Since all data remains on your device, the overall security of your vault data is also dependent on your device's security (screen lock, OS version, etc.). We strongly recommend keeping your device's operating system up to date and using a strong device screen lock.

11. Your Rights

Because EcoPass collects no personal data, there is nothing for us to access, correct, transfer, or delete on your behalf. However, you retain full control over your data at all times:

  • Access: All your data is visible to you at all times within the App
  • Export: You can export your vault to a CSV file at any time via Settings → Export Vault
  • Deletion: You can delete individual entries, clear the entire vault via Settings, or uninstall the App to permanently remove all data
  • PIN Change: You can change your PIN at any time via Settings → Change PIN

If you are a resident of the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Since we process no personal data, GDPR obligations to us are minimal, but we remain committed to full compliance. If you have any GDPR-related questions, please contact us using the details in Section 13.

If you are a California resident, the California Consumer Privacy Act (CCPA) may apply to you. Since we collect no personal information as defined by the CCPA, we do not sell, share, or disclose personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date at the top of this page. We will also update the App's listing on the Google Play Store when material changes are made.

We encourage you to review this page periodically. Continued use of the App after any changes constitutes acceptance of the updated policy.

Since the App does not collect your contact information, we are unable to notify you directly of policy changes. The Google Play Store "What's New" section in App updates will note any significant privacy policy changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the privacy practices of EcoPass, please contact us:

We will respond to all privacy-related inquiries within 48 hours.

This privacy policy was last reviewed and updated to ensure compliance with Google Play Store Developer Program Policies, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).