Privacy Policy — SaveIt - Video & Photo Saver
1. Introduction
SaveIt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application SaveIt - Video & Photo Saver (the "App").
SaveIt is a full-featured private browser with integrated media detection, encrypted file storage (Safebox), form autofill, password manager, ad blocking, download management, screen recording, QR code scanning, DLNA media casting, WiFi file transfer, clipboard URL detection, webpage screenshot, background audio playback, and audio/video playback. By using our App, you agree to the terms of this Privacy Policy.
2. Information We Collect
2.1 Device and System Information
- Device model, operating system version
- App version and build information
- System language and locale settings
- Network connection type (Wi-Fi / mobile data)
- Crash reports and error logs for debugging
2.2 Browsing Data (Stored Locally Only)
As a browser, the App stores the following data locally on your device only. This data is never uploaded to our servers.
- Browse history: URLs, page titles, and favicons of pages you visit
- Bookmarks: URLs and titles you save as bookmarks
- Search history: Keywords you enter in the address bar
- Tab state: Open tabs and their last-visited URLs for session restoration
- Detected media resources: Video and audio URLs detected on pages you browse
- Cookies: Website cookies (including third-party cookies) are stored locally by the WebView engine to maintain login sessions and website functionality. You can clear cookies at any time via the cache management settings or per-site via the site actions menu
- Web storage: localStorage, sessionStorage, and IndexedDB data used by websites are stored locally
Incognito Mode: When browsing in incognito tabs, no browse history, search history, or tab state is recorded to the local database. Session cookies created in incognito tabs are cleared when the tab is closed.
2.3 VPN-Based Media Detection
⚠️ VPN Service Disclosure
SaveIt uses Android's VpnService API to intercept local network traffic for the purpose of detecting video and audio media resources. This is a local VPN only — your traffic is not routed through any external server.
- All traffic analysis happens entirely on your device
- We do not collect, store, or transmit your network traffic content
- We do not collect passwords, cookies, or personal communications via VPN
- Detected media URLs are stored locally and never uploaded
To detect media resources on HTTPS pages, the App may prompt you to install a local CA certificate. This certificate is used solely for local traffic analysis on your device and is not used to intercept or transmit your data to external servers. Installing this certificate allows the App to decrypt HTTPS traffic locally for media detection purposes only. You can remove this certificate at any time from your device's security settings (Settings > Security > Trusted credentials > User).
The App may query the list of installed applications on your device to allow you to select which apps' traffic should be monitored by the VPN. This information is processed locally and is never uploaded to our servers.
You cannot opt out of VPN usage as it is essential for the media detection feature. If you do not agree, please do not use this feature or uninstall the App.
2.4 Safebox — Encrypted File Storage
The Safebox feature allows you to store files (videos, photos, documents) in an encrypted local vault protected by a PIN and/or biometric authentication.
- Files you import into the Safebox are encrypted using AES and stored in the App's private directory on your device
- Your PIN is stored as a secure hash — we never store your PIN in plain text
- Biometric authentication uses Android's system-level BiometricPrompt API; biometric data never leaves your device
- Safebox contents are never uploaded to our servers or shared with third parties
- If you uninstall the App, all Safebox data is permanently deleted along with the App's data
2.5 Form Autofill (Account Credentials)
The Form Autofill feature detects login forms on HTTPS pages and offers to save and auto-fill your account credentials.
- Credentials (website origin, username, encrypted password) are stored locally only using AES-256-GCM encryption with keys managed by Android Keystore
- Credentials are never uploaded to our servers
- The feature injects JavaScript into WebView pages to detect form fields (username and password inputs) — this only runs on HTTPS pages and only when the Form Autofill toggle is enabled. The injected script does not transmit any data externally; it communicates only with the App's local credential store
- You can disable Form Autofill at any time from the More Menu
- You can delete all saved credentials via the cache management settings
Note: Form Autofill is disabled by default. You must manually enable it in the More Menu. When enabled, the App may read form field values (username and password) from web pages you visit to offer save/fill functionality.
2.6 Download Data
- Download tasks (URLs, file names, progress) are stored locally in the App's database
- Downloaded files are saved to your device's storage
- Download data is never uploaded to our servers
2.7 Screen Recording
The App includes a screen recording feature that uses Android's MediaProjection API to capture on-screen content.
- Screen recordings are saved locally on your device only
- The App may access your device's microphone (
RECORD_AUDIO) to capture audio during screen recording, only when you explicitly enable audio recording
- We do not access, upload, or transmit any recorded content to our servers
- You have full control over starting and stopping recordings
- Android system will display a persistent notification while recording is active
2.8 QR Code Scanner
The App includes a QR code and barcode scanner that uses your device's camera.
- Camera access is requested only when you open the scanner feature
- Scanned content (URLs, text) is processed locally and never uploaded
- We do not store camera images or video frames beyond the instant of scanning
2.9 Floating Window (Overlay)
The App may display a floating window overlay (SYSTEM_ALERT_WINDOW) to provide quick access to media detection controls while using other apps.
- The overlay only displays App controls; it does not capture or record content from other apps
- You can disable the floating window at any time from the App settings or system settings
2.10 File Sharing and Import
The App can receive files shared from other apps (via Android's Share intent) for import into the Safebox or for playback.
- Shared files are processed locally and stored in the App's private directory
- We do not upload or transmit shared files to any server
2.11 APK Installation
When you download APK files through the browser, the App may request the REQUEST_INSTALL_PACKAGES permission to trigger the system installer.
- The App does not modify APK files in any way
- Installation is handled entirely by the Android system installer
- You are responsible for verifying the safety of any APK you choose to install
2.12 Storage Access
The App requests storage permissions to manage downloaded files:
- On Android 10 and below:
READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE for saving downloads
- On Android 11+:
MANAGE_EXTERNAL_STORAGE to scan and manage files in the public Downloads directory
- Storage access is used solely for saving, organizing, and playing back downloaded media files
- We do not scan or access files unrelated to the App's functionality
2.13 DLNA Media Casting
The App can cast media to DLNA-compatible devices on your local network.
- Device discovery uses Wi-Fi multicast (
CHANGE_WIFI_MULTICAST_STATE) to find compatible devices on your local network
- Media streaming occurs directly between your device and the target device on your local network
- No data is transmitted to external servers during casting
- We do not collect information about devices on your network
2.14 Ad Blocking Logs
- The App maintains a local log of blocked ad requests for diagnostic purposes
- These logs are stored locally and never transmitted externally
2.15 Clipboard Monitoring
The App includes a clipboard URL detection feature that monitors your device's clipboard for URLs while the App is in the foreground.
- Clipboard content is read only when the App is active (in the foreground)
- Clipboard history (up to 50 entries) is stored locally only in the App's preferences
- Clipboard data is never uploaded to our servers or shared with third parties
- You can disable the "Auto Detect Clipboard" feature at any time from the More Menu
- You can clear all clipboard history via the App's cache management settings
Note: On Android 12 and above, the system displays a toast notification whenever an app reads the clipboard, providing transparency about this access.
2.16 WiFi File Transfer
The App includes a WiFi Transfer feature that allows you to send and receive files between devices on the same local network.
- The feature starts a temporary local HTTP server on your device for file transfer
- File transfer occurs only within your local network (LAN) — no data is routed through external servers
- The local server is active only while the transfer feature is in use and is stopped immediately after
- We do not collect or store information about devices that connect to the transfer service
- You are responsible for ensuring you are on a trusted network when using this feature
2.17 Webpage Screenshot
The App allows you to capture screenshots of the current webpage or video player content.
- Screenshots are saved locally on your device only
- We do not access, upload, or transmit any screenshot content to our servers
2.18 Text Selection Search
The App registers as a text processing handler, allowing you to select text in other apps and choose to search it in SaveIt.
- Selected text is received only when you explicitly choose SaveIt from the text selection menu
- The text is used solely to perform a search within the App's browser and is not stored or uploaded
2.19 Background Audio Playback
The App supports background audio playback, allowing you to continue listening to audio or video content while using other apps or when the screen is off.
- Background playback uses Android's foreground service (
FOREGROUND_SERVICE_MEDIA_PLAYBACK) with a persistent notification showing playback controls
- The App responds to media button events (play, pause, next, previous) from headphones, Bluetooth devices, and car audio systems
- No audio content is uploaded or transmitted to external servers during playback
- You can stop background playback at any time via the notification controls or by closing the player
2.20 Default Browser
The App can be set as your device's default browser, meaning all web links from other apps will open in SaveIt.
- Setting SaveIt as the default browser is entirely optional and requires your explicit action in system settings
- When set as default, all URLs opened from other apps will be loaded within SaveIt's browser, subject to the same local-only data storage described in Section 2.2
- You can change your default browser at any time in your device's system settings
2.21 Password Manager
The App includes a dedicated Password Manager that allows you to view, organize, import, and export your saved credentials.
- Access to the Password Manager requires PIN and/or biometric authentication each time
- The Password Manager supports importing and exporting credentials in Google CSV format for portability
- Exported CSV files contain your credentials in plain text — you are responsible for securing exported files
- All credential data is stored locally only using AES-256-GCM encryption and is never uploaded to our servers
2.22 Advertising Consent
The App implements advertising consent mechanisms to comply with regional privacy regulations:
- Advertising data collection is disabled by default and only enabled after you explicitly accept our Privacy Policy on first launch
- For users in the European Economic Area, GDPR consent signals are passed to advertising partners (Unity Ads, AdMob, InMobi) to ensure compliant ad delivery
- You can opt out of personalized advertising at any time via your device's Google Ads settings, or upgrade to VIP to remove all ads entirely
2.23 App Usage Analytics (Third-Party SDKs)
Google Firebase Analytics & Crashlytics
We use Firebase to improve app quality. Firebase data collection is disabled by default and is only enabled after you explicitly consent to our Privacy Policy on first launch. Firebase may collect:
- App launch events and session duration
- Feature usage statistics
- Crash reports and diagnostic information
- Device identifiers (anonymized)
This data is subject to Google's Privacy Policy.
Google AdMob (Free version only)
The free version of the App displays ads via Google AdMob. AdMob may collect:
- Advertising ID (GAID)
- Device identifiers
- IP address (for approximate location)
- Ad interaction data (views, clicks)
- App usage patterns for ad personalization
You can upgrade to VIP to remove all ads. This data is subject to Google's Privacy Policy.
InMobi (Free version only)
The free version of the App may also display ads via InMobi SDK. InMobi may collect:
- Device identifiers and hardware information
- IP address and approximate location
- Ad interaction data
- App usage patterns for ad targeting
You can upgrade to VIP to remove all ads. This data is subject to InMobi's Privacy Policy.
Unity Ads (Free version only)
The free version of the App may display ads via Unity Ads SDK as an advertising mediation partner. Unity Ads may collect:
- Device identifiers and hardware information
- IP address and approximate location
- Ad interaction data (views, clicks, completions)
- App usage patterns for ad targeting
You can upgrade to VIP to remove all ads. This data is subject to Unity's Privacy Policy.
Google Play Integrity API
The App uses Google Play Integrity API to verify device security and protect against unauthorized modifications. This process sends device attestation data to Google's servers. No personal information is collected through this process. This is subject to Google's Privacy Policy.
Google Play Billing
For VIP purchases, transaction data is processed by Google Play. We receive only the purchase status and subscription state.
3. How We Use Your Information
- Browser functionality: Store browse history, bookmarks, and tabs locally for your use
- Media detection: Identify video and audio resources from network traffic for download
- Safebox: Encrypt and store your private files locally
- Form Autofill & Password Manager: Save, fill, organize, import, and export login credentials on HTTPS pages
- Screen recording: Capture on-screen content and optionally audio for local storage
- QR scanning: Decode QR codes and barcodes using the camera
- DLNA casting: Discover and stream media to devices on your local network
- WiFi Transfer: Send and receive files between devices on your local network
- Clipboard detection: Detect URLs in clipboard for quick navigation (when enabled)
- Webpage screenshot: Capture and save webpage content locally
- Background audio playback: Continue playing audio/video content while using other apps or with screen off
- Default browser: Handle web links from other apps when set as default browser
- File sharing: Import files shared from other apps into the Safebox or player
- Text selection search: Search text selected in other apps within the browser
- App improvement: Analyze crash reports and usage statistics to fix bugs and improve features
- Advertising: Display relevant ads in the free version to support app development
- Security verification: Verify device integrity to protect against unauthorized modifications
3.1 Legal Basis for Processing (EEA Users)
If you are located in the European Economic Area, we process your data based on the following legal grounds:
- Consent: Analytics and advertising data collection (you provide consent on first launch; you can withdraw consent by disabling analytics in settings or upgrading to VIP)
- Contract performance: Providing the App's core functionality (browsing, downloading, Safebox, etc.) as described in our Terms of Service
- Legitimate interest: Crash reporting and security verification to maintain App stability and prevent abuse
3.2 Do Not Sell My Personal Information
We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. The sharing of data with advertising partners (AdMob, InMobi, Unity Ads) in the free version is for the purpose of displaying ads and is not considered a "sale" under applicable privacy laws. You can opt out of this sharing entirely by upgrading to VIP.
3.3 Permissions Summary
The following table summarizes the Android permissions used by the App and their purposes:
| Permission |
Purpose |
INTERNET |
Web browsing and downloading content |
ACCESS_NETWORK_STATE |
Detect network connectivity status (Wi-Fi or mobile data) |
ACCESS_WIFI_STATE |
Detect Wi-Fi connection for DLNA casting and WiFi Transfer features |
BIND_VPN_SERVICE |
Local VPN for media detection (no external routing) |
QUERY_ALL_PACKAGES / <queries> |
Query installed applications to allow user selection of VPN target apps; processed locally only |
MANAGE_EXTERNAL_STORAGE |
Manage downloaded files in public directories (Android 11+) |
RECORD_AUDIO |
Capture audio during screen recording (optional) |
CAMERA (via QR library) |
QR code and barcode scanning |
USE_BIOMETRIC |
Biometric authentication for Safebox and Password Manager access |
SYSTEM_ALERT_WINDOW |
Floating window for media detection controls |
POST_NOTIFICATIONS |
Download progress, media playback controls, and recording status notifications |
REQUEST_INSTALL_PACKAGES |
Allow installation of downloaded APK files |
FOREGROUND_SERVICE |
Background downloads, VPN service, media playback, and screen recording |
FOREGROUND_SERVICE_DATA_SYNC |
VPN media detection service and download service running in background |
FOREGROUND_SERVICE_MEDIA_PLAYBACK |
Background audio/video playback with notification controls |
FOREGROUND_SERVICE_MEDIA_PROJECTION |
Screen recording service running in background |
CHANGE_WIFI_MULTICAST_STATE |
DLNA device discovery on local network |
VIBRATE |
Haptic feedback for user interactions |
WAKE_LOCK |
Keep device awake during downloads and media playback |
4. Data Storage and Security
Local Storage
- All browsing data, Safebox files, and form credentials are stored in the App's private directory on your device
- Sensitive data (Safebox files, form credentials) is encrypted at rest using AES-256-GCM with keys managed by Android Keystore
- You can clear all local data at any time via the App's cache management settings
Security Measures
- Safebox files are encrypted with AES before being written to disk
- Form credentials are encrypted using AES-256-GCM with hardware-backed keys (Android Keystore)
- PIN codes are stored as secure hashes, never in plain text
- Biometric authentication leverages Android's system-level BiometricPrompt with hardware security modules
- The App uses Google Play Integrity API to detect device tampering and unauthorized modifications
- Network communications for analytics and ads use HTTPS encryption
Data Transmission
- Browsing history, bookmarks, Safebox files, and form credentials are never transmitted to external servers
- Analytics and crash data is transmitted securely via HTTPS to Google's infrastructure
- Ad-related data is handled by Google's, InMobi's, and Unity's secure infrastructure respectively
Data Retention
- Local data: Retained until you manually delete it or uninstall the App
- Analytics data: Retained per Firebase's data retention policies
- Ad data: Retained per Google AdMob's, InMobi's, and Unity's respective data retention policies
5. Data Sharing and Disclosure
We Do Not Share
- Your browse history, bookmarks, or search history
- Safebox file contents
- Form autofill credentials
- Downloaded files
- Any personally identifiable information
Limited Third-Party Sharing
- Firebase Analytics: Anonymized usage statistics
- Google AdMob: Device and usage data for ads (free version only)
- InMobi: Device and usage data for ads (free version only)
- Unity Ads: Device and usage data for ads (free version only)
- Google Play Billing: Purchase data for transaction processing
Legal Requirements
We may disclose information if required by law, to comply with legal processes, protect our rights, or ensure user safety.
6. Your Privacy Rights and Choices
- Clear browse history: Delete all history from the History screen or cache management
- Clear bookmarks: Delete bookmarks individually or in bulk
- Clear form autofill data: Delete all saved credentials via cache management settings
- Export/delete password data: Export credentials in CSV format or delete all via the Password Manager
- Delete Safebox files: Delete individual files or all Safebox contents from within the Safebox
- Delete screen recordings: Delete recordings from your device's file manager or the App
- Disable Form Autofill: Toggle off in the More Menu at any time
- Disable VPN media detection: Toggle off the VPN Capture feature in the More Menu
- Disable clipboard detection: Toggle off "Auto Detect Clipboard" in the More Menu
- Clear clipboard history: Clear via cache management settings
- Disable floating window: Revoke overlay permission in system settings
- Stop background audio playback: Dismiss the playback notification or close the player
- Change default browser: Change your default browser in your device's system settings at any time
- Opt out of personalized ads: Disable ad personalization in your device's Google settings, or upgrade to VIP
- Reset Advertising ID: Reset in your device's system settings
- Revoke camera access: Disable camera permission in system settings to prevent QR scanning
- Revoke microphone access: Disable microphone permission in system settings to prevent audio recording
- Clear site data per website: Clear cookies, localStorage, and cached data for individual websites via the site actions menu
- Remove CA certificate: Remove the locally installed CA certificate from your device's security settings at any time
6.1 Data Deletion Request
You can delete all locally stored data by:
- Using the App's built-in cache management to clear specific data categories
- Uninstalling the App (permanently removes all App data from your device)
- Contacting us at zhuxiaoit4@gmail.com to request deletion of any analytics data associated with your device
6.2 Rights for Users in the European Economic Area (GDPR)
If you are located in the EEA, you have the following rights under the General Data Protection Regulation:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request limitation of data processing
- Right to data portability: Request transfer of your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at zhuxiaoit4@gmail.com. We will respond within 30 days.
6.3 Rights for California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: Request disclosure of the categories and specific pieces of personal information collected
- Right to delete: Request deletion of personal information
- Right to opt-out: Opt out of the "sale" of personal information (we do not sell personal information)
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact us at zhuxiaoit4@gmail.com.
7. Children's Privacy
Our App is not intended for children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at zhuxiaoit4@gmail.com so we can take appropriate action.
8. International Data Transfers
Analytics and advertising data may be transferred to and processed in countries other than your own, including the United States, where Google's, InMobi's, and Unity's servers are located. These countries may have different data protection laws than your country of residence.
For users in the European Economic Area, such transfers are conducted in compliance with applicable data protection laws, relying on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The data processing agreements of our third-party service providers (Google, InMobi, Unity)
Your locally stored data (browsing history, Safebox files, credentials, downloads) is never transferred internationally as it remains solely on your device.
9. Data Breach Notification
In the unlikely event of a data breach affecting your personal information held by our third-party service providers, we will:
- Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
- Provide details about the nature of the breach, the data affected, and recommended protective measures
- Report the breach to the relevant supervisory authority where required by law
Note: Since the vast majority of your data is stored locally on your device and never transmitted to our servers, the risk of a data breach affecting your browsing data, Safebox files, or credentials is extremely low.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the App and updating the "Last Updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Prohibited Uses
For details on prohibited uses of the App, please refer to our Terms of Service.
12. Disclaimer
We are not liable for damages resulting from:
- Your violation of this Privacy Policy or applicable laws
- Copyright infringement by users when downloading content
- Service interruptions due to force majeure or technical issues
- Loss of locally stored data due to device failure or App uninstallation
13. Contact Us
14. Consent
By downloading, installing, or using the App, you consent to this Privacy Policy. If you do not agree, please do not use the App.
Terms of Service |
Support