AzAd Labs ("AzAd Labs", "we", "us", or "our")
publishes AzAd Vault: Password Manager on Google Play
(package name com.azadvault.password.manager).
This Privacy Policy explains what information the app processes, how it is protected,
and what choices you have.
Zero-knowledge by design. AzAd Vault encrypts your vault on your device before it is stored or backed up. We do not operate a server that receives your master password, PIN, or decrypted passwords, cards, notes, or other vault contents. We cannot read your secrets.
1. Scope
This policy applies to the AzAd Vault Android application distributed on Google Play and to this website (azadvault.com) when used to view app information and this policy. It does not cover third-party websites or services you access through saved logins in your vault.
2. Information we collect
AzAd Labs does not collect, purchase, or receive your decrypted vault data. We do not require an AzAd Labs account to use the app.
We do not collect:
- Master passwords, PINs, or recovery secrets
- Decrypted passwords, passkeys, payment card numbers, government ID numbers, or secure notes
- Plaintext backup files (
.azvault) - TOTP seeds or one-time codes in readable form
- Precise location, contacts, SMS, call logs, or photos from your gallery
- Advertising identifiers for targeted ads (the app contains no ads)
Limited technical data may be processed automatically when you use optional online features (for example, network requests to Google APIs for Drive sync or favicon lookup). That traffic is between your device and the relevant provider; AzAd Labs does not operate a backend that stores your vault contents.
If you purchase AzAd Vault Premium, payment and subscription status are handled by Google Play Billing. Google processes your payment method and purchase records according to Google's Privacy Policy. We receive only what Google provides to verify subscription status (for example, whether Premium is active).
3. Information you store in the app
You may choose to save sensitive personal information in your vault, such as:
- Website logins and passkeys
- Payment card and bank-related fields
- Identity documents (passport, driver's license, tax ID, etc.)
- Secure notes, attachments, and custom fields
- TOTP authenticator entries
This information is provided by you, encrypted on your device, and remains under your control. AzAd Labs does not access or use vault contents for marketing, profiling, or sale to third parties.
4. How we use information
We use information only to provide and improve the app:
- Core vault — encrypt, store, and display items you save locally
- Unlock — verify PIN or biometrics on-device for session access
- Autofill — fill credentials you explicitly select into other apps (Android Autofill)
- Backup & sync — upload encrypted backups when you enable Google Drive (optional)
- Notifications — show local expiry reminders you configure (optional)
- Premium — validate subscription status via Google Play Billing (optional)
- Site icons — fetch favicons for login items when enabled (optional, uses network)
We do not use your data for advertising or sell personal information.
5. Sharing with third parties
We do not sell or rent your personal information. Data may be processed by these third parties only when you use the related feature:
| Service | Purpose | Data involved | Optional? |
|---|---|---|---|
| Google Sign-In / Drive API | Encrypted backup & sync to your Google Drive app folder | OAuth tokens; encrypted .azvault blob in your Drive |
Yes |
| Google Play Billing | Premium subscriptions & restore purchases | Purchase/subscription status via Google | Yes |
| Favicon services (e.g. DuckDuckGo, Google) |
Display website icons for login items | Domain name of saved login URLs | Yes |
Each provider's use of data is governed by its own privacy policy. We may disclose information only if required by law or to protect rights, safety, and security — and only to the extent permitted, without providing decrypted vault contents we do not possess.
6. Data stored on your device
When you use AzAd Vault, the following may be stored locally on your phone or tablet:
- Encrypted vault database (SQLite) — all item fields encrypted before storage
- Wrapped encryption keys — protected via Android Keystore / secure storage
- Session tokens — for PIN/biometric unlock between app sessions
- App preferences — theme, sort order, backup schedule, checklist progress
- Cached favicons — optional icon files keyed by website domain
- Exported backups — if you save a
.azvaultfile to device storage
Local data is removed when you uninstall the app, except files you saved outside the app (such as exported backups in Downloads).
7. Optional cloud backup & sync
If you enable Google Drive backup or sync:
- An encrypted
.azvaultfile is stored in your Google Drive hidden app data folder (not visible in your normal Drive file list) - Google OAuth is used so the app can access only your Drive app folder — we never receive your Google account password
- Scheduled backups (daily/weekly) run only when you turn them on in Settings
- Conflict resolution and merge/replace choices are made by you during restore
Google may process account metadata and file storage according to its policies. AzAd Labs cannot decrypt your Drive backup without your master password.
8. App permissions
AzAd Vault may request the following Android permissions and why:
| Permission | Why it is used |
|---|---|
| Internet | Google Drive sync, favicon lookup, and Play Billing (when those features are used) |
| Biometric / Fingerprint | Unlock the vault with fingerprint or face — verification stays on-device |
| Camera | Scan QR codes for TOTP setup and Google Authenticator migration (only when you use scan features) |
| Notifications | Local reminders for expiring cards, documents, or passwords you configure |
| Boot completed | Reschedule local expiry notifications after device restart |
| Google Play Billing | Process Premium subscriptions and restore purchases |
| Autofill service | Offer saved logins when you choose AzAd Vault as your autofill provider (Android system) |
You can deny or revoke permissions in Android Settings; some features may not work without them.
9. Security
AzAd Vault uses industry-standard cryptography, including:
- Argon2id for key derivation from your master password
- AES-256-GCM for encrypting vault fields with unique nonces
- HMAC-SHA256 for backup integrity verification
- Android Keystore for protecting session keys and biometric-gated access
No security method is perfect. You are responsible for choosing a strong master password, keeping your device secure, and safeguarding backup files and recovery options.
10. Data retention
- Local vault — kept until you delete items, reset the vault, or uninstall the app
- Google Drive backups — kept until you delete them in the app or remove app data from Google Drive
- Subscription records — retained by Google Play according to Google's policies
- Favicon cache — may be cleared from app storage or when you clear app data
We do not retain decrypted vault data on AzAd Labs servers because we do not receive it.
11. Deletion & your rights
You can delete your data as follows:
- Individual items — delete from within the vault at any time
- Local vault — uninstall the app or clear app storage in Android Settings
- Drive backups — Settings → Backup in the app, or remove AzAd Vault app data in Google Account permissions
- Offline exports — delete
.azvaultfiles from your device or cloud storage manually - Google account access — revoke AzAd Vault's Drive access in your Google Account settings
Depending on your location, you may have rights to access, correct, delete, or restrict processing of personal information. Because vault contents are encrypted and we do not hold decryption keys, we cannot recover or export your vault if you lose your master password.
To exercise privacy rights or ask questions, contact us at privacy@azadlabs.com. We will respond within a reasonable time.
12. Children's privacy
AzAd Vault is not directed at children under 13 (or the minimum age required in your country). We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact privacy@azadlabs.com and we will take appropriate steps.
13. International users
AzAd Labs is based in Pakistan. If you use optional Google services, data may be processed by Google in countries where Google operates, according to Google's terms and policies. By using optional cloud features, you understand that encrypted backups are stored in your Google account, which may involve cross-border processing by Google.
14. Changes to this policy
We may update this Privacy Policy for legal, technical, or product changes. We will post the revised policy on this page and update the effective date. Material changes may also be communicated in the app or on our store listing where appropriate. Continued use after changes take effect means you accept the updated policy.
15. Contact us
AzAd Labs
Privacy inquiries: privacy@azadlabs.com
General support: support@azadvault.com
App package: com.azadvault.password.manager