Privacy Policy

1. Information We Collect

1.1 Google Account Information

When you sign in with your Google account, we receive the following from Google's authentication service:

• Email address — used to identify your account within the App.
• Display name — shown in the user interface for personalization.
• OAuth access token — a short-lived credential (approximately 60 minutes) used to communicate with the Google Drive API on your behalf. Tokens are held in volatile memory only and are never written to disk.

1.2 Google Drive Metadata

The App requests the drive.metadata.readonly OAuth scope. This grants read-only access to file and folder metadata. We retrieve:

• File and folder names, IDs, MIME types, and parent folder relationships.
• File sizes, creation dates, modification dates, and last-viewed dates.
• MD5 checksums (used locally for duplicate detection).
• Sharing status and permission IDs (used for security audit features).
• Whether a file is trashed and whether you are the owner.
• Your Drive storage quota (total, in-Drive, in-trash, and limit).

1.3 Locally Stored Preferences

The App stores your preferences on your device, including:

• Color theme and dark/light mode selection.
• Dashboard layout and tab order customization.
• Auto-save and auto-load scan settings.
• Whether the guided tour has been completed.

These preferences contain no personal or identifying information and are stored using the platform's standard local preferences mechanism.

1.4 Saved Scan Data

When you run a scan, the resulting metadata snapshot may be saved as a compressed file on your device's local application storage. Saved scans contain the folder tree structure and file metadata described in Section 1.2, along with a unique scan identifier and timestamp.

1.5 In-App Purchase Information

The App offers optional in-app purchases (Premium and Ultimate tiers) processed entirely by the Google Play Store. We receive only the purchase status (purchased, pending, or restored) and the product identifier.

1.6 Voluntary Feedback Data

The App includes an optional feedback form that lets you submit a price proposal or a feature request. Submitting feedback is entirely voluntary. When you choose to submit, the following information is collected and transmitted to a developer-controlled Google Sheet via Google Apps Script:

• Anonymous device fingerprint — a randomly generated UUID created on first launch and stored on your device. It is not linked to your Google account, name, or email address, and is used solely to enforce a per-device daily submission limit. No submitted feedback is ever associated with your Google account or any other account-identifying information.
• Billing country — the country associated with your Google Play account (e.g. “HU”), retrieved from the Play Store billing configuration.
• Device locale — your device’s language and region setting (e.g. “hu_HU”).
• App version — the version of DriveNest installed on your device.
• Subscription tier — your current plan (Free, Premium, or Ultimate).
• Price proposal details (price proposals only) — the plan tier, currency, and suggested price you enter.
• Feature description (feature requests only) — the free-text description you write.

2. How We Use Your Information

We use the information described above solely to:

• Authenticate you with Google and communicate with the Google Drive API.
• Display your Drive's storage breakdown, folder hierarchy, and file statistics.
• Detect duplicate files by comparing MD5 checksums locally on your device.
• Generate cleanup suggestions based on file age, size, and usage patterns.
• Perform a security audit of sharing permissions across your Drive.
• Produce PDF and CSV reports when you explicitly request an export.
• Save and restore scan snapshots so you can track storage trends over time.
• Remember your display preferences across app sessions.
• Verify your in-app purchase tier to unlock the appropriate features.
• Review voluntary price proposals and feature requests to inform pricing decisions and product development priorities.

3. Data Storage and Security

3.1 On-Device Storage

All scan data, preferences, and exports are stored locally on your device in the App's private application directory. No scan data is transmitted to any external server.

3.2 Encrypted Backups

When you export a scan backup, the data is bundled into a ZIP archive and encrypted using AES-256 (CBC mode) before being saved. You control where the encrypted backup file is shared or stored via the operating system's share functionality.

3.3 Network Security

All communication with Google APIs is conducted over HTTPS (TLS-encrypted connections). OAuth access tokens are transmitted only to Google's servers and are held in volatile memory for the duration of your session.

4. Data Sharing and Disclosure

The App communicates exclusively with the following external services:

• Google Drive API — to retrieve your Drive metadata using your OAuth token. Google's use of your data is governed by Google's Privacy Policy.
• Google Play Billing — to process in-app purchases. Payment data is handled entirely by Google and is subject to Google's terms.
• Google Apps Script / Google Sheets — when you voluntarily submit a price proposal or feature request, the data described in Section 1.6 is transmitted over HTTPS to a Google Apps Script web app and stored in a Google Sheet controlled by the developer. This communication occurs only when you explicitly tap Submit in the feedback form. The data is used solely by the developer and is never shared with third parties.

The App does not include any third-party analytics, advertising, crash reporting, or tracking SDKs. No data is collected passively or shared with any party other than as described above.

5. User-Initiated Exports and Sharing

You may choose to export data from the App in the following formats:

• CSV files — containing file metadata (names, paths, sizes, dates, sharing status) for specific views such as duplicates, cleanup targets, or security findings.
• PDF reports — containing charts, statistics, and summaries of your Drive analysis.
• Encrypted scan backups (.dnbak files) — containing your full scan snapshot, AES-256 encrypted.

Exports are shared via the operating system's share sheet. You are responsible for choosing where exported files are stored or sent. The App does not automatically upload exports to any service.

6. Data Retention and Deletion

• Session data (access tokens, in-memory state) is discarded when you sign out or close the App.
• Saved scans are retained on your device until you manually delete them via the Saved Scans manager in Settings, or until you uninstall the App.
• Preferences are retained until you reset them in Settings or uninstall the App.
• Signing out clears your authentication state immediately. Saved scans and preferences remain on-device for your convenience but can be deleted at any time.
• Uninstalling the App removes all locally stored data, including saved scans, preferences, and any temporary export files.

7. Children's Privacy

DriveNest is not directed at children under 13. We do not knowingly collect personal information from children. The App requires a Google account to function, and Google account creation is subject to Google's age requirements. Users must meet Google's minimum age requirement in their country to create and use a Google account.

8. Your Rights and Choices

• Access: All data the App holds is visible to you within the App itself (scan results, saved scans, preferences).
• Deletion: You can delete saved scans, reset preferences, and sign out at any time. Uninstalling the App removes all data.
• Revoke access: You can revoke DriveNest's access to your Google account at any time via your Google Account permissions page.
• Portability: You can export your scan data as CSV, PDF, or encrypted backup files at any time.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by an updated effective date at the top of this document. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the revised policy.