Privacy Policy

Effective date: March 12, 2026

This Privacy Policy explains how DriveNest ("the App", "we", "our") collects, uses, stores, and shares information when you use our mobile application. We are committed to protecting your privacy and being fully transparent about our data practices.

DriveNest requires you to sign in with an existing Google account in order to function. Your Google account is created and managed by Google, and its use is subject to Google's Privacy Policy and Google's Terms of Service. DriveNest does not create, manage, or store Google account credentials.

1. Information We Collect

1.1 Google Account Information

When you sign in with your Google account, we receive the following from Google's authentication service:

Email address — used to identify your account within the App.
Display name — shown in the user interface for personalization.
OAuth access token — a short-lived credential (approximately 60 minutes) used to communicate with the Google Drive API on your behalf. Tokens are held in volatile memory only and are never written to disk.

1.2 Google Drive Metadata

The App requests the drive.metadata.readonly OAuth scope. This grants read-only access to file and folder metadata. We retrieve:

File and folder names, IDs, MIME types, and parent folder relationships.
File sizes, creation dates, modification dates, and last-viewed dates.
MD5 checksums (used locally for duplicate detection).
Sharing status and permission IDs (used for security audit features).
Whether a file is trashed and whether you are the owner.
Your Drive storage quota (total, in-Drive, in-trash, and limit).

We never access, read, download, or modify the actual content of your files. The metadata-readonly scope makes this technically impossible.

1.3 Locally Stored Preferences

The App stores your preferences on your device, including:

Color theme and dark/light mode selection.
Dashboard layout and tab order customization.
Auto-save and auto-load scan settings.
Whether the guided tour has been completed.

These preferences contain no personal or identifying information and are stored using the platform's standard local preferences mechanism.

1.4 Saved Scan Data

When you run a scan, the resulting metadata snapshot may be saved as a compressed file on your device's local application storage. Saved scans contain the folder tree structure and file metadata described in Section 1.2, along with a unique scan identifier and timestamp.

Saved scans are never uploaded to any external server automatically.

1.5 In-App Purchase Information

The App offers optional in-app purchases (Premium and Ultimate tiers) processed entirely by the Google Play Store. We receive only the purchase status (purchased, pending, or restored) and the product identifier.

We never receive or store payment details, credit card numbers, or billing addresses. All payment processing is handled by Google.

2. How We Use Your Information

We use the information described above solely to:

Authenticate you with Google and communicate with the Google Drive API.
Display your Drive's storage breakdown, folder hierarchy, and file statistics.
Detect duplicate files by comparing MD5 checksums locally on your device.
Generate cleanup suggestions based on file age, size, and usage patterns.
Perform a security audit of sharing permissions across your Drive.
Produce PDF and CSV reports when you explicitly request an export.
Save and restore scan snapshots so you can track storage trends over time.
Remember your display preferences across app sessions.
Verify your in-app purchase tier to unlock the appropriate features.

3. Data Storage and Security

3.1 On-Device Storage

All scan data, preferences, and exports are stored locally on your device in the App's private application directory. No scan data is transmitted to any external server.

3.2 Encrypted Backups

When you export a scan backup, the data is bundled into a ZIP archive and encrypted using AES-256 (CBC mode) before being saved. You control where the encrypted backup file is shared or stored via the operating system's share functionality.

3.3 Network Security

All communication with Google APIs is conducted over HTTPS (TLS-encrypted connections). OAuth access tokens are transmitted only to Google's servers and are held in volatile memory for the duration of your session.

4. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise share your personal data with any third party.

The App communicates exclusively with the following external services:

Google Drive API — to retrieve your Drive metadata using your OAuth token. Google's use of your data is governed by Google's Privacy Policy.
Google Play Billing — to process in-app purchases. Payment data is handled entirely by Google and is subject to Google's terms.

The App does not include any third-party analytics, advertising, crash reporting, or tracking SDKs. No data is sent to any server other than Google's, and only in direct response to your actions within the App.

5. User-Initiated Exports and Sharing

You may choose to export data from the App in the following formats:

CSV files — containing file metadata (names, paths, sizes, dates, sharing status) for specific views such as duplicates, cleanup targets, or security findings.
PDF reports — containing charts, statistics, and summaries of your Drive analysis.
Encrypted scan backups (.dnbak files) — containing your full scan snapshot, AES-256 encrypted.

Exports are shared via the operating system's share sheet. You are responsible for choosing where exported files are stored or sent. The App does not automatically upload exports to any service.

6. Data Retention and Deletion

Session data (access tokens, in-memory state) is discarded when you sign out or close the App.
Saved scans are retained on your device until you manually delete them via the Saved Scans manager in Settings, or until you uninstall the App.
Preferences are retained until you reset them in Settings or uninstall the App.
Signing out clears your authentication state immediately. Saved scans and preferences remain on-device for your convenience but can be deleted at any time.
Uninstalling the App removes all locally stored data, including saved scans, preferences, and any temporary export files.

7. Children's Privacy

DriveNest is not directed at children under 13. We do not knowingly collect personal information from children. The App requires a Google account to function, and Google account creation is subject to Google's age requirements. Users must meet Google's minimum age requirement in their country to create and use a Google account.

8. Your Rights and Choices

Access: All data the App holds is visible to you within the App itself (scan results, saved scans, preferences).
Deletion: You can delete saved scans, reset preferences, and sign out at any time. Uninstalling the App removes all data.
Revoke access: You can revoke DriveNest's access to your Google account at any time via your Google Account permissions page.
Portability: You can export your scan data as CSV, PDF, or encrypted backup files at any time.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by an updated effective date at the top of this document. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the revised policy.

We consider ads a digital cancer. You will never see advertising in DriveNest — not now, not ever.

DriveNest is developed by Falcon Drive Labs. Google Drive is a trademark of Google LLC. This app is not affiliated with or endorsed by Google.