← Back to Legal Home
Introduction
DocsShelf ("we", "our", or "us") is a privacy-first document management application. This Privacy Policy explains our approach to data collection and storage when you use the DocsShelf mobile application (the "App").
Our Privacy Commitment
DocsShelf is designed with privacy as a core principle:
- All data is stored locally on your device only
- We do not store your documents on our servers by default
- We do not include third-party advertising or analytics SDKs
- We do not share any information with third parties
- We have no access to your documents, passwords, or personal information
Information Storage
What is Stored Locally on Your Device
All information remains exclusively on your device:
- Account Information: Email address, encrypted password hash, name, and optional phone number
- Documents: Files you upload (images, PDFs, scans) and their metadata
- Organization Data: Categories, tags, and document organization preferences
- Settings: App preferences and configuration options
- Security Settings: MFA configuration and biometric authentication preferences
What We Do NOT Collect
We explicitly do not collect:
- Your documents or their contents
- Usage analytics or behavioral data
- Advertising identifiers for tracking purposes
- Your master password in plain text
Note: Depending on your device/app store settings, the platform (e.g., Android/Google Play) may provide limited diagnostic information such as crash reports to help improve stability.
How Your Data is Used
Your data is used exclusively on your device to:
- Provide document storage and organization functionality
- Authenticate your access to the app
- Enable search, filtering, and categorization features
- Generate local encrypted backups when you choose to create them
- Maintain app preferences and settings
Data Security
Local-Only Storage
- All data resides exclusively on your device
- Database: Encrypted SQLite database using SQLCipher with AES-256-GCM encryption
- Documents: Stored in your device's secure, sandboxed file system
- No Network Transmission: Your data never leaves your device automatically
- No Cloud Synchronization: We do not operate any cloud storage or sync services
Security Features
- Password Protection: Passwords are stored as salted, one-way hashes
- Database Encryption: AES-256 encryption for stored data
- HMAC Verification: Cryptographic integrity verification prevents data tampering
- Multi-Factor Authentication: Optional TOTP-based MFA (industry-standard 6-digit codes)
- Biometric Authentication: Optional Face ID/Touch ID/Fingerprint support
- Session Management: Automatic timeout and lockout after inactivity
- Brute Force Protection: Account lockout after failed login attempts
Data Sharing and Third Parties
No Data Collection or Sharing
Because all data is stored locally on your device:
- We do not collect any user data
- We do not share data with third parties
- We do not sell, rent, or trade any information
- We do not use analytics or tracking services
- We have no access to your documents or personal information
No Third-Party Services
The app does not integrate with any third-party services for:
- Analytics or usage tracking
- Advertising or marketing
- Cloud storage or synchronization
- Crash reporting or diagnostics
- Social media integration
Legal Compliance Exception
Since we do not collect or have access to your data, we cannot provide user information to third parties, law enforcement, or legal authorities. Only you have access to data stored on your device, subject to your device's security and any legal obligations you may have regarding your own device.
Backups and Data Export
User-Controlled Backups
You have complete control over your data backups:
- Manual Backups: Create encrypted backup files at any time
- Export Location: Choose where to save backups (device storage, USB, external storage)
- Encryption: All backups are encrypted with your password
- No Automatic Cloud Upload: Backups are never automatically uploaded to any server
- Your Responsibility: You choose where and how to store backup files
If You Choose Cloud Storage
If you manually save backup files to a cloud service (Google Drive, Dropbox, etc.):
- This is your independent action, not a feature of DocsShelf
- Your backup files remain encrypted
- The cloud provider's privacy policy applies to files you store there
- We do not have any relationship with or access to third-party cloud services you may use
Your Rights and Control
You have complete control over your data:
- Access: View all data within the app at any time
- Export: Create encrypted backups whenever you want
- Delete: Remove documents, categories, or your entire account locally
- Transfer: Export your data in .docsshelf backup format
- No Account Recovery: If you forget your password, data cannot be recovered (by design for security)
Data Retention and Deletion
Since all data is stored locally on your device:
- Data exists only on your device
- Uninstalling the app deletes all data unless you created backups
- Deleting your account removes all data from your device
- Device reset or factory wipe removes all data
- We do not retain any data on servers as we have no servers storing user data
Children's Privacy
DocsShelf is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.
International Users
DocsShelf is designed for local, on-device storage. If you export data (e.g., share a document or upload a backup to a third-party service you choose), that export may be subject to the policies and laws applicable to that destination.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in the app or legal requirements. Continued use of the app after changes constitutes acceptance of the updated policy. Material changes will be communicated through app updates.
Feedback
We value your feedback and questions about this Privacy Policy.