LinkGuard Privacy Policy

Effective Date: March 6, 2026 | Last Updated: March 6, 2026

Our commitment to transparency: This policy describes, in plain language, every piece of data LinkGuard collects, where it goes, how long it is kept, and who can see it. We believe you deserve to know exactly what happens with your data — no vague language, no hidden practices.

1. Who We Are

LinkGuard is developed and operated by Kaiastra, based in Hyderabad, Telangana, India. LinkGuard is a mobile security app that scans URLs and QR codes to protect you from phishing, malware, and online fraud.

2. Data We Collect — The Complete List

Below is an exhaustive list of every data point LinkGuard collects. There is nothing beyond this list.

2.1 During Device Registration (one-time)

When you first open LinkGuard and accept the privacy policy, the app registers your device with our server. The following is sent:

Data	Example	Why
Random device ID	a1b2c3d4-e5f6-...	To authenticate your device (this is NOT your IMEI, phone number, or Google account)
Platform	"android"	To serve the correct responses
OS version	"14"	To handle version-specific behaviour
App version	"1.8.0"	To ensure compatibility
Device manufacturer	"Samsung"	To troubleshoot device-specific issues
Device model	"Galaxy S21"	Same as above
Device language	"en"	To localise content
Country code	"IN"	To match you with the right reporting authorities

Our server returns a random authentication token and a signing secret. These are stored encrypted on your device using Android Keystore (AES-256-GCM). We store only a one-way hash of your token on our server — we cannot read your token from our database.

2.2 During URL Scans

When you scan a URL (manually, from SMS, or from a QR code), the following is sent to our server:

Data	Sent?	Details
URL hash (SHA-256)	Always	A one-way fingerprint of the URL. We check this against our threat database first.
Original URL	Sometimes	Sent only if the hash is not found in our database and a full scan is needed. Required for our server to visit the page and analyse it.
URL features	Yes	Computed characteristics: URL length, whether it uses HTTPS, number of subdomains, top-level domain, whether it's a shortened URL.
Local risk score	Yes	A 0–100 score computed on your device before sending to the server.
Source	Yes	"manual_scan" or "android" — tells us if you typed the URL or it was detected in a message.
Message text/body	Never	Only URLs are extracted from messages. The message text is never sent to our server or stored.
Sender name or number	Never	We do not send sender information to our server. On your device, sender numbers are masked (e.g., "XXXXXX5678") before being stored locally.

2.3 Periodic Heartbeat

The app periodically sends a lightweight status update to our server:

Total count of URLs scanned (just the number, not the URLs)
Total count of threats detected (just the number)
Device language and country code
Current timestamp

2.4 If You Report a URL

If you choose to report a URL to authorities through the app, the following is sent:

URL hash and the threat type you selected
Your optional description of why it's suspicious
Your country code (to match the right authority)

2.5 If You Submit Feedback

If you voluntarily submit feedback through the app, your star rating (1–5) and optional message are sent. No personal information is attached — only your anonymous device token for authentication.

3. Data We Explicitly Do NOT Collect

We want to be absolutely clear about what LinkGuard does not collect or access:

Message text or content — only URLs are extracted; the rest is discarded immediately
Sender phone numbers or names — never sent to our server
Contacts — we do not read your contacts
Location — we do not request location permissions
Photos, files, or media — we have no access
Call logs — we do not request this permission
Browsing history — we only see URLs you explicitly scan or that appear in messages
Your identity — no name, email, phone number, or Google account is collected
IMEI or hardware serial numbers — we generate a random ID instead

We also do not use any third-party analytics, crash reporting, or advertising libraries. There is no Firebase Analytics, Google Analytics, Facebook SDK, Sentry, Mixpanel, or any similar tracking in LinkGuard.

4. Where Your Data Is Stored

4.1 On Your Device (Local Storage)

Scan history — stored in a local database (Room/SQLite). Contains: the URL, risk score, verdict, threat type, confidence, reasoning, scan source, and masked sender number. This never leaves your device unless you explicitly share it.
API credentials — your device token and signing secret, stored in EncryptedSharedPreferences (AES-256-GCM via Android Keystore).
Transparency log — a local-only record of every interaction between the app and our server. You can view this in Settings at any time. This is never transmitted.
Settings and preferences — your scanning toggles, theme, language, and consent state.
Threat database cache — a periodically updated dataset from our server used for fast local lookups. Contains no personal data.

4.2 On Our Server

Device record — your random device ID, token hash (one-way, not reversible), platform, OS version, app version, manufacturer, model, language, country, registration date, and last active date.
Scan logs — URL hash, risk score, verdict, threat type, confidence, response time, scan source, and timestamp. These are linked to your device ID.
Threat intelligence — URL hashes, domain hashes, threat types, risk scores, proprietary reasoning, and red flags. This data is shared across all users to improve protection.
Reports — URL hash, threat type, your description, and country code.
Feedback — your rating and message.

Important: Our server stores URL hashes, not the original URLs in most cases. A SHA-256 hash cannot be reversed back to the original URL. However, for URLs that required a full scan, the original URL is temporarily processed by our server to visit and analyse the page. The original URL is not permanently stored in our database — only the hash, verdict, and threat analysis are retained.

5. Third-Party Services

LinkGuard interacts with a small number of third-party services. Here is the complete list:

5.1 Google Play Integrity API

We use Google's Play Integrity API to verify that your device is running a genuine, unmodified version of LinkGuard. During attestation:

A cryptographic nonce (random challenge) is sent to Google
Google returns a signed token confirming whether the app is genuine and the device is not compromised
Our server verifies this token and stores the attestation verdict (pass/fail) on your device record

Google's Play Integrity API privacy policy applies to this interaction. We do not send Google any personal data — only the nonce and your app's package name.

5.2 Google ML Kit (On-Device Only)

The QR code scanner uses Google ML Kit's barcode scanning library. This runs entirely on your device. Camera frames are processed locally — no images or data are sent to Google.

5.3 Threat Intelligence (Server-Side Only)

Our server maintains a continuously updated threat database sourced from multiple trusted security intelligence providers. Your device does not contact these providers directly. No personal data is shared with any threat intelligence provider.

5.4 No Other Third Parties

We do not use any advertising networks, social media SDKs, analytics platforms, or data brokers. There are no hidden trackers in LinkGuard.

6. How Data Is Protected In Transit

All communication between LinkGuard and our server is protected by two layers of encryption:

Layer 1 — TLS (HTTPS) with certificate pinning to our server's certificate. This prevents man-in-the-middle attacks, even if a certificate authority is compromised.
Layer 2 — Application-level encryption using AES-256-GCM. Every request body is encrypted with a key derived from your device's signing secret before being sent. Even if TLS were somehow broken, the data would still be encrypted.

Additionally, every request is signed with HMAC-SHA256 to prevent tampering.

7. How URLs Are Classified

Before a URL is classified as safe, suspicious, or malicious, it passes through a 74-point proprietary inspection pipeline spanning both your device and our server:

15 on-device checks
59 server-side checks

This multi-layered approach ensures that threats are caught even when they evade individual detection methods. The specific techniques and scoring algorithms used are proprietary to protect them from being reverse-engineered by attackers.

8. Permissions — Why Each One Is Needed

Permission	Why It's Needed	Optional?
SMS (Read & Receive)	To detect URLs in incoming text messages and scan them for threats	Yes — disabled by default
MMS (Receive)	To detect URLs in incoming MMS messages	Yes — tied to SMS toggle
Camera	To scan QR codes using the built-in scanner	Yes — only used when you open the QR scanner
Notifications	To alert you when a threat is detected	Yes — disabled by default
Display over apps	To show a floating warning when you're about to open a dangerous link	Yes — disabled by default
Internet	To communicate with our scan server	Required
Network state	To check if you're online before making requests	Required
Run at startup	To restart protection after your device reboots (only if you've enabled scanning)	Automatic if scanning is enabled
Foreground service	To keep the scanning service running reliably	Automatic if scanning is enabled
Vibrate	To provide haptic feedback on threat detection	Automatic

All sensitive permissions (SMS, Camera, Notifications, Overlay) are disabled by default and require your explicit action to enable. You can revoke any permission at any time through Android Settings or within the app.

Messages from TRAI-registered senders (banks, government bodies, verified businesses) are automatically excluded from scanning.

9. Data Retention & Deletion

8.1 On Your Device

Local scan history is kept until you delete it. You can delete individual entries or all history from Settings.

8.2 On Our Server

Device records — kept while your device is active. Deleted when you request data deletion.
Scan logs — when you request data deletion, your device ID is removed from scan logs (anonymised). The URL hashes and verdicts are retained as anonymous threat intelligence to protect other users.
Reports and feedback — deleted when you request data deletion.
Threat intelligence — URL hashes, threat types, and verdicts are retained permanently as part of our shared threat database. This data is anonymous and cannot be linked back to any individual user.

What "Delete My Data" does: When you tap "Delete My Data" in Settings, the app deletes all local scan history, clears all preferences, removes your API credentials, asks our server to anonymise your scan logs and delete your reports/feedback, marks your device as inactive, and resets the app to the onboarding screen. The only data that remains on our server are anonymous URL hashes and threat verdicts that cannot be traced back to you.

10. Your Rights Under DPDPA

In accordance with India's Digital Personal Data Protection Act (DPDPA), 2023, you have the right to:

Withdraw consent — tap "Withdraw Consent" in Settings. All scanning stops immediately, both background services are shut down, and the app resets to the onboarding screen. Your local scan history is preserved (in case you want to re-consent later), but no new scanning occurs.
Delete your data — tap "Delete My Data" in Settings. This erases all local data and anonymises your server-side data as described above.
Access your data — view your complete scan history within the app. View the transparency log in Settings to see a record of every interaction between the app and our server.
Correct your data — if you believe a scan result is incorrect, you can report it through the app.

11. Transparency Log

LinkGuard includes a built-in transparency log that records every communication with our server. For each interaction, the log shows:

The timestamp
The type of interaction (URL Scan, Quick Scan, Device Registration, Feedback, etc.)
Exactly what data was sent to the server
What data was explicitly NOT sent

This log is stored only on your device and is never transmitted. You can view it at any time in Settings. We created this log because we believe you should be able to verify our privacy claims for yourself.

12. Family Mode

LinkGuard includes an optional Family Mode that allows family members to coordinate protection settings. All family data (family code, member list, roles, protection profiles) is stored locally on each device only. There is no central server-side family management. Family data is never transmitted to our server.

13. Children's Privacy

LinkGuard is not directed at children under the age of 18. We do not knowingly collect data from children. If you believe a child has provided data through LinkGuard, please contact us for immediate deletion.

14. Data Sharing

We do not sell, rent, or trade your data to anyone — ever. We do not show ads or use data for advertising or profiling.

Anonymised threat signatures (URL hashes, threat type, risk score) may be shared with trusted security partners and used across products to protect more people. These signatures contain no personal data, message content, or sender information — only the mathematical fingerprint of the malicious URL and the type of threat it poses.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app. Continued use of LinkGuard after such updates constitutes acceptance of the revised terms. You can always review the latest version in Settings or at this URL. All previous versions will be archived and available upon request.

16. Open Questions? Contact Us

If you have any questions about this Privacy Policy, want to know exactly what data we hold about your device, or want to request deletion, contact us at:

Email: support@kaiastra.in

Developer: Kaiastra, Hyderabad, Telangana, India

We aim to respond to all privacy-related enquiries within 48 hours.