Privacy Policy

What the app collects, and where it stays

Everything below is written to the app's private storage on your device and read only by the app itself:

• Wifi scan results - SSID, BSSID, RSSI, frequency, channel width, capabilities, and timestamp, returned by Android when you tap Start scan.
• Motion-tracking data from ARCore - 6-DoF device pose (position and orientation) used to place each Wifi sample on your floor plan.
• Location fixes - the app records location fixes during a scan to remember where the scan was taken. Accuracy depends on the provider Android selects (Fused / Network / GPS, in that priority); fixes are sampled at scan start, approximately every 60 seconds during a scan, and at scan end. Stored in the scan's private folder; never transmitted off your device. Android requires the location permission and the system Location toggle to be on before it returns any Wifi scan results, so scans always run with location available - the fixes are simply stored with the scan and go nowhere else.
• Connection history (live tools) - which of your network's access points the phone was connected to, with timestamp and signal info, kept on your device for 24 hours to power the roaming-history view, then deleted automatically.
• Pen strokes you draw on your floor plan.
• Photos you take during a scan as visual reference points - saved to the scan's private folder, not to your device gallery.
• Floor-plan images you import (optional) - if you add a background image to a scan (for example a floor plan from your photos or files), a resized copy is stored in that scan's private folder. It appears in exports and backups you create.
• Names and labels you type for projects and floors.
• App preferences - theme, colormap and palette (including a custom hue), app language, measurement units, scan and overlay options, tutorial and hint flags, your crash-report choice, whether the rate-this-app card has been shown, when you last made a backup, and a cached record of the ad-free purchase.

None of this is transmitted to us. No copy is kept off your device by NetLens.

What ad and billing partners collect

These are the only third-party data flows in the app. They run only when you interact with their features:

• Google AdMob (banner ads, free tier only) - when ads are shown, AdMob's SDK collects your Android advertising ID, IP address, approximate location (derived from IP), and limited device info (model, OS version) to serve and measure ads. On Android 13+, the ads SDK may also use Android's Privacy Sandbox (the Topics and attribution-reporting APIs) as part of ad delivery and measurement, subject to your device's Privacy Sandbox settings. This is governed by Google's Privacy Policy. You can reset your advertising ID at any time in Android Settings → Privacy → Ads. The one-time ad-free in-app purchase removes ads entirely; once removed, AdMob is no longer initialised.
• Google User Messaging Platform (consent form) - in the European Economic Area, the United Kingdom, Switzerland, and US states that require it, NetLens shows Google's consent form on first launch so you can choose between personalised and non-personalised ads, or decline. Your choice is stored on-device by the UMP SDK and can be changed any time via Settings → "Ad privacy choices".
• Google Play Billing (ad-free in-app purchase) - when you tap Remove ads & watermark, the Play Billing SDK opens Google's payment UI. Google handles the transaction; the app receives only the entitlement result ("ad-free: yes/no"). Payment details are never seen by the app. Governed by Google Play's terms.
• Google Play (app updates and the rating card) - each time the app opens or returns to the foreground, it asks the Google Play Store app on your device whether a newer NetLens version is available; accepting downloads the update through Play. After your second completed scan, the app may also ask Google Play once to show its rate-this-app card. Both exchanges are handled by Google Play on your device, carry no scan data, and are governed by Google's Privacy Policy.

That's the full list. The app does not contact any other server.

Crash reporting (opt-in)

If the app crashes, the next launch asks whether to send a diagnostic crash report through Firebase Crashlytics, a service provided by Google. Nothing is transmitted unless "Send" is chosen. A report contains technical diagnostics only - such as the crash stack trace, the app version, device information (model, Android version, available memory, and whether the device is rooted), and an anonymous Crashlytics installation identifier used to group reports. It is not tied to your identity and never includes Wifi network names, scan data, signal measurements, location, or saved scans. This choice can be set to always send, or to never ask again, at any time in Settings; declining deletes the pending report from the device.

What we do not do

• No accounts, logins, or user IDs of our own.
• No analytics or behavioral telemetry beyond what the Google Play Console automatically receives for any app on the Play Store, the Google Play exchanges described above, and the ad-delivery traffic from AdMob described above.
• No cloud sync or cloud backup performed by the app, and no third-party servers of ours. (A backup file you create in Settings is written only to the location you choose - if you pick a cloud folder there, that copy lives under your own account; the app never sees it again.)
• No access to your contacts, calendar, microphone, or gallery - the only image the app ever receives is one you explicitly pick when importing a floor plan.
• No selling or sharing of data with anyone.

Android permissions, and why each is needed

• Camera - used by ARCore (Google's on-device motion-tracking library) to track the position and orientation of your device so Wifi samples can be placed on a floor plan. Camera frames are consumed by ARCore on-device and are not retained between frames or transmitted anywhere. Photos you explicitly take during a scan are the only camera output saved, and they're saved to that scan's private folder.
• Location (precise or approximate) + Nearby Wifi devices - Android requires location permission to return Wifi scan results, even when you're not using a location provider; Android lets you grant precise or approximate location, and scans require the permission (and the system Location toggle) either way. We use those results only to measure signal strength and frequency. We do NOT use this permission to track where you are or send your location anywhere; the only location records the app keeps are the per-scan fixes described below.
• Location fixes (same permission) - during a scan the app records location fixes, using whichever provider Android selects (Fused, Network, or GPS). The accuracy and source depend on Android's choice. Fixes are stored only in the scan's private file. Not transmitted.
• Foreground service + Post notifications - the notification shown while a scan is active keeps Android from killing the scan when your screen is off.
• Internet - used for AdMob banner ads (free tier), the ad-free in-app purchase (Play Billing), update checks and the optional rating card through Google Play, and an opt-in crash report if you choose to send one. With ads removed, outbound traffic is limited to those Google Play exchanges, a crash report you agree to send, and an anonymous Firebase diagnostic check-in.

Sharing from the app

Data leaves your phone only when you explicitly create a file and choose where it goes:

• Tapping Export writes the PNG, CSV, or PDF (or a ZIP for multi-scan project exports) into a sandboxed app-private location and hands you Android's system share sheet.
• Settings → Backup writes a backup ZIP of the scans you select (photos included unless you untick them) to the location you pick in Android's file picker - which may be a cloud folder such as Google Drive if you choose one. The app keeps no access to a backup after writing it.

Whatever you do with these files from there is your choice and is governed by the receiving app's or storage provider's policies, not ours.

Data retention

As long as the app is installed, your data lives in its private data directory. Uninstalling the app removes everything the app stores - there is no cloud record kept by us, so there is nothing left behind on our side. Files you created yourself (exports you shared, backup ZIPs you saved) remain wherever you put them until you delete them.

Android's automatic backup to Google Drive is disabled for this app (android:allowBackup="false" and an explicit data-extraction rule). Your scans are not copied to Google Drive or anywhere else unless you explicitly export or back them up and choose such a destination yourself.

Your privacy rights (GDPR, UK GDPR, CCPA, and equivalents)

We hold no personal data on any server we control - there is no record we could send you, correct, port, or delete on request. The practical effects:

• Right of access, rectification, erasure, portability: Uninstalling the app deletes all NetLens data on your device. You can also use Settings → Apps → NetLens → Storage → Clear data to wipe scans without uninstalling. Exported files and backups you've already shared or saved are out of our reach. (The app keeps the generated export file in its own app-scoped folder so the share sheet can deliver it; that copy is removed when you clear the app's data or uninstall.)
• Right to object / withdraw consent: Buy the one-time ad-free in-app purchase to remove AdMob entirely, or use the in-app "Ad privacy choices" row (Settings) to revisit your UMP consent in regulated regions.
• California Consumer Privacy Act (CCPA): NetLens does not sell or share personal information. AdMob's ad-delivery traffic is described in the third-party section above and is governed by Google's privacy policy.
• Lawful basis (GDPR): Capture, analysis, and storage of your scans rely on your direct interaction with the app on your own device - no transfer happens. AdMob's ad-delivery is the only third-party data flow; in the EEA / UK / CH it runs on your UMP consent choice (personalised, non-personalised, or no ads if you buy the ad-free in-app purchase).
• Complaints: EEA / UK residents have the right to lodge a complaint with their national data-protection authority.

For any privacy question, the contact is DopamineFixx@proton.me.

Children's privacy

The app is not directed at children under 13 (United States) or under 16 (European Economic Area / United Kingdom). It does not knowingly collect personal information from anyone, including children. In regions whose rules require consent (EEA, UK, Switzerland, and regulated US states), ads are non-personalised unless personalised advertising is accepted in Google's consent form; elsewhere, Google may serve personalised ads by default, which you can limit by resetting or deleting your advertising ID in Android Settings. If you believe a child has used the app in a way that requires attention, contact DopamineFixx@proton.me.

Security

Because Wifi and motion data never leaves your device, the main protection against loss is Android's app sandbox and the lock on your phone. The app does not expose a network service. The app's FileProvider shares files only when you tap Export and pick a destination, and the Backup feature writes a file only to the location you pick in Android's file picker.

The netlens.fyi website

The website sets no cookies and runs no analytics. The landing pages load one font family from Google Fonts, which means Google receives your IP address and standard browser details for that font request; the privacy and terms pages load no third-party resources. Your language choice on the site is remembered in your browser's local storage and is never sent anywhere.

Your choices

• Remove ads: buy the one-time ad-free in-app purchase via the in-app paywall.
• Reset advertising ID: Android Settings → Privacy → Ads → Reset advertising ID. AdMob will start fresh.
• Opt out of personalised ads: Android Settings → Privacy → Ads → Delete advertising ID (Android 12+).
• Revisit UMP consent (EEA / UK / CH / regulated US states): Settings → "Ad privacy choices".
• Delete all data: uninstall the app, or use Settings → Apps → NetLens → Storage → Clear data.

Changes to this policy

If the policy ever changes, the updated version will ship with the next app release and the effective date at the top will be updated.

Contact

Questions or concerns about this policy? Email DopamineFixx@proton.me.