Legal
Last updated: February 2026
Effective Date: February 21, 2026 — LockLoom version 1.5.x+
LockLoom collects no data. Period.
No personal information, no usage analytics, no crash reports, no telemetry, no advertising identifiers, and no device fingerprints are collected, transmitted, or stored by LockLoom or LockLoom LLC. We have no servers. We have no accounts. We have no backend infrastructure.
None.
LockLoom operates on a zero-backend architecture. All data processing occurs exclusively on your device. Specifically:
LockLoom stores the following information exclusively on your device in encrypted local storage. This data never leaves your device to our servers (because we have no servers):
| Data Type | Purpose | Storage |
|---|---|---|
| App protection policies | Per-app security configuration | Device-encrypted SharedPreferences |
| Biometric enrollment status | MFA authentication chain | Android Keystore |
| Emergency contact numbers | Distress SOS dispatch | Encrypted local database |
| Distress PIN / codewords | Covert SOS triggering | Salted hash (no plaintext) |
| Cloak icon selection | App disguise preference | SharedPreferences |
| Network cloak settings | Radio toggle preferences | Device-encrypted storage |
| Vault contents | User's encrypted files | ML-KEM-1024 / XChaCha20 |
When a distress code is triggered, LockLoom sends alerts directly from your device to your configured emergency contacts. The data flow is:
Your Device → Your Emergency Contacts
LockLoom LLC is not involved in this transmission. We do not see, store, relay, or have access to:
Your one-time purchase is processed by Google Play. Google's privacy policy governs this transaction. LockLoom receives only a purchase verification token — we do not receive your payment details, Google account email, or any personal information from Google.
If you choose to use Gmail for distress email dispatch, you authenticate directly with Google via OAuth2. LockLoom receives a scoped access token stored only on your device. We never see your Gmail credentials, email content, or contact list.
We cannot share what we do not have.
LockLoom LLC does not share, sell, rent, or disclose any user data to any third party — because we possess no user data. This includes:
If we receive a lawful request for user data, our response is simple: we have no user data to provide. Our zero-backend architecture means we genuinely cannot comply with data production requests because the data does not exist on our infrastructure.
LockLoom is a security application designed for adults. We do not knowingly market to or collect information from children under 13. Since we collect no data from any user of any age, there is no children's data to protect — but we want to be explicit about our intended audience.
Zero days. We retain no user data because we collect no user data. If you uninstall LockLoom, all locally-stored configuration is removed with the app.
Under GDPR, CCPA, and similar privacy regulations, you have the right to access, correct, delete, and port your data. Since we hold no data about you, these rights are automatically satisfied. There is nothing to access, correct, delete, or port.
If we update this privacy policy, the changes will be posted on this page with an updated effective date. Our core commitment — zero data collection — will never change. If we ever need to collect data (we don't anticipate this), we will obtain explicit consent first.
If you have questions about this privacy policy or LockLoom's data practices:
© 2025-2026 LockLoom LLC. All rights reserved.