Privacy policy
Effective date: 25 May 2026 · Applies to sha256sum — Checksum & Compare (Android, package net.rygielski.sha256sum).
Short version. The app does not collect, transmit, or share any personal data. It does not request the INTERNET permission, so it cannot reach a network. It accesses only the folders and files you explicitly pick through Android's system file picker. No analytics, no crash reporting, no third-party SDKs, no advertising.
1. Who is responsible for the app
The sha256sum Android application (the "App") is developed and published by Wojtek Rygielski (the "Developer"). The Developer is the sole data controller — to the extent any data processing concept applies at all, given the App processes no personal data.
Questions about this policy may be sent to rygielski@gmail.com.
2. What data we collect
None. Specifically:
- The App does not ask for your name, email, phone number, or any other identifier.
- The App does not have any user accounts, sign-in, or registration system.
- The App does not read or transmit your contacts, calendar, location, microphone, camera, or any system-wide identifiers (advertising ID, device ID, IMEI, MAC, etc.).
- The App does not collect device or usage analytics, app-open events, click-stream data, or session metadata.
- The App does not contain any crash-reporting SDK. Uncaught crashes are handled by the Android operating system; whether you choose to share those reports with Google Play is controlled entirely by your device settings, not by the App.
3. Files you select
The App's purpose is to compute SHA-256 checksums of files you choose and to compare folders and checksum manifest files. To do this, it reads the contents of those files.
All file access goes through the Android Storage Access Framework. This means:
- For each folder or file the App reads or writes, you explicitly pick it via the system file picker. The App does not enumerate, scan, or index any other part of your storage.
- File contents are processed in memory on your device only. Hash digests and comparison results are written to the output file or shown on screen, on your device only.
- Nothing is ever uploaded. The App does not declare the INTERNET permission in its Android manifest, so the Android runtime prevents any network access regardless of the App's behaviour.
The Developer never sees, receives, or has access to any file you process with the App.
4. Permissions the App requests
The App requests only the permissions required for it to function:
- FOREGROUND_SERVICE / FOREGROUND_SERVICE_DATA_SYNC — to keep long hashing or comparison jobs running while the screen is off or the app is backgrounded, and to display a progress notification.
- POST_NOTIFICATIONS (Android 13+) — to display the ongoing-operation progress notification. Denying this permission disables the notification only; the app remains fully functional.
The App does not request:
- INTERNET
- ACCESS_NETWORK_STATE
- Broad storage permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, or MANAGE_EXTERNAL_STORAGE
- Any location, contacts, calendar, camera, microphone, or biometric permissions
5. Children's privacy
The App is suitable for all ages and contains no advertising, user-generated content, or social features. Because no personal data is collected from anyone, no personal data is collected from children either. The App is in compliance with the U.S. Children's Online Privacy Protection Act (COPPA) and the equivalent provisions of the EU General Data Protection Regulation (GDPR) by design.
6. Third parties
The App contains no third-party SDKs, libraries, or services that collect or transmit data. It uses only:
- The Android operating system itself, for cryptographic primitives (SHA-256), file access, and UI rendering.
- Standard open-source libraries that are bundled into the App binary at build time and do not communicate with any external service.
The App is distributed through Google Play. Google Play's own privacy practices — including any data Google collects about the installation itself, such as your device's Play Store interactions, payment history, or aggregated install metrics — are governed by Google's privacy policy and are outside the scope of this document.
7. Data retention & deletion
Because the App stores no personal data on the Developer's infrastructure (there is no infrastructure), there is nothing to retain or delete on the Developer's side. Data the App writes to your device — manifest files you generated, app preferences — lives in storage you control. Uninstalling the App removes its app-private data; files you saved to user-visible locations (e.g. /Download) remain until you delete them yourself.
8. Your rights
Under the GDPR, CCPA, and similar regimes you have the right to know what personal data is held about you, to access or correct it, and to have it deleted. Because the App and the Developer hold no personal data about you, these rights are satisfied trivially: there is no data to disclose, correct, or erase. If you have any doubt or believe this statement is inaccurate, please contact the Developer at rygielski@gmail.com.
9. Security
File contents are read into memory only for the duration required to compute a SHA-256 digest, and discarded immediately after. Manifest files written by the App are written through the system file provider you chose and inherit its access controls. The cryptographic primitive used (SHA-256) is the SHA-2 family hash function specified by NIST FIPS 180-4, provided by the Android platform's java.security.MessageDigest implementation.
10. Changes to this policy
If the App's privacy posture ever changes — for example if a future version were to add an optional network feature — this policy will be updated and the effective date at the top will be revised. The previous version will remain accessible by request. Continued use of the App after a change indicates acceptance of the revised policy.
11. Contact
For privacy-related questions, requests, or concerns, write to rygielski@gmail.com.