All policies ToolVault · Legal

ToolVault Privacy Policy

Effective date: June 11, 2026

This policy covers the ToolVault Android app, published by UnluckyTech. ToolVault helps you find apps that spam your device with pop-up ads by monitoring which apps come to the foreground and flagging suspicious patterns.

The Short Version

  • Your app-usage data stays on your device. We never upload your activity log, your installed-app list, or your usage history.
  • The app has no account system and no analytics. We don’t know who you are.
  • If you choose to report an app as adware, that single report is sent to our server — anonymously.
  • The free version shows ads via Google AdMob, which involves Google collecting advertising data as described below.

Data That Stays on Your Device

To do its job, ToolVault needs Android’s Usage Access permission, which lets it see which app is in the foreground. Using it, the app records foreground sessions (app name, package, time, and duration) and flags apps that appear with suspicious frequency. The app also reads your installed-app list so it can show the name and icon of any app it observes.

All of this — the activity log, flagged apps, statistics, and your settings — is stored in a local database on your device only. It is never transmitted to us or anyone else, and uninstalling ToolVault deletes it.

Data Sent Off Your Device

1. Adware Reports (only if you submit one)

When you choose to report an app as an ad source, the report is sent to our server (adwatch.unluckytech.com) to help build a community-sourced list of known adware. A report contains:

  • the reported app’s package name and display name,
  • the report category and an optional note you write,
  • the time of the report,
  • a random, anonymous installation token (generated on your device; our server stores only a salted hash of it, and it’s used solely for rate-limiting and de-duplication — it identifies an installation, not a person), and
  • it may include a Google Play Integrity token, used once to verify the report comes from a genuine app on a genuine device (see Play Integrity below).

Like any web request, a submission also exposes your IP address to our server. We use it only for rate-limiting and never store it raw — only a salted, one-way hash.

Reports contain no personal information, no contact details, and nothing about your own usage of your device. Reinstalling the app resets the installation token.

2. Known-Adware List

The app periodically downloads the community adware list from our server. Like any web request, this exposes your IP address to our server while the download happens; we don’t use it to identify you.

3. Advertising (Google AdMob — free version)

The free version of ToolVault displays ads served by Google AdMob. To serve and measure ads, Google may collect your device’s advertising ID, IP address (from which it may infer your approximate location), device information, and ad-interaction and diagnostic data, as described in How Google uses information from sites or apps that use its services. In the European Economic Area and the UK, the app asks for your consent before showing personalized ads, and you can change that choice in the app. You can also reset or delete your advertising ID in Android settings.

4. Purchases (Google Play Billing)

The optional Pro upgrade is a monthly or yearly subscription processed entirely by Google Play (you can also earn ad-free time by watching rewarded ads — those points never leave your device). We receive confirmation that a subscription is active, but no payment details and no personal information. Google’s handling of your payment data is covered by the Google privacy policy.

5. Google Play Integrity

To keep fake reports out of the community adware list, report submissions may include a Play Integrity verdict. This involves Google Play services collecting device and app integrity signals as described in Google’s documentation; we receive only the resulting verdict, not the underlying device data.

6. Technician Mode (repair professionals)

ToolVault includes an optional Technician mode for repair shops, unlocked with an access key we issue to the business. When a key is entered, it is sent to our server together with the anonymous installation token to check that it’s valid, and while the mode is active the key accompanies adware-report submissions (so technicians cleaning a heavily infected device aren’t rate-limited). The key identifies the repair business it was issued to — not you or your device — and it is deleted from the device when Technician mode is turned off.

Permissions Explained

  • Usage Access — to see which app is in the foreground. Core function; data stays local.
  • Query all packages — to resolve the name and icon of any app the monitor observes, since adware can be any installed app. The list is used on-device only.
  • Foreground service & notifications — to keep monitoring while the app is in the background and show the persistent status notification.
  • Run at startup — to resume monitoring after a reboot, if you had it enabled.
  • Internet — for ads, the community list, and report submission only.

Data Retention & Deletion

Local data: deleted when you uninstall the app (or clear its storage). Submitted adware reports are anonymous and are retained to maintain the community list — they’re what makes the detection useful over time. Because they contain no personal information, they can’t be linked back to you. If you have any concern, email us and we’ll help.

Children

ToolVault is not directed at children under 13, and we do not knowingly collect personal information from anyone, including children.

Changes

If this policy changes, the effective date above will be updated. Material changes will be noted in the app’s release notes.

Contact

Privacy questions: [email protected]
See also the unluckytech.com website privacy policy.