Skip to main content

Privacy policy

Legal · Privacy Policy

Your privacy.
In plain language.

NoSpy was built on one principle: the app that protects your privacy should never compromise it. Here’s exactly what we collect, what we don’t, and why.

Last updated: May 31, 2026
0
Scan results
ever uploaded
0
Third-party
ad networks
100%
Offline
detection
30 days
Max response time
to data requests

The company behind NoSpy.

NoSpy is developed and operated by HiddenSec. This Privacy Policy applies to the NoSpy iOS application, the website at hiddensec.com, and any related services we operate.

Data controller: HiddenSec. For all privacy matters — requests, questions, complaints — contact us at privacy@hiddensec.com. We respond within 30 days.

The minimum required to run the service.

We collect four categories of data — and only when strictly necessary for the function described.

Data type Examples Purpose
Account data Email address (Pro subscribers only) Subscription management & support replies
Purchase data App Store transaction ID Verifying active subscription status
Crash & diagnostics Device model, iOS version, crash log Identifying and fixing bugs
Aggregated analytics Feature usage counts, session length Product improvement — never tied to identity
Free plan users: if you use NoSpy without creating an account, we collect only anonymous crash reports and aggregated analytics. No email, no profile, no payment details.

This data never leaves your device.

NoSpy’s offline-first design means the following data is processed locally and never transmitted — on any plan.

📷 Camera footage & scan images

Every AI lens scan runs entirely on-device using local ML. Your camera feed is never recorded, transmitted, or accessible to us.

📡 Wi-Fi & Bluetooth scan results

Devices detected during a Wi-Fi or Bluetooth audit are displayed only on your screen. That data is never sent to our servers.

📍 Location & GPS

NoSpy does not request, access, or store your location at any point. The app has no location permission in its manifest.

🧲 Magnetic sensor readings

Magnetometer data used during sweeps is processed in memory only and discarded when the scan ends. Nothing is logged.

⚠ Core commitment

We cannot see your scan results — not because of a policy, but because that data never reaches us. All detection is on-device. This is an architectural guarantee, not a promise.

Six purposes. Nothing else.

We use data we collect for the following purposes only — listed in full.

1
Operate the app — to provide, maintain, and update NoSpy’s core functionality.
2
Process subscriptions — to verify your App Store purchase and unlock Pro features.
3
Provide support — to respond to emails sent to us. We reply only; we do not initiate contact.
4
Fix crashes — to identify technical errors and push fixes in app updates.
5
Improve the product — using anonymous, aggregated feature usage counts only. No individual profiles are built.
6
Send transactional emails — subscription receipts, renewal reminders, and cancellation confirmations for Pro subscribers. We do not send marketing emails unless you explicitly opt in.

Three partners. No data brokers. No advertisers.

We share data with third parties only where strictly necessary to operate the service. Here is the complete list.

🍎 Apple App Store

Handles all payment processing. We receive only a transaction confirmation — Apple processes all card data under their own Privacy Policy.

🛠 Crash reporting provider

Anonymous crash logs (device model, iOS version, crash trace) may be processed by a third-party diagnostics service. These logs contain no personal identifiers.

✉ Transactional email provider

Your email address is stored with our email provider solely for the purpose of replying to support requests and sending subscription-related messages.

🚫 Everyone else

We do not sell, rent, trade, or share your personal data with advertisers, data brokers, analytics platforms, or any other third party.

We keep data only as long as we need it.

Specific retention periods for each data type, with automatic deletion where applicable.

Data type Retention period Deletion trigger
Account & subscription data Duration of subscription + 12 months Account deletion request or lapse
Crash logs 90 days Automatic — no action required
Support emails 24 months from last message Manual deletion on request
Aggregated analytics Indefinite (anonymised only) No individual records are retained
To request deletion of your account data, email privacy@hiddensec.com. We will action all deletion requests within 30 days.

What you can ask us to do — and how.

Depending on your jurisdiction (GDPR, CCPA, UK GDPR, and equivalent laws), you have some or all of the following rights.

Data rights

  • Access — request a copy of your personal data
  • Correction — ask us to fix inaccurate data
  • Deletion — request erasure of your data
  • Portability — receive your data in machine-readable format

Processing rights

  • Objection — object to certain types of processing
  • Restriction — limit processing while a complaint is investigated
  • Opt-out — withdraw consent for marketing at any time
  • Complaint — lodge a complaint with your data protection authority
To exercise any right, email privacy@hiddensec.com. We respond within 30 days and do not charge for reasonable requests.

NoSpy is not for children under 13.

We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us with personal information, contact us at privacy@hiddensec.com and we will delete it promptly.

How we protect the data we do hold.

We apply technical and organisational measures proportionate to the limited data we process.

🔐 Encryption in transit

All data in transit is encrypted using TLS 1.2 or higher. No personal data is transmitted over unencrypted connections.

🔑 Access controls

Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

📋 Periodic reviews

We review our data handling practices regularly to identify and address new risks.

🚨 Breach notification

In the event of a breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

How we handle updates to this policy.

We may update this Privacy Policy from time to time. Here’s how we handle that.

1
We revise the “Last updated” date at the top of this page whenever any change is made.
2
For material changes, we notify you via an in-app notice or email (Pro subscribers) at least 14 days before the change takes effect.
3
Your continued use of NoSpy after the effective date constitutes acceptance of the revised policy.
4
Previous versions of this Privacy Policy are available on request at privacy@hiddensec.com.

Privacy questions?

Our data privacy team responds to every request within 30 days.
No automated replies. No boilerplate.

Email privacy@hiddensec.com
← Back to HiddenSec