Your privacy.
In plain language.
NoSpy was built on one principle: the app that protects your privacy should never compromise it. Here’s exactly what we collect, what we don’t, and why.
ever uploaded
ad networks
detection
to data requests
1 · Who We Are
The company behind NoSpy.
NoSpy is developed and operated by HiddenSec. This Privacy Policy applies to the NoSpy iOS application, the website at hiddensec.com, and any related services we operate.
2 · What We Collect
The minimum required to run the service.
We collect four categories of data — and only when strictly necessary for the function described.
| Data type | Examples | Purpose |
|---|---|---|
| Account data | Email address (Pro subscribers only) | Subscription management & support replies |
| Purchase data | App Store transaction ID | Verifying active subscription status |
| Crash & diagnostics | Device model, iOS version, crash log | Identifying and fixing bugs |
| Aggregated analytics | Feature usage counts, session length | Product improvement — never tied to identity |
3 · What We Never Collect
This data never leaves your device.
NoSpy’s offline-first design means the following data is processed locally and never transmitted — on any plan.
📷 Camera footage & scan images
Every AI lens scan runs entirely on-device using local ML. Your camera feed is never recorded, transmitted, or accessible to us.
📡 Wi-Fi & Bluetooth scan results
Devices detected during a Wi-Fi or Bluetooth audit are displayed only on your screen. That data is never sent to our servers.
📍 Location & GPS
NoSpy does not request, access, or store your location at any point. The app has no location permission in its manifest.
🧲 Magnetic sensor readings
Magnetometer data used during sweeps is processed in memory only and discarded when the scan ends. Nothing is logged.
We cannot see your scan results — not because of a policy, but because that data never reaches us. All detection is on-device. This is an architectural guarantee, not a promise.
4 · How We Use Your Data
Six purposes. Nothing else.
We use data we collect for the following purposes only — listed in full.
5 · Data Sharing
Three partners. No data brokers. No advertisers.
We share data with third parties only where strictly necessary to operate the service. Here is the complete list.
🍎 Apple App Store
Handles all payment processing. We receive only a transaction confirmation — Apple processes all card data under their own Privacy Policy.
🛠 Crash reporting provider
Anonymous crash logs (device model, iOS version, crash trace) may be processed by a third-party diagnostics service. These logs contain no personal identifiers.
✉ Transactional email provider
Your email address is stored with our email provider solely for the purpose of replying to support requests and sending subscription-related messages.
🚫 Everyone else
We do not sell, rent, trade, or share your personal data with advertisers, data brokers, analytics platforms, or any other third party.
6 · Data Retention
We keep data only as long as we need it.
Specific retention periods for each data type, with automatic deletion where applicable.
| Data type | Retention period | Deletion trigger |
|---|---|---|
| Account & subscription data | Duration of subscription + 12 months | Account deletion request or lapse |
| Crash logs | 90 days | Automatic — no action required |
| Support emails | 24 months from last message | Manual deletion on request |
| Aggregated analytics | Indefinite (anonymised only) | No individual records are retained |
7 · Your Rights
What you can ask us to do — and how.
Depending on your jurisdiction (GDPR, CCPA, UK GDPR, and equivalent laws), you have some or all of the following rights.
Data rights
- Access — request a copy of your personal data
- Correction — ask us to fix inaccurate data
- Deletion — request erasure of your data
- Portability — receive your data in machine-readable format
Processing rights
- Objection — object to certain types of processing
- Restriction — limit processing while a complaint is investigated
- Opt-out — withdraw consent for marketing at any time
- Complaint — lodge a complaint with your data protection authority
8 · Children’s Privacy
NoSpy is not for children under 13.
We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us with personal information, contact us at privacy@hiddensec.com and we will delete it promptly.
9 · Security
How we protect the data we do hold.
We apply technical and organisational measures proportionate to the limited data we process.
🔐 Encryption in transit
All data in transit is encrypted using TLS 1.2 or higher. No personal data is transmitted over unencrypted connections.
🔑 Access controls
Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.
📋 Periodic reviews
We review our data handling practices regularly to identify and address new risks.
🚨 Breach notification
In the event of a breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.
10 · Changes to This Policy
How we handle updates to this policy.
We may update this Privacy Policy from time to time. Here’s how we handle that.
Privacy questions?
Our data privacy team responds to every request within 30 days.
No automated replies. No boilerplate.
← Back to HiddenSec