Privacy Policy

1. Overview

Neoxtemus is an offline encrypted vault application developed by NeoXten Studios, a brand of PLASTYPESA S.R.L., a company registered in Romania, EU. This privacy policy explains what data Neoxtemus collects (and does not collect), how it is processed, and your rights.

Neoxtemus is designed with a strict zero-knowledge, local-only architecture. We cannot access your vault, your master password, or any data you store in the application.

2. Data We Do NOT Collect

The Neoxtemus application does not collect, transmit, or store any of the following:

• Vault contents (passwords, notes, files, secrets, 2FA codes)
• Master password, PIN, recovery phrase, or encryption keys
• Biometric data (fingerprint templates remain in the Android Keystore; Neoxtemus never accesses raw biometric data)
• Usage analytics, telemetry, crash reports, or diagnostic data
• Device identifiers, advertising IDs, or location data
• Contacts, call logs, SMS, calendar, or any other device data

There is no analytics SDK, no Firebase, no crash reporting library, and no tracking code in the application binary.

3. Data Stored Locally on Your Device

All user data is stored exclusively on your device in encrypted form:

• Vault database: Encrypted with AES-256-GCM. Stored in the app's private data directory. Inaccessible to other apps.
• Encrypted file attachments: Stored in the app's private data directory.
• Settings and preferences: Stored locally. No sensitive data in preferences.
• Audit log: Stored locally. Records vault access events (lock, unlock, export). Exportable by the user as CSV.
• Encrypted backups (.nex files): Created by the user and stored where the user chooses. Neoxtemus does not upload or manage these files.

Neoxtemus has no cloud sync, no remote storage, and no server that receives any of this data.

4. Network Activity

Neoxtemus operates fully offline. The only network activity is:

• License activation: When you first activate your license, the app sends your purchase email to our license server (license.neoxten.com) to verify your purchase and retrieve a license key. This is a one-time operation. No vault data is transmitted.
• No other network calls: After activation, Neoxtemus makes no network requests. All vault operations, OCR, TOTP generation, and encryption run entirely offline.

5. Android Permissions

Neoxtemus requests only the permissions necessary for its core functionality:

• Camera (optional): Used for on-device OCR to photograph documents, Wi-Fi labels, or credentials. Images are processed locally and never uploaded.
• Biometric / Fingerprint (optional): Used to enable fingerprint unlock. Biometric data is handled by the Android Keystore system; Neoxtemus never accesses raw biometric templates.
• Storage / Files (optional): Used to import files into the encrypted vault and to export encrypted backups.
• Internet: Used only for one-time license activation.

6. Website & Purchase Data

When you visit neoxten.com or purchase Neoxtemus:

• Hosting: The website is hosted on Vercel. Standard server logs (IP address, page visited) may be collected by Vercel for security and operational purposes.
• Payment: Payments are processed by Stripe. We receive your email address and purchase confirmation. We do not see, process, or store credit card details. Stripe's privacy policy applies to payment processing.
• License records: We store your purchase email and license key on our license server to enable activation. No vault data or app usage data is stored.

7. Data Retention & Deletion

App data: All vault data is stored on your device. Uninstalling the app or deleting the vault file removes all data. We have no copy to retain.

Purchase records: We retain your purchase email and license key for the duration of your license (lifetime) to provide activation and support services. To request deletion, email us.

8. Children's Privacy

Neoxtemus is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through the purchase process, contact us and we will delete it.

9. Your Rights (GDPR / EU)

As a company registered in the EU (Romania), we comply with the General Data Protection Regulation. You have the right to:

• Access the personal data we hold about you (limited to purchase email and license key)
• Request correction or deletion of your data
• Object to processing of your data
• Lodge a complaint with your local data protection authority

Because Neoxtemus collects virtually no data from the application itself, most GDPR rights relate only to purchase records.

10. Third-Party Services

• Stripe — payment processing (stripe.com/privacy)
• Vercel — website hosting (vercel.com/legal/privacy-policy)

No third-party SDKs or services are embedded in the Neoxtemus application itself.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be communicated via the website.

12. Contact

For privacy inquiries, data deletion requests, or questions about this policy:

PLASTYPESA S.R.L. (trading as NeoXten Studios)
Email: neoxtenstudios@gmail.com
Registered in Romania, European Union