Privacy Policy
Fin is built to be local-only and privacy-respecting. This policy describes what the Android app does and does not do.
Data Fin collects
None is sent anywhere. Fin has no servers and the MVP holds no INTERNET permission. All data you generate — saved NFC scans, BLE notes, Wi-Fi diagnostics, door-lock audits, hidden-device checklists, and the HCE demo credential — is stored only on your device.
Identifier redaction
Hardware identifiers can be used to track devices. Fin redacts them by default:
- NFC UIDs show only the first and last byte unless you explicitly reveal them.
- BLE MAC addresses and Wi-Fi BSSIDs are masked to first/last octet.
- Reports default to redacted output; raw identifiers are opt-in per export.
- Raw identifiers are never written to logs in release builds.
Permissions
Permissions are requested just-in-time and only for the active tool. See Android permissions for the full list and rationale. Fin does not request contacts, SMS, microphone, background location, call logs, accessibility, device admin, or overlay permissions.
Backups
Fin opts out of Android cloud backup and device-transfer for its data, so saved notes and the toy credential do not leave the device through backup.
Your control
The Reports screen includes a “Clear all local data” action that erases saved scans, notes, audits, and checklist data. Uninstalling the app removes everything.