Privacy Policy

Last Updated: April 19, 2026

BenDevsPro ("we," "us," or "our") operates the VSLA Records App (the "App"). We respect your privacy and are committed to protecting it through our compliance with this policy. The App utilizes a "Zero-Knowledge" architecture for your core financial data, ensuring your ledger remains strictly under your control.

1. Data We Do Not Collect or Read

We do not have the ability to read, collect, or sell your group's financial ledgers, specific member balances, or internal passwords. The underlying financial data is processed locally on your device and encrypted before any transmission.

2. Local Storage & Database Encryption

All financial records entered into the App are stored locally on your device within an encrypted database (using 256-bit AES SQLCipher). Access to this local data requires the internal Admin PIN or device biometric authentication.

3. Active Cloud Sync & Disaster Recovery (Firebase)

To allow group members to download and view their up-to-date balances, the App synchronizes your group's ledger to Google Firebase. This financial payload is strictly encrypted on your device (using PBKDF2 Key Stretching) prior to being uploaded to the cloud. Because BenDevsPro does not possess your physical Quorum Keys, we cannot decrypt, read, or access this synchronized financial data. It is only readable by members using the App with the correct group credentials.

4. User-Generated Media (Profile Photos)

If you choose to assign profile pictures to your group or individual members, these image files are uploaded to our secure Firebase Storage servers. This is necessary so that other members of your group can see the updated photos when they synchronize their App. These images are secured with Firebase server rules and are not used by BenDevsPro for any external purposes.

5. Disaster Recovery Data (Emails & Phone Numbers)

During Group Creation, the App requires a Primary Recovery Email and at least three member phone numbers to establish a secure "Quorum" for data recovery. These emails and phone numbers are stored strictly within your encrypted database and the encrypted cloud backup file. The App only reads this specific data during a Disaster Recovery event or member login sequence to verify identity. BenDevsPro does not harvest or monitor these contact details.

6. Local Notifications & Reminders

The App uses local device scheduling (Android WorkManager) to generate meeting reminders and alerts. These notifications are created entirely on your device. We do not use remote push notification services, and no device tracking tokens are transmitted to our servers to trigger these alerts.

7. Device Permissions

To provide core functionalities, the App requests the following permissions:

• Internet & Network State: Required to sync encrypted ledgers, upload profile photos, and verify secure login links.
• Camera & Storage (Photos/Media): Required to take or select profile pictures. Note: Selected images are uploaded to our cloud servers to sync with your group.
• Biometric Hardware: Used for secure local login. Biometric data is processed entirely by your device's operating system and never leaves your phone.
• Notifications: Required to display local, on-device meeting reminders and group alerts.
• Contacts (Optional): Used locally to let you quickly select a phone number from your address book. We do not upload your entire contact list.

8. Data Deletion & Cycle Closure

Administrators may permanently delete a group's ledger. When confirmed, the App destroys the local encrypted database and issues a command to permanently delete the associated encrypted backup file and photos from Firebase Storage. Surviving local manual backups (.enc) remain strictly on your device.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at: bendevspro@gmail.com