Privacy Policy

Last Updated: June 12, 2026

1. Introduction

Welcome to PLocker, a free offline password manager application for Android developed by Dipankar Kolay ("we," "our," or "us"). At PLocker, your privacy is not merely a feature or a policy checkbox—it is the fundamental architectural principle upon which the entire application is built. This Privacy Policy explains in comprehensive detail how PLocker handles your information, and more importantly, why it handles nothing at all.

PLocker is an offline-first, offline-only application. Unlike virtually every other password manager on the market, PLocker operates entirely on your Android device without any internet connectivity whatsoever. The application does not request, possess, or utilize the INTERNET permission. There are no cloud servers, no sync infrastructure, no backend databases, and no external services of any kind. This architectural decision was made deliberately to ensure that your most sensitive data—your passwords, notes, and vault contents—remains exclusively under your control at all times.

This Privacy Policy is designed to be transparent and thorough. We encourage you to read it in its entirety so that you may fully understand the privacy guarantees that PLocker provides. If you have any questions or concerns about this policy, you may contact us at admin@utts.in.

2. Information We Collect

This section describes the categories of information that PLocker collects from its users. We have structured this section comprehensively so that there is no ambiguity about our data collection practices.

2.1 Personal Information

PLocker does not collect, store, process, or transmit any personal information whatsoever. We do not ask for or receive your name, email address, phone number, physical address, date of birth, government identification numbers, or any other information that could be used to identify you personally. There is no account creation process, no registration form, and no sign-up required to use PLocker. You may download, install, and use the application without ever providing a single piece of personally identifiable information (PII).

2.2 Usage Data

PLocker does not collect any data about how you use the application. We do not track which features you access, how frequently you open the app, how long you spend on any screen, which buttons you tap, how you organize your vault, whether you use dark mode or light mode, or any other behavioral or interaction data. There are no analytics frameworks, no session recording tools, no heatmap tracking, and no event logging of any kind embedded in PLocker.

2.3 Analytics Data

PLocker contains absolutely zero analytics code. We have not integrated Google Analytics, Firebase Analytics, Mixpanel, Amplitude, Flurry, Matomo, or any other analytics platform—neither first-party nor third-party. There are no custom analytics implementations, no aggregated usage statistics, and no anonymized data collection pipelines. We do not know how many people use PLocker, how often they use it, or what features they prefer. We have intentionally chosen not to know these things because collecting this information would require tracking code that fundamentally contradicts our privacy philosophy.

2.4 Device Information

PLocker does not collect any information about the device on which it is installed. We do not access or record your device model, manufacturer, operating system version, screen resolution, available memory, battery level, installed applications, or any other device identifiers. We do not collect your Android Advertising ID, IMEI, MAC address, device serial number, or any other unique device identifiers. PLocker does not perform device fingerprinting or any other technique designed to uniquely identify your device.

2.5 Location Data

PLocker does not collect, access, or process any location data. The application does not request location permissions—neither fine (GPS) nor coarse (network-based) location. There is no geolocation tracking, no IP-based location inference, and no location logging of any kind. Even if such location permissions were somehow granted at the system level, PLocker has no code to process or transmit location information.

2.6 Network Activity

PLocker generates zero network activity because it does not have the technical capability to communicate over any network. The application manifest does not declare the INTERNET permission or any other network-related permissions. There is no HTTP client, no WebSocket connection, no socket programming, no DNS resolution code, and no networking libraries included in the application binary. PLocker is fundamentally incapable of sending or receiving data over Wi-Fi, cellular data, Bluetooth, NFC, or any other communication protocol.

2.7 Crash Reports and Diagnostics

PLocker does not collect crash reports, diagnostic logs, or error telemetry. We do not use Firebase Crashlytics, Sentry, Bugsnag, ACRA, or any other crash reporting framework. If PLocker encounters an error and stops unexpectedly, that information remains entirely on your device. We will never receive a crash report unless you choose to manually report the issue to us using the contact methods on our website at /contact.php.

2.8 Website Data

This Privacy Policy primarily addresses the PLocker mobile application. The PLocker website at may collect standard server logs (such as IP addresses, browser types, referring pages, and timestamps) that are inherent to web server operation. However, the website does not use cookies for tracking purposes, does not employ analytics services, and does not collect information through forms. Any inquiries sent to us via email or other direct contact methods are used solely to respond to your inquiry and are never sold, shared, or used for marketing.

3. Your Vault Data

The passwords, secure notes, categories, settings, and all other content you create and store within PLocker ("Vault Data") are stored exclusively on your Android device. We have no access to your Vault Data—we cannot read it, modify it, delete it, or transmit it. Your Vault Data is encrypted using AES-256 encryption with a key derived from your master password through PBKDF2-HMAC-SHA256 with 100,000 or more iterations. The encrypted database exists as a single SQLite file within PLocker's private application storage directory, which is sandboxed by the Android operating system and inaccessible to any other application.

Because the encryption key is derived from your master password and your master password is never stored anywhere—not on your device, not in memory beyond the active session, and certainly not on any remote server—only you can decrypt your Vault Data. If you forget your master password, there is no recovery mechanism because there is no entity that possesses or stores the password. This is a deliberate security design: the price of absolute privacy is that nobody, including us, can help you recover a forgotten master password.

4. How We Store Data

PLocker employs a 100% on-device storage architecture. All data created within the application is stored locally in your device's internal storage using an encrypted SQLite database. The database file resides in the application's private data directory, which is protected by Android's file system permissions—no other application can read from or write to this directory without root access to the device.

The SQLite database is encrypted at rest using AES-256 in CBC (Cipher Block Chaining) mode with a cryptographically secure random initialization vector (IV) generated for each encryption operation. This means that even the raw database file stored on your device's flash storage contains only ciphertext. Without your master password, the file is cryptographically useless.

On devices running Android 7.0 and above with file-based encryption (FBE) enabled, the operating system provides an additional layer of encryption at the file system level using a key derived from the user's lock screen credentials. This creates a defense-in-depth scenario where your Vault Data is protected by both Android's FBE layer and PLocker's AES-256 application-layer encryption.

5. Data Sharing and Disclosure

PLocker does not share, sell, rent, lease, trade, or otherwise disclose any user data—personal or otherwise—to any third party. This statement is absolute and unconditional. We do not share data with advertisers, data brokers, analytics companies, marketing platforms, research institutions, government agencies, or any other entity.

The reason for this absolute position is straightforward: PLocker does not possess any user data to share. We have designed the application from the ground up to be architecturally incapable of data collection. There is no pathway by which user information could flow from your device to our infrastructure because there is no such pathway. Even if we were compelled by legal process—such as a subpoena, court order, or national security letter—to provide user data, we would have nothing to provide because we have collected and stored nothing.

This zero-knowledge architecture distinguishes PLocker fundamentally from cloud-based services, which necessarily possess access to their users' encrypted data (even if they cannot decrypt it). With PLocker, there is no data at rest on any third-party infrastructure, no possession of encrypted vaults, and therefore no possibility of compelled disclosure or unauthorized access to your information.

6. Data Security

PLocker incorporates multiple independent layers of security to protect your Vault Data:

• AES-256 Encryption: All Vault Data is encrypted using the Advanced Encryption Standard with a 256-bit key, which is the strongest variant of the AES family and is approved by the U.S. National Security Agency for protecting information classified up to the TOP SECRET level. Even if an attacker were to obtain the raw database file from your device, they would face a brute-force search space of 2²⁵⁶ possible keys—a number so large that it exceeds the estimated number of atoms in the observable universe.
• Local-Only Storage: Your encrypted database exists exclusively on your Android device's internal storage. There is no cloud copy, no server backup, and no synchronized replica anywhere else. The database is protected by Android's application sandbox, which prevents any other application from accessing PLocker's private storage directory.
• Android Sandbox: The Android operating system runs each application in a separate process with a unique Linux user ID, creating a kernel-level security boundary between applications. This means that even a malicious application installed on the same device cannot access PLocker's files, memory, or inter-process communication channels.
• Biometric Protection: PLocker supports fingerprint authentication through the Android Biometric API. This adds a convenient yet secure access layer where the vault can only be unlocked after the operating system verifies your biometric credentials. Your fingerprint data is processed entirely at the OS level using secure hardware (Trusted Execution Environment or Secure Element) and is never accessible to PLocker or any other application.
• PBKDF2 Key Derivation: Your master password is never used directly as an encryption key. Instead, it passes through PBKDF2-HMAC-SHA256 with 100,000 or more iterations, salted with a cryptographically secure random salt. This key derivation process makes dictionary attacks, rainbow table attacks, and brute-force attacks against your master password computationally infeasible.
• Screenshot & Screen Sharing Protection: To prevent unauthorized local capture or remote exposure of your sensitive credentials, PLocker programmatically enforces always-on, non-configurable screenshot and screen sharing/recording protection across all screens. You cannot take screenshots or share/record your screen while using the application.

7. Third-Party Services

PLocker does not integrate, embed, or utilize any third-party services, SDKs, libraries, or APIs that could compromise your privacy. Specifically, PLocker does not include:

• No analytics SDKs (no Google Analytics, no Firebase Analytics, no Mixpanel, no Amplitude)
• No crash reporting frameworks (no Firebase Crashlytics, no Sentry, no Bugsnag)
• No advertising networks or ad mediation platforms (no Google AdMob, no Facebook Audience Network)
• No cloud storage or sync services (no Google Drive API, no Dropbox API, no cloud SDKs of any kind)
• No social media SDKs (no Facebook SDK, no Twitter SDK, no sharing integrations)
• No push notification services (no Firebase Cloud Messaging, no OneSignal)
• No authentication or identity services (no Google Sign-In, no OAuth providers)
• No payment processing SDKs (no Google Play Billing, no Stripe, no PayPal SDK)
• No mapping or location services (no Google Maps, no location APIs)
• No customer support or chat SDKs (no Intercom, no Zendesk)

The only external library used by PLocker is the standard AndroidX and Material Design libraries provided by Google as part of the Android development framework. These libraries are used solely for user interface rendering and do not collect, transmit, or process any user data through their UI functionalities. The encryption operations within PLocker are performed using the Java Cryptography Architecture (JCA) and Android Keystore system—both of which are integral components of the Android platform and do not communicate externally.

8. Children's Privacy

PLocker is not directed toward children under the age of 13, and we do not knowingly collect personal information from children under 13. However, given PLocker's architecture—which collects no personal information from any user of any age—this statement serves principally to comply with the Children's Online Privacy Protection Act (COPPA) and applicable international regulations. Because PLocker operates entirely offline and collects zero data, a child using the application would be afforded the same complete privacy as any other user. No information about the user's age, identity, or usage patterns is collected, stored, or processed.

If you are a parent or guardian and have concerns about PLocker's data practices, please contact us at admin@utts.in. We are committed to protecting the privacy of all users and will address any concerns promptly.

9. Your Data Protection Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data under laws such as the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the United Kingdom's Data Protection Act 2018, Brazil's Lei Geral de Proteção de Dados (LGPD), and similar data protection frameworks. This section explains how these rights apply in the context of PLocker.

9.1 GDPR Rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, object to processing, and receive a portable copy of your personal data. Because PLocker does not collect, store, or process any personal data, there is no data for you to access, rectify, erase, or port. All of your Vault Data resides exclusively on your device under your complete control. You may erase, export, or modify this data at any time directly through the PLocker application interface. You may also delete the PLocker application from your device, which will permanently remove the encrypted database and all Vault Data contained within it.

Because PLocker has no servers and does not receive or process personal data, our role under the GDPR is that of a non-data controller and non-data processor with respect to the application. There is no automated decision-making or profiling conducted by PLocker, nor is there any cross-border data transfer because there is no data to transfer.

9.2 CCPA/CPRA Rights

Under the CCPA and CPRA, California residents have the right to know what personal information is collected, to request deletion of personal information, to opt out of the sale or sharing of personal information, and to not be discriminated against for exercising these rights. PLocker does not collect any personal information, does not sell or share any personal information (because it has none), and does not discriminate against users who exercise their privacy rights (because all users receive identical treatment—zero data collection).

If you are a California resident and wish to submit a verifiable consumer request, you may contact us at admin@utts.in. Please note that we may need to verify your identity, but we cannot do so through automated means since we hold no identifying information about you. We will respond to your request within the timeframes required by applicable law.

9.3 International Data Protection

Regardless of your jurisdiction, PLocker applies the same privacy standard universally: zero collection of any personal data from any user anywhere in the world. This uniform approach ensures that all users, regardless of location, receive the maximum possible degree of privacy protection. The application does not collect, process, or transfer personal data across any borders because it does not collect, process, or transfer personal data at all.

10. Data Retention

PLocker does not retain any user data on any server, database, or infrastructure because no such infrastructure exists. The only copy of your Vault Data is the encrypted SQLite database file stored on your Android device. You retain complete control over this data at all times. You may delete individual entries through the PLocker interface, export your data as an encrypted backup, transfer your backup to another device, or permanently delete the application and all its data by uninstalling PLocker through the Android system settings or application launcher.

If you have created encrypted backup files and stored them externally to your device, those files remain under your control and are your responsibility to manage and secure. PLocker has no ability to access, delete, or modify backup files stored by you on external media.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, add clarification, or comply with evolving legal requirements. When we update this policy, we will revise the "Last Updated" date at the top of this page. In the event of material changes to this policy, we will make reasonable efforts to notify users through the PLocker website at with a prominent notice on the homepage or this page.

Because PLocker does not collect user contact information and does not have network connectivity, we cannot send push notifications, emails, or in-app alerts about policy changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your privacy. Your continued use of PLocker after any changes to this policy constitutes your acceptance of the updated terms.

However, the core principle of this Privacy Policy—that PLocker collects absolutely no user data—is an architectural constant that cannot change without fundamentally rewriting the application from scratch. Any change to this principle would require adding network permissions and data collection infrastructure that currently do not exist and are antithetical to the entire purpose of PLocker. Our commitment to zero data collection is permanent and irreversible.

12. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or PLocker's privacy practices, please contact us using the following methods:

• Email: admin@utts.in
• Website: /contact.php
• Developer: Dipankar Kolay

We are committed to addressing any privacy concerns promptly and transparently. Because PLocker is built on a foundation of radical transparency and zero data collection, we welcome scrutiny, questions, and feedback about our privacy practices.

Effective Date: June 12, 2026