Privacy Policy

Notification Box ("the app", "we", "us") is an Android app that captures, organizes, and lets you browse and manage the notifications posted by other apps on your device. This policy explains what information the app accesses, where it is stored, and the limited cases in which information leaves your device.

We have designed the app to be local-first: the sensitive content it handles — your notifications — never leaves your phone through the app.

To do its job, the app uses Android's Notification Listener permission (BIND_NOTIFICATION_LISTENER_SERVICE). You must grant this manually in your system settings; the app cannot read notifications until you do, and you can revoke it at any time.

When a notification is posted, the app may read and store locally:

• The source app's package name and the notification's title, text, and expanded text (big-text, sub-text, summary).
• Conversation / messaging-style details (conversation title, message lines, reply history) where the source app provides them.
• Notification images and icons (small icon, large icon, big picture, custom views), stored as image files keyed by a content hash.
• Metadata such as post time, dismissal time, category, call/media flags, progress, action-button labels, and an on-device flag marking whether a notification looks like it contains a one-time passcode (OTP).

The following are stored locally in the app's private storage:

• Captured notifications and their metadata (in a local database).
• Notification and app icons / images (as files in the app's private files directory).
• Metadata about installed apps (label, icon, flags) so the app can display sources without re-querying the system on every screen.
• Your settings and preferences (theme, app lock, saved searches, smart rules, scheduled notifications, ad-removal entitlement).

This data is held in the app's sandboxed storage and is removed when you clear the app's data or uninstall the app.

The app uses Google Firebase to understand stability and feature usage in aggregate:

• Firebase Crashlytics (including native crash reporting) — collects crash stack traces and device/OS context to help us fix bugs.
• Firebase Analytics — records anonymous, low-frequency events (e.g. a screen was viewed, a feature was used) and coarse, non-identifying user properties (e.g. theme mode, whether app lock is on, whether ads are removed).
• Firebase Performance Monitoring — measures app performance such as start-up time.
• Firebase Remote Config — fetches configuration values that tune app behaviour.

Firebase processes this data on Google's infrastructure. See Google's Firebase privacy and Google Privacy Policy.

Unless you purchase ad removal, the app shows ads through AppLovin MAX mediation. MAX may serve ads from, and share an advertising identifier and standard ad-request data with, the following mediated networks:

AppLovin Google AdMob / Ad Manager Meta Audience Network Unity Ads Liftoff Monetize (Vungle) Chartboost

These networks may collect and use your device's advertising ID, coarse device and network information, and ad-interaction data to deliver and measure ads, including personalized ads where permitted. They act as independent controllers of that data under their own privacy policies.

Consent (GDPR / regulated regions)

In regions that require it, the app presents Google's User Messaging Platform (UMP) consent form (IAB TCF v2 / GDPR). Your choice is stored on the device and passed to the ad networks; ad personalization is gated on it. You can change your choice later from the app where the consent option is offered.

Relevant policies: AppLovin, Google, Meta, Unity, Liftoff/Vungle, Chartboost.

If you remove ads (see below), the app stops requesting ads and no advertising data is collected through it.

The app offers an in-app purchase to remove ads, handled by Google Play Billing. Payment is processed entirely by Google Play — we never see or store your payment-card details. We receive only the purchase / entitlement state needed to unlock the ad-free experience, which is stored on your device. See the Google Play Terms.

We do not sell your personal data. Information leaves your device only as described above:

• Google Firebase — anonymous diagnostics and usage analytics (no notification content).
• Ad networks (only if ads are enabled) — advertising identifier and standard ad-request data.
• Google Play — purchase processing for ad removal.

Your notification contents are never part of any of these transfers.

• Notifications are kept locally until you delete them, or are automatically pruned after about 60 days (notifications you explicitly mark to keep are exempt).
• You can delete individual notifications, clear all history, or clear the app's storage at any time from within the app or Android settings.
• Uninstalling the app removes all locally stored data.
• Diagnostic data held by Firebase and data held by ad networks are retained per their respective policies.

The app is not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and we do not knowingly collect personal information from them.

Depending on your jurisdiction (e.g. GDPR in the EEA/UK, CCPA/CPRA in California), you may have rights to access, correct, delete, or restrict processing of your personal data, and to withdraw advertising consent. Because your notification data lives only on your device, you can exercise deletion directly by removing it in the app or uninstalling. For requests relating to diagnostics or advertising data, contact us using the details below and we will help direct your request to the relevant processor.

We may update this policy as the app evolves. Material changes will be reflected by an updated "Last updated" date. Continued use of the app after changes take effect constitutes acceptance of the revised policy.

Questions or requests about this policy or your data:
Email: support@softplex.io