Developer: MiygaL Studio Version: 1.39.5 Effective Date: May 01, 2026 Contact: miygal.connect@gmail.com
This Privacy Policy describes how Unlock PDF - Password Manager ("the App"), developed by MiygaL Studio ("we," "our," or "us"), accesses, collects, uses, and shares information when you use our App. We are committed to being transparent about our data practices.
The App is built on a local-only architecture. It has no backend servers, no user accounts, and no analytics or crash-reporting service of any kind. All data the App stores is kept exclusively on your device and is never transmitted to us or any other party, except as described in Section 5 (Third-Party Services) below.
The App accesses and stores the following categories of data on your device only. None of this data is transmitted to MiygaL Studio.
What is accessed: When you open a PDF file, the App reads that file from your device's storage. When you save annotations or edits to a PDF, the App writes the modified file back to your device's storage.
Why it is accessed: To display, annotate, and save your PDF documents as requested by you.
Where it is stored: On your device's internal or external storage, in the location you originally selected. The App does not copy your files to any cloud or external server.
What is collected: If you choose to use the "Remember Password" feature, the App saves the password you entered for that specific file.
Why it is collected: To automatically unlock password-protected PDFs on future visits, without you needing to re-enter the password manually.
How it is stored: Passwords are encrypted using AES-256 encryption via the Android Keystore System (on Android) or Apple Keychain (on iOS) and stored in the device's secure storage (using the flutter_secure_storage library). They are protected by your device's biometric authentication (fingerprint or face unlock) or PIN.
How long it is kept: Passwords remain stored until you manually delete them via the "Wipe Vault" option in Settings, or until you uninstall the App.
Sharing: Your saved passwords are never shared with anyone, including MiygaL Studio.
What is accessed and stored: To manage the free monthly usage allowance for Pro tools ("premium sessions"), the App stores local state values on your device: the number of remaining sessions, the month of the last session grant, temporary access records for recently opened files, and whether you have enrolled in the session system.
Why it is accessed: To enforce the monthly usage limit and reset it automatically each month without requiring an internet connection or a server.
Where it is stored: State values are stored in secure local storage. To prevent abuse of the free session system, the App maintains a persistent record of your enrollment. On Android, this is done via a secure, obfuscated backup file ("guard file"). On iOS, this record is stored securely in the Apple Keychain, which persists even if the App is uninstalled and reinstalled.
Sharing: This data is never transmitted externally.
What is collected: The App maintains a local history of recently opened files. For each file, it may store the file name, file path, the date it was last opened, a user-assigned label, how many times it has been opened, and the name of the app it was shared from (for example, WhatsApp, Telegram, or Chrome).
Why it is collected: To display your recently accessed files on the home screen and to help you organise your documents with labels.
Where it is stored: In a local database on your device using the Hive library. This data is never shared.
How long it is kept: Until you clear the history in Settings or uninstall the App.
What is collected: The App stores your preferences locally, such as whether the "Remember Password by Default" toggle is enabled.
Why it is collected: To restore your preferred settings when you reopen the App.
Where it is stored: In secure local storage on your device only. Never shared.
Why it is used: To verify your identity before displaying saved passwords or unlocking the App (if App Lock is enabled). The App itself never reads your biometric data — the device's operating system handles biometric verification and returns only a pass or fail result to the App.
Permission: android.permission.USE_BIOMETRIC (Android) or NSFaceIDUsageDescription (iOS)
Why it is used: To open PDF files you select, to save annotated or edited PDFs back to your device, and to import image files (such as signatures) that you add to a PDF.
Permission: android.permission.READ_EXTERNAL_STORAGE (Android) or NSPhotoLibraryUsageDescription / NSPhotoLibraryAddUsageDescription (iOS)
Note on Internet: The internet permission (android.permission.INTERNET) is explicitly removed from the release build of this App on Android. On iOS, the App does not use any network-related capabilities or permissions. The App cannot make any network requests in its production release on either platform.
Why it is used: When you add a signature or image annotation to a PDF, the App may access your camera (if you choose to take a photo) or your device's image gallery (if you choose to select an existing image). The App also provides an in-app image-cropping tool to adjust the selected image before embedding it.
Data handling: The selected image is used only to create the annotation you requested. It is embedded in the PDF file on your device and is not uploaded anywhere.
Why it is used: If you use the "Share" feature, the App uses the device's standard sharing mechanism (Android Sharesheet or iOS UIActivityViewController) to send the current PDF file to another app you select (for example, Gmail or WhatsApp). The sharing action is performed by the operating system — the App passes the file to the system, and the system delivers it to the app you chose.
Data handling: MiygaL Studio does not receive a copy of the shared file. Once the file is handed to the sharing system, it is governed by the privacy policy of the receiving app.
Why it is used: After you reach a usage milestone (for example, opening a certain number of files), the App may trigger the native "Rate this App" dialog. This dialog is provided by the Google Play In-App Review API (Android) or the StoreKit requestReview API (iOS).
Data handling: The App does not know whether you submitted a review or what rating you gave. The platform's review API handles the review submission entirely within the Play Store or App Store. Any data associated with your review is governed by Google's Privacy Policy (https://policies.google.com/privacy) or Apple's Privacy Policy (https://www.apple.com/legal/privacy/).
Why it is used: On Android devices, the App may check whether your device's "Automatic Date & Time" setting is enabled. This is used exclusively to protect the integrity of the monthly premium session limits.
Data handling: The App only checks the basic state (enabled or disabled) of the automatic time setting locally on your device. It does not collect, record, or transmit your device's actual date, time, timezone, or location data.
Why it is used: To determine if the App has been freshly installed or updated. This metadata is used to validate eligibility for the monthly premium session grant in scenarios where the App's local data has been cleared.
Data handling: The App reads the 'First Install Time' and 'Last Update Time' locally from the Android system's package registry. This information consists only of timestamps provided by the operating system. It is used for real-time validation and is never recorded, stored permanently in the App's database, or transmitted externally.
To be explicit, the following categories of data are not collected by this App or by MiygaL Studio:
The App integrates with one third-party service: Google Play Billing (Android) or Apple App Store Billing / StoreKit (iOS).
When you make an in-app purchase or restore a previous purchase, the App connects to Google Play Billing or Apple's StoreKit. This connection is made by the platform's billing library running on your device, not by any server we operate.
Data received by MiygaL Studio: We receive no data from this transaction. The App receives a local purchase status (purchased, pending, or failed) and a purchase token from the platform library on your device. This token is used locally to confirm that a purchase is valid. It is not transmitted to any server operated by MiygaL Studio.
Data collected by Third Parties: Google or Apple may collect transaction data when you make a purchase or subscribe to an auto-renewable subscription, including your payment method details and purchase history. This data is governed by the respective platform's privacy policy (Google: https://policies.google.com/privacy, Apple: https://www.apple.com/legal/privacy/).
The App offers auto-renewable subscriptions and one-time purchases for premium features. These transactions are processed entirely by Google Play or the Apple App Store.
The App does not knowingly collect personal information from children under 13. Because the App operates on a local-only architecture and collects no personal data itself, it presents no data-collection risk to users of any age. If you are a parent or guardian and have concerns, please contact us at miygal.connect@gmail.com.
Because MiygaL Studio never receives, stores, or processes any of your personal data, the following rights are fulfilled by the architecture of the App itself.
All data the App stores is on your own device. Your file history, labels, and preferences are accessible to you at any time through the App.
However, saved passwords stored in the vault cannot be read back or displayed in plain text. This is by design: passwords are encrypted by the Android Keystore System (Android) or Apple Keychain (iOS) using hardware-backed keys that are tied to your specific device. The App can use a saved password to unlock a file on your behalf, but it cannot retrieve or display the password itself. If you need to know a saved password, you must recall it independently.
You can permanently delete all data stored by the App in the following ways:
Your file history, labels, and preferences reside on your device and you maintain full possession of them. No portability request to MiygaL Studio is necessary, as we hold none of your data.
Saved passwords in the vault cannot be exported or transferred to another device. The Android Keystore System (Android) or Apple Keychain (iOS) binds the encryption keys to the hardware of your current device, which means the encrypted password data is not readable on a different device even if moved. This is a deliberate security property, not a policy restriction. If you replace or reset your device, you will need to re-enter your PDF passwords.
MiygaL Studio does not process your personal data. There is nothing to object to or restrict at the organisational level.
The principles in Sections 7.1 through 7.4 apply to users under all major privacy regulations, including the GDPR (EU and EEA), the CCPA and CPRA (California), the Digital Personal Data Protection Act 2023 (India), the Australian Privacy Act 1988, and the Singapore Personal Data Protection Act 2012. Because MiygaL Studio holds no personal data, compliance with each of these laws is achieved by the architecture of the App itself.
All sensitive data stored by the App is protected using the following measures:
Despite these measures, no method of electronic storage is 100% secure. If you have concerns about the security of data on your device, we recommend enabling full-device encryption in your device's security settings.
We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date at the top of this document. You are advised to review this page periodically. Continued use of the App after changes are posted constitutes acceptance of the updated policy.
If you have questions, concerns, or requests related to this Privacy Policy, please contact us:
Developer: MiygaL Studio Email: miygal.connect@gmail.com