Privacy Policy — calc+

Effective Date: March 9, 2026 Last Updated: March 9, 2026

This Privacy Policy describes how Brent’s Big Damn LLC (“we,” “us,” or “our”) handles information in connection with the calc+ mobile application (“the App”), available on iOS and Android. We are committed to protecting your privacy and being transparent about our practices.

The short version: calc+ is designed to operate entirely offline. We do not collect, transmit, or have access to any of your personal data. Everything stays on your device, encrypted and under your control.

1. Information We Collect

The App is designed not to collect personal information. The App:

Does not require account creation, registration, or sign-up
Does not collect your name, email address, phone number, or any other personal identifier
Does not collect device identifiers, IP addresses, or location data
Is designed to operate entirely offline and does not transmit user data to our servers

Note: While the App itself does not make network requests, your device’s operating system or app distribution platform (Apple App Store, Google Play Store) may independently collect certain data related to app installation, updates, or crash diagnostics. Such collection is governed by Apple’s or Google’s respective privacy policies and is outside our control.

All data you create or import within the App — including photos, videos, documents, notes, contacts, and passwords — is stored exclusively on your device in encrypted form. We have no ability to access, view, or retrieve this data.

2. Data Stored on Your Device

While we do not collect data, the App does store data locally on your device at your direction. This includes:

Vault contents: Photos, videos, documents, notes, contacts, and passwords that you choose to store in the App
Encryption keys and salts: Cryptographic material used to protect your vaults (see Section 3)
Intruder detection photos: If you enable the optional Intruder Detection feature, front-camera photos captured after failed unlock attempts (see Section 4)
App settings and preferences

All locally stored data is encrypted and never leaves your device. We have no access to any of it.

3. How Your Data Is Protected

calc+ employs strong, industry-standard encryption to protect all vault contents:

Encryption algorithm: AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode)
Key derivation: PBKDF2-SHA256 with 100,000 iterations
Per-vault security: Each vault uses a unique cryptographic salt
Hardware-backed protection: A cryptographic pepper is stored in the device’s secure enclave via the platform’s secure storage (Keychain on iOS, Keystore on Android)
No metadata leakage: Files are stored using randomly generated UUID-based filenames, preventing identification of contents from filenames alone

Your PIN is never stored in plaintext. Encryption keys are derived from your PIN using the mechanisms described above and are never transmitted or accessible to us.

4. Device Permissions

The App may request the following device permissions. These permissions are used solely for the purposes described below and never for data collection or transmission.

Camera Access

The App requests camera access only for the optional Intruder Detection feature. When enabled, this feature silently captures a photo using the front-facing camera after one or more failed unlock attempts. These photos are:

Stored locally on your device only
Encrypted using the same AES-256-GCM encryption as all other vault data
Never transmitted, uploaded, or shared with us or any third party

The App does not perform facial recognition, biometric identification, or biometric template extraction on any captured images.

You may disable Intruder Detection at any time within the App’s settings. If you deny camera permission, the App will function normally — only the Intruder Detection feature will be unavailable.

Photo Library Access

The App requests access to your photo library only to allow you to import photos and videos into your encrypted vault. After importing, you may choose to delete the originals from your photo library. Imported media is encrypted on-device immediately upon import and is never transmitted anywhere.

5. Third-Party Services

We do not integrate third-party analytics, advertising, or tracking SDKs. The App:

Does not include third-party services that collect or transmit user data
Displays no advertisements
Integrates with no analytics platforms
Does not use crash reporting services
Does not connect to cloud services or external APIs

The App uses open-source libraries solely for on-device functionality (e.g., encryption, secure storage, camera access). These libraries operate locally and do not transmit data.

6. Analytics and Tracking

We do not track users for analytics, advertising, or behavioral profiling. The App:

Contains no analytics or telemetry of any kind
Does not use cookies, pixels, beacons, or fingerprinting
Does not participate in any advertising or tracking networks
Does not collect usage statistics, crash reports, or performance data

We have zero visibility into how, when, or whether you use the App.

Because the App is designed to operate offline and we do not collect user data on our servers:

No user data is shared with third parties by us
No data is sold to data brokers or advertisers
No data is disclosed to affiliates or business partners
We do not possess user data that could be produced in response to legal requests

Note: Apple and Google may independently collect and share data related to your use of their platforms. Please refer to their respective privacy policies for details.

8. Data Retention and Deletion

All data stored by the App resides exclusively on your device and is entirely under your control.

Retention: Data is retained on your device for as long as you choose to keep it. We have no role in data retention because we never possess your data.
Deletion: You may delete individual items from your vaults at any time within the App.
Factory Reset: The App includes a Factory Reset feature that permanently and irreversibly wipes all vaults, encryption keys, settings, and logs from the App. After a Factory Reset, no data from the App remains on your device.
App uninstallation: In most cases, uninstalling the App removes its associated local data, subject to your device’s operating system and backup settings.

9. Children’s Privacy

calc+ does not knowingly collect personal information from children under the age of 13 (or the applicable age in your jurisdiction). Since the App does not collect any personal information from any user, regardless of age, there is no children’s data at risk.

If you are a parent or guardian and have concerns about your child’s use of the App, please contact us at support.bbdllc@gmail.com.

We comply with the Children’s Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation (GDPR) provisions regarding minors, and similar applicable laws.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and similar laws. These include the right to:

Access personal data we hold about you
Rectify inaccurate personal data
Erase your personal data (“right to be forgotten”)
Restrict processing of your personal data
Port your personal data to another service
Object to processing of your personal data
Withdraw consent to data processing

We act as a data controller only with respect to data we directly process. Because calc+ is designed to operate offline and does not transmit user data to our servers, we do not process personal data on our systems. As a result, we do not hold personal data about you that would be subject to these rights.

All data you store in the App is on your device and under your exclusive control. You may access, modify, or delete it at any time through the App itself.

Platform controllers: Apple and Google act as independent data controllers for data they collect through their respective app stores and operating systems (e.g., purchase history, crash diagnostics). For information about their data practices, please refer to Apple’s Privacy Policy and Google’s Privacy Policy.

You also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

If you have questions about your rights, you may contact us at support.bbdllc@gmail.com.

11. Your Rights Under CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. These include the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information held by a business
Opt out of the sale or sharing of personal information
Non-discrimination for exercising your privacy rights
Correct inaccurate personal information
Limit use of sensitive personal information

Because the App is designed to operate offline and we do not collect personal information on our servers, we do not hold personal information about you that would be subject to these rights.

We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
We do not collect or process sensitive personal information.

For questions, contact us at support.bbdllc@gmail.com.

12. International Data Transfers

The App is designed to operate entirely offline and does not transmit user data to our servers. Your data remains on your device and is not transferred internationally by us. Any data processing performed by Apple or Google in connection with app distribution is governed by their respective privacy policies.

13. Security

We take the security of your data seriously. While we cannot access your data, the App is designed with security as a foundational principle:

Industry-standard AES-256-GCM encryption for all stored data
Strong key derivation using PBKDF2-SHA256 with 100,000 iterations
Unique cryptographic salt per vault to prevent cross-vault attacks
Secure enclave storage for cryptographic pepper material
UUID-based filenames to prevent metadata leakage
Offline-by-design architecture, significantly reducing network-based attack surface

Important: If you forget your PIN, there is no way to recover your encrypted data. We do not have access to your PIN or encryption keys and cannot assist with data recovery.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where practicable, through an in-app notice.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy. Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of those changes.

15. App Store Supplemental Disclosures

Apple App Store (iOS)

In accordance with Apple’s App Store requirements and App Tracking Transparency framework:

Data Not Collected: calc+ does not collect data from users or transmit data to the developer, as reflected in the App Store privacy nutrition label.
Tracking: The App does not track users across other companies’ apps or websites.
App Tracking Transparency: Not applicable — the App performs no tracking.

Google Play Store (Android)

In accordance with Google Play’s Data Safety requirements:

Data shared with third parties: None
Data collected: None
Security practices: All data stored locally is encrypted. Data cannot be deleted by the developer (user-controlled only).

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the App’s privacy practices, please contact us:

Support email Email: support.bbdllc@gmail.com

This Privacy Policy applies to the calc+ mobile application and governs your use of the App. By using calc+, you acknowledge that you have read and understood this Privacy Policy.