Privacy Policy

Effective Date: January 1, 2025
Last Updated: March 15, 2026

1. Introduction

LokLok is an independently developed Android application that lets two paired users draw on each other's lock screens. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you use LokLok (the "Service").

Please read this Privacy Policy carefully. If you do not agree with these policies and practices, please do not use the Service. By using LokLok, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information Generated on Your Device

  • Device Identifier: A locally generated unique device ID used for pairing and synchronization. LokLok does not require account creation, email, phone number, or password.
  • Display Name: A nickname you choose, shared only with your paired partner
  • Drawing Data: Stroke paths, colors, and brush sizes from drawings you create on the shared canvas
  • Profile Picture: An optional avatar image you set within the app
  • Push Notification Token: An Expo/FCM token used to deliver drawing notifications to your device

2.2 Information Collected Automatically

  • Device Information: Device model and OS version (for compatibility purposes)
  • Crash Reports: Error logs to help improve app stability

2.3 Information We Do NOT Collect

  • • Email addresses, phone numbers, or passwords (no account system exists)
  • • Location data
  • • Contacts or address book information
  • • Photos, videos, or audio files (the app handles only drawings)
  • • Payment or financial information (LokLok is completely free)
  • • Behavioral tracking or advertising identifiers

3. How We Use Your Information

I use collected information to:

  • • Enable pairing between two devices via QR code exchange
  • • Synchronize drawings between paired devices in real time
  • • Apply received drawings to your lock screen wallpaper
  • • Send push notifications when your partner sends a new drawing
  • • Improve app stability through crash report analysis

4. Data Encryption & Security

LokLok uses end-to-end encryption (E2EE) for all drawing data:

  • Key Exchange: During pairing, devices exchange public keys using X25519 (Curve25519) Diffie-Hellman key agreement via the TweetNaCl cryptographic library
  • Shared Secret: Both devices independently derive an identical shared secret. This secret is never transmitted over the network.
  • Encryption: All drawing stroke data is encrypted on your device using NaCl SecretBox (XSalsa20-Poly1305 authenticated encryption) before being uploaded to Firebase
  • Key Storage: Encryption keys are stored locally on your device using React Native Encrypted Storage. They never leave your device.
  • Server-side: Firebase stores only encrypted drawing data. I cannot decrypt or view your drawings.

Note: While robust security measures are employed, no system is entirely risk-free. I encourage users to enable device security features such as screen lock.

5. Data Storage & Retention

  • Drawing Data: Encrypted drawings are stored on Firebase Firestore. Only the latest drawing per pairing is retained; previous drawings are overwritten.
  • Pairing Data: Pairing metadata (device IDs, public keys, FCM tokens) is stored on Firebase Firestore for the duration of the pairing.
  • Local Data: Drawing strokes, settings, and encryption keys are stored locally on your device using AsyncStorage and Encrypted Storage.
  • Disconnection: When either partner disconnects, pairing data is removed from Firebase. Local data is cleared on the disconnecting device.

6. Third-Party Services

LokLok uses the following third-party services:

  • Firebase Firestore: Cloud database for storing encrypted drawing data and pairing information (operated by Google)
  • Firebase Cloud Messaging (FCM): Push notification delivery for drawing alerts
  • Expo Notifications: Notification infrastructure layer over FCM

These services may collect device-level data as described in their own privacy policies. I do not share your drawing content or personal information with any third parties beyond what is necessary for the Service to function.

7. Data Sharing & Disclosure

I do not sell, trade, or rent user data. Information is shared only in these limited cases:

  • Your Paired Partner: Your display name, profile picture, and encrypted drawings are shared with your paired partner as part of core functionality
  • Infrastructure Providers: Firebase (Google) hosts encrypted data as described above
  • Legal Requirements: When required by law, court order, or government request

8. User Rights & Control

You have the right to:

  • Disconnect: Unpair from your partner at any time via the Settings screen, which removes pairing data from Firebase
  • Clear Drawings: Clear the shared canvas at any time
  • Reset Wallpaper: Restore your lock screen to its original wallpaper via Settings
  • Control Notifications: Toggle drawing alert notifications on or off
  • Control Auto-Apply: Choose whether received drawings are automatically applied to your lock screen
  • Delete All Data: Uninstalling the app removes all local data. Disconnecting before uninstalling also removes your data from Firebase.

To request deletion of any remaining server-side data, contact me at me@actuallyroy.com

9. Android Permissions

LokLok requests the following Android permissions:

  • SET_WALLPAPER: To apply drawings to your lock screen
  • CAMERA: To scan QR codes during pairing
  • INTERNET: To sync drawings via Firebase
  • RECEIVE_BOOT_COMPLETED: To restart the background sync service after device reboot
  • REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: To ensure drawings are received while the app is in the background
  • FOREGROUND_SERVICE: To keep the sync service running for timely drawing delivery

10. GDPR & CCPA Compliance

10.1 GDPR (European Users)

If you're in the EU/EEA, you have additional rights under GDPR:

  • • Right to access your personal data
  • • Right to object to or restrict processing
  • • Right to erasure (disconnect + uninstall removes all data)
  • • Right to lodge a complaint with your local data protection authority
  • • Data is processed with your explicit consent (by using the Service)

10.2 CCPA (California Residents)

If you're a California resident:

  • • You may request to know what personal information is collected
  • • You have the right to delete your data
  • • LokLok does not sell personal information
  • • LokLok does not use data for targeted advertising

11. Children's Privacy

LokLok is not intended for children under 13. I do not knowingly collect data from children. If I become aware that information has been collected from someone under 13, it will be deleted immediately. If you believe a child's data has been collected, please contact me at me@actuallyroy.com

12. International Data Transfers

Drawing data is stored on Firebase (Google Cloud) servers, which may be located outside your country of residence. By using LokLok, you consent to the transfer and storage of your encrypted data in regions where Google Cloud operates. All transferred data remains encrypted.

13. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. Material changes will be communicated via a prominent notice on the LokLok website or within the app. Your continued use of LokLok after changes constitutes acceptance of the updated policy.

14. Contact

For questions about this Privacy Policy or to exercise your privacy rights:

Developer

Email: me@actuallyroy.com

Phone: +91 9534029487

Response Time: I aim to respond to all privacy inquiries within 15 business days.

LokLok © 2025. All rights reserved. Your privacy is our priority.