01 Introduction
HFB Studioz ("we", "us", or "our") built Statifly as a free Android application. This Privacy Policy explains what information the app accesses, how it is used, and how it is stored. By using Statifly, you agree to the practices described in this policy.
02 What Statifly Does
Statifly is an offline utility application that lets you:
- View & Save WhatsApp and WhatsApp Business status updates (images and videos) to your device.
- Organise saved statuses into Vault folders for easy access.
- Create custom status images with text, stickers, and backgrounds.
- Backup & Restore your saved, cached, and created statuses as encrypted archives to your device's Downloads folder.
- Share statuses with other apps installed on your device.
03 Permissions We Request
Statifly requests the following Android permissions. Each is required solely for the app's core functionality:
| Permission | Purpose |
|---|---|
| Storage Access Framework (SAF) | To read WhatsApp / WhatsApp Business status files from their .Statuses folder. Granted manually via the system folder picker; revocable at any time. |
READ_EXTERNAL_STORAGE |
Legacy read access for Android 12 and below to access media files. |
WRITE_EXTERNAL_STORAGE |
Legacy write access for Android 10 and below to save backup archives. |
CAMERA |
Capture a photo in-app for the Creator (only when you open the camera). Photos stay on your device; nothing is uploaded. |
FOREGROUND_SERVICE |
Run background status fetching and backup operations reliably with a visible notification. |
POST_NOTIFICATIONS |
Show notifications about fetch progress and backup completion (Android 13+). Optional — can be denied. |
INTERNET |
Required by Firebase services and the Google Mobile Ads SDK to send anonymised crash reports, usage analytics, fetch remote configuration, and load ads. |
com.google.android.gms.permission.AD_ID |
Lets the Google Mobile Ads (AdMob) SDK access your device's Advertising ID to serve and measure ads and to limit ad fraud. You can reset or delete this ID, or opt out of ad personalisation, in Android Settings → Privacy → Ads. |
04 Data Collection & Usage
4.1 — We Do NOT Collect Personal Data
We do not collect personally identifiable information about you. Specifically, we do not:
- ❌ Collect your name, email address, phone number, or any personal identifiers.
- ❌ Access, upload, or transmit your saved statuses, photos, videos, or any file contents.
- ❌ Sell your personal data to anyone.
4.2 — Data Stored Locally on Your Device
All data created or managed by Statifly is stored locally on your device:
| Data | Storage Location | Purpose |
|---|---|---|
| Cached statuses | App cache directory | Temporary copies of WhatsApp statuses for viewing. Automatically cleaned up. |
| Saved statuses | App internal storage | Permanently saved statuses you chose to keep. |
| Created statuses | App internal storage | Custom statuses you created using the status creator. |
| App preferences | Android DataStore | Theme, onboarding state, folder access URIs, vault view mode. |
| Database | Room database | Vault folder structure, saved & created status metadata. |
| Backup archives | Downloads / Statifly | Encrypted backup files you explicitly create. |
4.3 — Backup & Restore
When you create a backup:
- Your statuses are compressed and encrypted using a device-bound encryption key.
- The archive is saved to your device's Downloads folder. We have no access to it.
- You control when backups are created, restored, or deleted.
4.4 — Feedback & Bug Reports
The in-app feedback screen lets you send bug reports via your own email app. If you choose to submit feedback:
- Non-personal device information (device model, Android version, screen resolution, RAM, battery level, app version, locale, font scale, dark mode) is included in the email body to help diagnose issues.
- This information is only sent if you voluntarily submit the email. It is never collected automatically.
- We only use the information you provide to address your reported issue.
4.5 — Analytics & Crash Reporting
Statifly uses the following Firebase services provided by Google:
| Service | Data Collected | Purpose |
|---|---|---|
| Firebase Analytics | Anonymised usage events (e.g. screen views, feature usage counts), device type, OS version, app version, country (coarse). | Understand which features are used most so we can prioritise improvements. |
| Firebase Crashlytics | Crash stack traces, device model, OS version, app state at time of crash, anonymised installation ID. | Detect, diagnose, and fix crashes and stability issues. |
| Firebase Remote Config | Anonymised installation ID, app version, OS version. | Deliver feature flags and configuration values without requiring an app update. |
4.6 — Advertising (Google AdMob)
Statifly is free and supported by ads served through Google AdMob (the Google Mobile Ads SDK). Ad formats may include banner, native, interstitial, app-open, and rewarded ads.
| Data | Collected / Shared by AdMob | Purpose |
|---|---|---|
| Advertising ID | A resettable device identifier, shared with Google. | Serve, frequency-cap, and measure ads; limit invalid traffic and fraud. |
| IP address & device info | Coarse location (from IP), device type, OS/app version. | Serve relevant ads and protect against abuse. |
| Ad interactions | Ad impressions, clicks, and views. | Measure ad performance and pay publishers. |
Google acts as an independent advertising provider for this data and processes it under its own Privacy Policy and "How Google uses information from sites or apps that use our services".
4.7 — Your Advertising Choices & Consent
- Consent (EEA / UK / Switzerland): Where required, we show a Google-certified consent message (via Google's User Messaging Platform) before serving personalised ads. If you decline, you will only see non-personalised ads. You can change your choice anytime from More → Privacy options in the app.
- Reset / delete your Advertising ID or opt out of ad personalisation in Android Settings → Privacy → Ads.
- Outside regions that require consent, ads may be personalised in accordance with Google's policies and your device-level ad settings.
05 Third-Party Services
Statifly integrates the following third-party services:
Google Firebase
We use Firebase Analytics, Firebase Crashlytics, and Firebase Remote Config — all provided by Google. These services collect anonymised diagnostic and usage data as described in section 4.5. Data is processed by Google under their Privacy Policy and Firebase Data Privacy documentation.
Google AdMob
We use Google AdMob (the Google Mobile Ads SDK) to display ads that keep the app free, and Google's User Messaging Platform (UMP) to obtain consent where required. AdMob collects and shares your device's Advertising ID and ad-interaction data with Google to serve and measure ads, as described in sections 4.6–4.7. Data is processed by Google under its Privacy Policy and partner policy.
Statifly does not integrate:
- ❌ No social login or authentication services
- ❌ No cloud storage or file syncing services
- ❌ No ad network other than Google AdMob
Open-source libraries (Jetpack Compose, Room, Hilt, Coil, Media3, WorkManager, DataStore) are used solely for on-device functionality and do not transmit data externally.
06 Data Sharing
We do not sell or trade your personal data. Data leaves the app only in the following cases:
07 Data Retention & Deletion
- Cached statuses are automatically cleaned up after they expire (matching WhatsApp's 24-hour lifecycle).
- Saved statuses, created statuses, and vault folders persist until you manually delete them within the app.
- Backups persist in your Downloads folder until you delete them through the app or your file manager.
- All app data (cache, internal storage, database, preferences) is permanently deleted when you uninstall Statifly.
- Data shared with Google (the AdMob Advertising ID & ad interactions, and Firebase analytics, crash, and installation data) is retained and deleted in accordance with Google's own data-retention policies. You can reset or delete your Advertising ID at any time in Android Settings → Privacy → Ads.
08 Security
- Backup archives are encrypted using AES encryption with device-bound keys before being saved to external storage.
- All status files, database entries, and preferences are stored in the app's private internal storage, sandboxed by Android and inaccessible to other apps.
- Network communication is limited to Google Firebase (crash reports, anonymised analytics, remote config) and Google AdMob (ad serving and measurement). No personal data, statuses, or media files are ever transmitted.
- All Firebase and AdMob data is transmitted over encrypted HTTPS connections.
09 Children's Privacy
Statifly is intended for a general audience and is not directed at children under 13. We do not knowingly collect personal information from children. Ads are requested through Google AdMob configured for a general audience; we do not tag ad requests as child-directed. If you are a parent or guardian and believe your child has provided personal information through the feedback feature, please contact us and we will promptly remove it.
10 Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.
11 Your Rights
We do not maintain user accounts and we do not store your personal data on our own servers — your app content lives only on your device and is fully under your control. At any time you can:
- Revoke storage access permissions through Android Settings.
- Delete any saved statuses, created statuses, or vault folders within the app.
- Delete all app data by clearing the app's storage or uninstalling it.
- Reset or delete your Advertising ID, or opt out of ad personalisation, via Android Settings → Privacy → Ads.
- Change your ad-consent choice (EEA/UK/Switzerland) anytime from More → Privacy options in the app.
11.1 — Regional Privacy Rights
- EEA / UK / Switzerland (GDPR): you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to withdraw consent at any time. Our lawful basis for the limited processing we perform is your consent (for ads/analytics where required) and our legitimate interest in keeping the app stable and secure. For advertising data, Google acts as an independent data controller — see Google's Privacy Policy and your Google Ad settings.
- California (CCPA/CPRA): we do not sell your personal information for money. Personalised ads served by Google may involve "sharing" of your Advertising ID for cross-context behavioural advertising as defined by California law. You can opt out by disabling ad personalisation in Android Settings → Privacy → Ads, by declining the in-app consent prompt where shown, or via your Google Ad settings. You may also exercise your rights to know and to delete by contacting us.
To make any privacy request, email us at hfbstudioz@gmail.com and we will respond within a reasonable timeframe.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the app, please reach out:
Developer — HFB Studioz
hfbstudioz@gmail.com