Privacy Policy for ShieldX

Last Updated: April 5, 2026

1. Introduction

Sumo Solutions ("we," "us," or "our") operates the ShieldX mobile application (the "Service"). This Privacy Policy explains our commitment to your privacy, detailing how information is handled within the Service.

Our Privacy Commitment: While ShieldX is designed to perform its core blocking functionality on your device, it utilizes third-party services for analytics, advertising, and remote configuration. We are committed to transparency about the data processed by these services. All your personal blocking configurations and rules are stored exclusively on your device and are not transmitted to our servers.

2. Information and Data Handling

Data Processed Locally on Your Device

All core blocking functionalities of the Service process data directly on your device. This data is not accessible to us. This includes:

• Blocking Rules and Profiles: All rules, profiles, schedules, and block lists you create are stored only on your device.
• Installed Apps Information: The Service accesses the list of your installed applications solely to allow you to select apps for your blocking rules. This list is not transmitted off your device.
• AccessibilityService API & NotificationListenerService Data: To perform its blocking functions, ShieldX uses these services to detect URLs, in-app features, or notifications you have chosen to block. All sensitive data from these services is processed on your device in real-time and is not logged, stored, or transmitted by us.
• On-Device AI Content Detection: ShieldX includes an optional AI-powered feature that analyzes screen content to detect explicit or inappropriate material. This analysis is performed entirely on your device using a locally stored machine learning model — no screenshots, screen images, or visual content are ever transmitted to our servers or any third party. The AI model produces only a binary classification result (block or allow), and the raw screen content is discarded immediately after analysis. This feature operates solely through the AccessibilityService API and processes data in real-time with no persistent storage of screen content.

Information We May Collect and Transmit

To maintain and improve the Service, certain non-personal and operational data is transmitted to third-party services:

• Anonymous Analytics and Crash Reports: We use Firebase Crashlytics to collect anonymous diagnostic data in the event of an app crash or error. This data includes device type, OS version, and app state, and it helps us fix technical problems.
• Wrongful Block Reports: If you choose to report content that was blocked incorrectly, we transmit the blocked content's identifier (e.g., URL or keyword) and the reason for the block to our analytics services to improve our blocking accuracy.
• Remote Logging: To diagnose service reliability issues, the app sends anonymized operational logs to Google Cloud Firestore. These logs include a randomly generated anonymous user ID, session ID, and device information, but do not include your browsing history, screen content, or personal data.
• Remote Configuration: The app periodically contacts Firebase Remote Config to fetch settings, such as information about app updates.
• Advertising Identifiers: To support our Service, we display ads using Google AdMob. These services may collect device-specific identifiers (such as the Google Advertising ID) to serve personalized or non-personalized ads and manage your consent choices via Google's User Messaging Platform (UMP) SDK.

3. Use of Data

Any data collected is used for the following limited purposes:

• To Provide the Service: To enable the core, local-only blocking functionality of the app, including on-device AI content detection.
• To Improve and Monitor the Service: To detect, prevent, and address technical issues using anonymous crash reports and operational logs.
• To Support the Service: To provide you with advertising.

4. Advertising

We use Google AdMob to show advertisements, which helps keep the Service free. For users in regions like the European Economic Area (EEA) and the UK, we use Google's User Messaging Platform (UMP) SDK to manage your consent for personalized advertising. You can change your preferences at any time in the app's settings.

For more information, please see Google's partner sites policy and Privacy Policy.

5. Service Providers

We use third-party companies for the following purposes:

• Google Cloud Firestore: For remote logging and configuration.
• Firebase Crashlytics: To provide anonymous crash and error reporting.
• Google AdMob: To serve advertisements.

These third parties are bound by their own privacy policies and are obligated not to disclose or use the information for any other purpose.

6. Data Retention

Since all personal data is stored locally on your device, we do not retain any personal information on our servers. Anonymous crash reports, logs, and advertising data are retained according to our third-party providers' policies.

7. International Data Transfers

The limited anonymous data we collect may be processed by our third-party providers in countries outside your residence. These providers maintain appropriate safeguards for international data transfers.

8. Your Data Rights and Control

Since all your personal data (such as blocking rules) is stored locally on your device, you have full control over it. You can delete all your data at any time by clearing the application's data from your device's settings or by uninstalling the application.

9. Your Privacy Rights (GDPR/CCPA)

Depending on your location, you may have rights under applicable data protection laws, such as the GDPR or CCPA, including the right to:

• Access the data we hold about you
• Request correction or deletion of your data
• Withdraw consent for data processing (e.g., personalized ads)

You may exercise these rights by contacting us at support@sumosols.com. You can also update your ad consent preferences within the app settings at any time.

10. Children's Privacy

ShieldX is not intended for use by children under the age of 13. We do not knowingly collect, use, or transmit any personal information from children under 13. Because the app includes services that automatically collect data (e.g., advertising IDs, crash reports, remote configuration), it is not compliant with child privacy laws such as COPPA for users under 13.

If you are a parent or guardian and believe that your child under 13 has used the app and provided us with any information, please contact us immediately at support@sumosols.com, and we will take steps to delete any data associated with that use.

By installing or using ShieldX, you affirm that you are at least 13 years of age.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: support@sumosols.com