veto

    Privacy Policy

    Last updated: May 31, 2026

    1. Introduction

    This Privacy Policy describes how Veto ("the App") handles information when you use our Android application. Veto is developed and operated by Stranger Labs (ABN 87 589 847 535) and is available at tryveto.app.

    Veto is an app-blocking and digital wellbeing tool that operates almost entirely on your device. We built Veto with a privacy-first philosophy: your data stays on your device. We do not operate servers, do not require accounts, and do not collect personal information. Some optional features — notification management and a focus "Do Not Disturb" mode — use additional Android permissions that are processed entirely on your device and described in Sections 4 and 5 below. The only data that ever leaves your device is anonymous crash reporting through Firebase Crashlytics and anonymous usage analytics through Firebase Analytics, both described in detail below.

    This Privacy Policy should be read together with our Terms of Service.

    2. Information We Do NOT Collect

    Veto does not collect, store, or transmit any of the following:

    • Personal information (name, email address, phone number, or any account credentials)
    • Location data
    • Contacts, photos, files, or messages
    • The contents of your notifications (notification text, message bodies, senders, or titles)
    • Browsing history or search queries
    • App usage statistics (your screen time data is processed and displayed locally on your device and is never transmitted)

    We do not require you to create an account. We do not operate any servers that receive your data. All app configuration, task lists, blocking rules, and usage statistics are stored locally on your device using an on-device database (Room) and local preferences (DataStore). This data never leaves your device.

    3. AccessibilityService Usage

    Veto uses Android's AccessibilityService API to detect which application is currently in the foreground on your device. This is necessary to determine whether a blocked app has been opened so the App can display a blocking screen.

    Specifically:

    • Veto's AccessibilityService is configured with canRetrieveWindowContent="false", meaning the App cannot read any content displayed on your screen, including text, passwords, messages, notifications, or any other on-screen information.
    • The only information the AccessibilityService provides to Veto is the package name of the foreground application (for example, "com.example.app").
    • This information is processed entirely on your device, in real time, and is not stored, logged, or transmitted anywhere.
    • No data obtained through the AccessibilityService is sent to us, to Google, or to any third party.

    You can revoke AccessibilityService permission at any time through your device's Settings → Accessibility menu. The App's blocking functionality will not operate without this permission, but all other features remain available.

    4. Notification Access (NotificationListenerService)

    Veto includes an optional feature, "Block notifications from blocked apps," that hides notifications from the apps you have chosen to block while a blocking session is active. This feature is off by default and requires you to (a) turn it on in Settings and (b) grant Notification access through your device's system settings. Veto requests this permission only after showing you an in-app disclosure explaining exactly what it does.

    To provide this feature, Veto uses Android's NotificationListenerService API (the BIND_NOTIFICATION_LISTENER_SERVICE permission). What this means in practice:

    • When a notification is posted, Veto reads only the package name of the app that posted it (for example, "com.example.app") and basic non-content flags Android attaches to the notification (such as whether it is an ongoing or foreground-service notification, so those are never touched).
    • If — and only if — the notification comes from an app on your block list and a blocking session is currently active and you have enabled this feature, Veto dismisses that single notification on your device so it cannot distract you.
    • Notifications from every other app are left completely untouched.
    • Veto does not read the contents of your notifications. It does not access notification text, message bodies, titles, sender names, images, or attached actions or intents. It does not record, store, log, or transmit any notification data anywhere — not to us, not to Google, not to any third party. All processing happens on your device, in real time, in memory only.

    Important: When this feature dismisses a notification from a blocked app, that notification is removed and cannot be recovered — it will not be waiting for you when blocking ends. This is different from the Do Not Disturb feature described in Section 5.

    You can revoke Notification access at any time through your device's Settings → Notifications → Device & app notifications → Notification access. You can also turn the feature off inside Veto's Settings at any time. The rest of the App functions normally without it.

    5. Do Not Disturb / Focus Silence (ACCESS_NOTIFICATION_POLICY)

    Veto includes a second optional feature, "Silence all notifications during focus," which mutes notifications from every app while a blocking session is active. This feature is off by default and requires you to turn it on in Settings and grant Do Not Disturb access. Veto requests this permission only after showing you an in-app disclosure.

    To provide this feature, Veto uses Android's Do Not Disturb policy access (the ACCESS_NOTIFICATION_POLICY permission) together with an automatic Do Not Disturb rule. What this means in practice:

    • Veto turns a system Do Not Disturb rule on when a blocking session starts and off when it ends. This silences notification sounds and prevents notifications from popping up while you focus.
    • This feature only mutes notifications. Unlike the feature in Section 4, it does not dismiss or remove them — your notifications remain in your notification shade and will be there when blocking ends.
    • This feature does not read, access, store, or transmit any notification data. It only changes a system setting (whether Do Not Disturb is on). No notification content is involved at any point.

    You can revoke Do Not Disturb access at any time through your device's Settings → Apps → Special app access → Do Not Disturb access, and you can turn the feature off in Veto's Settings.

    6. Usage Statistics (UsageStatsManager)

    Veto uses Android's UsageStatsManager API to display your app usage statistics (screen time data). This data is provided by the Android operating system and is processed and displayed entirely on your device. It is stored locally and is never transmitted off your device.

    You can revoke this permission at any time through your device settings, which will disable the App's usage statistics features.

    7. Crash Reporting (Firebase Crashlytics)

    Veto uses Firebase Crashlytics, a service provided by Google LLC, to collect anonymous crash reports. Google acts as a data processor on our behalf for this purpose.

    Crash reporting is enabled by default. You may disable it at any time in the App's Settings screen. The App functions fully without crash reporting enabled.

    When the App crashes or encounters an error and crash reporting is enabled, the following information is sent to Google's servers:

    • Crashlytics installation UUID: a randomly generated identifier unique to your app installation (not linked to your identity)
    • Crash data: stack traces, exception messages, and crash timestamps
    • Device metadata: device model, operating system version, available RAM, free disk space, battery level, and screen orientation
    • App information: app version and Firebase App ID

    This data does not identify you personally. It is used solely to diagnose and fix bugs that cause crashes. Crash data is encrypted during transmission via TLS and is retained by Google for 90 days before automatic deletion. Firebase installation identifiers are removed within 180 days.

    Our legal basis for processing this data is your consent, provided by leaving crash reporting enabled. You may withdraw consent at any time by disabling crash reporting in the App's Settings.

    For more information about how Google handles this data, see:

    8. Analytics (Firebase Analytics)

    Veto uses Firebase Analytics (Google Analytics for Firebase), a service provided by Google LLC, to collect anonymous app usage analytics. This helps us understand how the App is used and identify areas for improvement. Google acts as a data processor on our behalf for this purpose.

    Analytics is disabled by default and is only enabled with your consent (through the analytics consent step in onboarding or the toggle in the App's Settings). You may disable it again at any time in Settings. The App functions fully without analytics enabled.

    When analytics is enabled, the following information is collected and transmitted to Google's servers:

    • Android Advertising ID (AAID): a resettable device identifier provided by Google Play Services, used for aggregate analytics purposes. This identifier is not linked to your identity or to any personal information held by us.
    • Firebase installation ID: a randomly generated identifier unique to your app installation.
    • App usage events: anonymous interaction data such as screen views, feature usage, and session duration. No task content, blocked app lists, notification data, or personal data is included in these events.
    • Device metadata: device model, operating system version, app version, and language setting.

    This data is used solely for aggregate analytics — understanding which features are used, identifying performance issues, and measuring the effectiveness of product improvements. It is not used for advertising, ad targeting, or building user profiles.

    Your control over the Advertising ID: You may reset or delete your Android Advertising ID at any time through your device's Settings → Google → Ads (or Settings → Privacy → Ads, depending on your device). You may also opt out of ad personalisation in the same settings menu; the App respects this preference. Disabling analytics in the App's Settings will stop all analytics data collection, including collection of the Advertising ID.

    Our legal basis for processing this data is your consent. You may withdraw consent at any time by disabling analytics in the App's Settings.

    9. Local Data Storage

    Veto stores the following data locally on your device:

    • Your task lists, completion history, and archived items (Room database)
    • Your blocked app selections (Room database)
    • Your blocking rules and schedules (Room database)
    • Locally computed app usage statistics (Room database)
    • Your preferences and settings, including blocker state and your notification/Do Not Disturb feature choices (DataStore)

    This data exists only on your device. We have no access to it. Completed tasks are automatically archived according to your settings (default: moved to Bin, with auto-clear after 30 days). You may adjust these retention periods in the App's Settings.

    Uninstalling the App permanently and irreversibly deletes all local data.

    10. Scheduled Notifications

    Veto uses Android's WorkManager and alarm scheduling to generate local notifications, including daily task reminders and prompts. These notifications are generated entirely on your device. No notification data is sent to any server.

    11. Third-Party Services

    The third-party services used by Veto are:

    • Firebase Crashlytics (Google LLC) — for anonymous crash reporting, as described in Section 7.
    • Firebase Analytics (Google LLC) — for anonymous app usage analytics, including collection of the Android Advertising ID, as described in Section 8.

    Both services are provided by Google and process data on Google's servers in accordance with Google's privacy policies. Both can be independently disabled in the App's Settings.

    Veto does not include any advertising SDKs, social media SDKs, or other third-party tracking tools.

    12. Data Sharing

    We do not sell, rent, trade, or share your data with any third party for advertising, marketing, or any other commercial purpose.

    The only data shared with a third party is anonymous crash data and anonymous analytics data sent to Google through Firebase Crashlytics and Firebase Analytics, as described in Sections 7 and 8, where Google acts as a data processor on our behalf. This data cannot be used to identify you.

    13. Children's Privacy

    Veto is suitable for users aged 13 and above. Users between 13 and 18 should have parental consent to use the App, as described in our Terms of Service.

    We do not knowingly collect personal information from children under 13 (or under the applicable minimum age in your jurisdiction). The anonymous crash data and analytics data collected by Firebase does not identify any user by age or identity.

    If you believe a child under 13 has provided personal information through the App, please contact us at the email address below and we will take steps to address it.

    14. Your Rights Under Australian Privacy Law

    If you are located in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) govern how we handle personal information.

    Given that Veto stores all user data locally on your device and the only data we process is anonymous crash reports and anonymous analytics data (which do not constitute personal information), the practical application of the APPs to Veto is limited. However, you have the right to:

    • Access: Request information about any personal information we hold about you.
    • Correction: Request correction of inaccurate personal information.
    • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

    You may disable crash reporting and analytics at any time in the App's Settings, and you may delete all local data by uninstalling the App.

    To exercise any of these rights, contact us at the email address below.

    15. Your Rights Under GDPR (European Economic Area Users)

    If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

    • Right to access: You may request information about any data we process about you.
    • Right to rectification: You may request correction of inaccurate data.
    • Right to erasure: You may request deletion of your data.
    • Right to restrict processing: You may request that we limit processing of your data.
    • Right to data portability: You may request a copy of your data in a portable format.
    • Right to object: You may object to data processing based on legitimate interests.

    Our legal basis for processing crash data and analytics data is your consent, which you provide by leaving crash reporting enabled and by enabling analytics respectively. You can withdraw consent at any time by disabling either or both in the App's Settings.

    Crash and analytics data is processed by Google in the United States. Google participates in the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses to ensure appropriate safeguards for international data transfers.

    Given that Veto collects only anonymous crash and analytics data, most data subject rights have limited practical application. This data is not linked to your identity and is automatically deleted by Google according to their standard retention schedules (90 days for crash data; Firebase installation identifiers within 180 days).

    To exercise any of these rights, contact us at the email address below.

    16. Your Rights Under CCPA (California Residents)

    If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the right to know what personal information is collected, request its deletion, and opt out of its sale.

    We do not sell any personal information. The only data collected is anonymous crash reports and anonymous analytics data as described in Sections 7 and 8. You may disable crash reporting and analytics at any time in the App's Settings.

    17. Data Security

    All data transmitted to Firebase Crashlytics and Firebase Analytics is encrypted in transit using TLS. Google's infrastructure is certified under ISO 27001, SOC 1, SOC 2, and SOC 3.

    All other data remains on your device and is protected by your device's own security measures (screen lock, device encryption). We recommend that you maintain appropriate security measures on your device, including a screen lock and up-to-date software.

    18. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. For material changes, we will provide at least 14 days' notice before the changes take effect, via an in-app notification or by posting the updated policy on our website.

    The "Last updated" date at the top indicates when the policy was most recently revised. Your continued use of the App after the updated policy takes effect constitutes acceptance of the changes. If you do not agree with the revised policy, you should stop using and uninstall the App.

    19. Contact Us

    If you have questions or concerns about this Privacy Policy, or wish to exercise any of your rights described above, please contact us at:

    Email: hello@tryveto.app
    Entity: Stranger Labs
    ABN: 87 589 847 535
    Location: New South Wales, Australia