Legal

Privacy Policy

Effective March 4, 2026 · Last updated March 4, 2026

Privacy by default. Cloud only when you choose it.

Blink is designed around local-first privacy. Core protection works entirely on your device — nothing is collected, stored remotely, or shared with any third party. The only exception is the optional Google Drive backup, which you must explicitly enable and which stores an encrypted copy of your settings in your own Google Drive — inaccessible to us.

Overview

Blink ("we", "the app") is a personal-privacy and access-management application for Android. It detects when a protected app enters the foreground, displays a lock overlay, and requires fingerprint or PIN authentication to resume access. It runs discreetly in the background to keep your private apps private.

This Privacy Policy describes every Android permission Blink requests, whether each permission is required for core functionality or granted only when you opt in to a specific feature, and how the information those permissions expose is used.

Permissions and How We Use Them

Permissions are split into two tiers. Mandatory permissions are required for Blink's core protection layer and are requested during initial setup. Optional permissions are only requested when you explicitly enable the corresponding feature — you can use Blink without ever granting them. No data accessed through any permission ever leaves your device except where explicitly noted.

Mandatory — Core Protection

Display Over Other Apps Required

Required to show a full-screen lock overlay when a protected app is detected. The overlay is a solid dim — it displays no content from the underlying app.

Foreground Service Required

Keeps Blink running persistently in the background. Android requires a visible notification for foreground services — this notification confirms Blink is active.

Receive Boot Completed Required

Starts the Blink service at device boot so app protection is active before the user unlocks. No personal data is collected or processed at boot.

Volume Key Events Required

Detects the 5-button volume sequence used to open a Blink session. The sequence is processed in memory only and is never logged or stored.

Biometrics & PIN Required

Used for fingerprint authentication via Android's BiometricPrompt API. Blink never receives raw biometric data. PINs are hashed on-device using PBKDF2-HMAC-SHA-256 (310,000 iterations) and stored in EncryptedSharedPreferences — the plaintext PIN is never stored, logged, or transmitted.

Usage Stats Access Required

Required for Standard Mode — the core protection layer that polls the foreground app name to trigger the lock overlay. No usage history, patterns, or session data is recorded or transmitted.

Optional — Feature-Specific

Accessibility Service Opt-in

Enables Advanced Mode — instant overlay and recents clearing when a protected app enters the foreground. Blink reads window package names only — never on-screen text, keystrokes, or the content of other apps. Granted only if you choose Advanced Mode during setup.

Notification Access Opt-in

Suppresses or replaces heads-up notifications from protected apps during an inactive session. Notification content is read briefly in memory and is never written to storage or transmitted. Enabled only if you turn on notification masking in settings.

Device Administrator Opt-in

Allows Blink to lock the screen via Android's Device Policy API as a deterrent against repeated unauthorised access attempts. Blink uses force-lock only — it cannot wipe device data or perform a factory reset. Enabled only if you activate the lock deterrent in settings.

Google Drive Backup Opt-in

Stores an encrypted backup of your Blink settings in your own Google Drive appDataFolder. The backup is encrypted with AES-256-GCM using a key derived from your PIN — we cannot read it. Enabled only if you sign in to Google and initiate a backup. See Section 04 for full details.

What Blink Does Not Do

These are hard commitments, not aspirations.

No analytics, telemetry, crash-reporting, or advertising SDKs are included.
No third party ever receives any information about you or your usage.
Blink does not read, record, or store the content of your messages or emails.
Blink does not access your contacts, call log, or location.
Blink does not use your camera or microphone.
Blink does not upload your PIN hash, biometric reference, or any credential.
Blink does not perform factory resets or wipe device data.
We cannot read your Drive backup — it is encrypted with your PIN before upload.

Data Storage

Blink stores your configuration — protected apps, intercept mode, session timeout, and PIN hash — in Android EncryptedSharedPreferences, an on-device encrypted key-value store backed by the Android Keystore hardware module. This data is inaccessible to other apps and is not included in unencrypted Android backups. Uninstalling Blink permanently removes all stored data.

A short diagnostic log — up to 20 intercept event timestamps, no app names or personal data — is held in memory during the current session only and discarded when the app is terminated.

Google Drive Backup (optional)

If you enable Drive backup, your Blink configuration is encrypted on-device with AES-256-GCM before upload. The encryption key is derived from your PIN using PBKDF2-HMAC-SHA-256 — we never hold the key, and Google cannot read the content. The backup is stored in your personal Google Drive appDataFolder, which is accessible only by Blink and by you. You can delete it at any time from Google Drive settings. Disabling backup or signing out does not automatically delete the file from Drive — you must remove it manually if desired.

Google's handling of your Google account and Drive storage is governed by Google's Privacy Policy.

Children's Privacy

Blink is not directed at children under the age of 13 and does not knowingly collect personal information from children. If you believe a child under 13 has used this app, please contact us using the details below.

Changes to This Policy

If we make material changes to this Privacy Policy, we will update the effective date above and notify you via the app or Google Play Store listing. Continued use of Blink after any changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? We respond to all privacy inquiries within 30 days.

Email admin@factor-io.com