Privacy Policy for AutoSpot

1. Zero Data Collection & Transmission

AutoSpot operates under a strict Zero-Data policy:

• No Server Connections: The application does not request or hold any internet or network permissions (android.permission.INTERNET). It cannot send or receive data from any external server.
• No Collection: We do not collect, read, store, or transmit any personal data, text inputs, location data, or screen contents. All operations are processed purely in-memory and locally on your physical device.
• No Ads or Analytics: The application contains no advertisements, no tracking SDKs, and no third-party analytics libraries.

2. Explanation of Requested Permissions

AutoSpot requires specific Android permissions to execute its automated features. Here is how they are used:

A. Accessibility Service (BIND_ACCESSIBILITY_SERVICE)

Purpose: AutoSpot uses the Accessibility API to automate toggling your phone's mobile hotspot on or off when your vehicle's Bluetooth connects or disconnects.

Actions Performed: The service opens your phone's Quick Settings panel, scans the layout locally to find the "Hotspot" tile, performs a tap gesture on the tile, and immediately closes the panel.

Data Access: The service only reads the labels of the Quick Settings panel tiles in-memory to find the button. It does not monitor, read, or record text inputs, screen content of other applications, or any personal information.

B. Bluetooth Connect (BLUETOOTH_CONNECT)

Purpose: Used to query the list of your paired Bluetooth devices so you can select your vehicle infotainment system, and to respond when that specific device connects or disconnects.

C. Foreground Service (FOREGROUND_SERVICE_CONNECTED_DEVICE)

Purpose: Used to run a background service that listens for Bluetooth connection events even when the phone screen is off or the app is closed, ensuring the hotspot toggles reliably.

3. Voluntary Support & Diagnostic Logs

If you experience technical issues and choose to contact support, you may voluntarily export and share diagnostic logs with us using the "Export Logs" button inside the app settings.

Salted Hashing: To protect your privacy, identified Bluetooth hardware addresses (MAC addresses) in the logs are obfuscated using a one-way cryptographic hash combined with a temporary, random key (salt) generated dynamically in memory.

This salt is generated during the export process and discarded immediately after. This secures the raw hardware identifiers, preventing them from being easily read or reverse-engineered by external parties while still allowing support to analyze connection sequence trends in the provided file.

4. Data Security & Disclaimer

Because AutoSpot does not collect, transmit, or store any personal data or usage data, your privacy is protected. Selected Bluetooth trigger devices are stored securely in local app settings, while automation events (such as Accessibility gestures and connection signals) are processed temporarily in memory. All data remains strictly on your physical device and is never uploaded or shared.

However, please be aware that the security of your device is your responsibility. We recommend keeping your device operating system updated and securing it against unauthorized physical and digital access. AutoSpot is provided "as is" without warranties of any kind regarding security, reliability, or performance.