Last modified on July 2, 2025
a. Personal Information:
We collect the following information you provide directly:
Email address – used to create and manage your account.
Phone number – used for registration and secure authentication (e.g., SMS OTP).
Authentication credentials – such as TOTP secrets, passkeys, or biometric preferences used to secure your account.
Linked account metadata – including OAuth tokens, third-party account identifiers, access scopes, and linkage status used to monitor, secure, and analyze activity across connected accounts.
b. Automatically Collected Information
When you use the Services, we automatically collect certain technical and usage data to help operate, secure, and improve the platform.
This includes:
Device and OS information – such as device model, operating system version, and language settings.
Usage data – including screens viewed, features used, and in-app interactions.
Crash reports and diagnostics – collected to improve system reliability and address bugs.
Consent flags and region codes – used to enforce privacy compliance based on your jurisdiction.If you grant permission through your device settings, we may also collect location data, including coarse or precise geographic coordinates derived from GPS, Wi-Fi, or mobile network signals.
Location information is used solely to enhance your security through features such as impossible travel detection, anomaly-based threat alerts, and location-aware protection recommendations.
We only collect this data when it is actively required by a security feature and you have explicitly opted in.Your location data is processed locally when possible and encrypted in transit and at rest. You may change your location-sharing preferences at any time via the Privacy Settings in the app.
We use your personal information to:
Provide and secure your access to the Services;
Encrypt and protect your credentials and linked accounts;
Personalize security recommendations and alerts;
Monitor usage and detect anomalous behavior;
Support Scout or other automated protection features that rely on behavioral or location-based insights;
Fulfill legal obligations, including regional privacy laws;Improve service performance, agent accuracy, and future feature development;
Conduct lawful threat intelligence analytics (only with user consent).
We may use location data, with your permission, to:
Detect potential account compromise based on abnormal location access patterns (e.g., impossible travel);
Deliver location-based alerts or protective features (e.g., risky Wi-Fi detection);
Comply with regional security regulations or respond to verified law enforcement requests (with legal basis and user consent where applicable).
We do not use your personal information for advertising, profiling, or third-party monetization. All data usage is directly tied to your account’s protection, and always within the scope of your explicit consent.
We do not sell or rent your personal data. We may share data under the following circumstances:
With trusted third-party providers (e.g., cloud infrastructure, authentication, payments, or analytics partners) solely to deliver the Services.
For legal or regulatory reasons, including subpoenas, court orders, or government requests.
With law enforcement, where consent has been granted or a credible threat has been detected in your region.
In the event of a merger, acquisition, asset transfer, or bankruptcy, subject to compliance with applicable laws and data protection safeguards.
Depending on your region, you may have the right to:
Access – view the data we hold about you.
Correct – fix inaccuracies in your profile.
Delete – remove your account and associated personal data.
Export – download your data in a machine-readable format.
Restrict or object – limit processing or object to certain uses (e.g., analytics).
Opt-out – decline data sharing.
We may request additional information to verify your identity before fulfilling your request. We will respond to verified requests within the timeframes required by applicable law. You may exercise these rights in the app’s Privacy Settings or by contacting hello@dfend.app.
We use industry-standard security protocols to protect your personal information, including:
AES-256 encryption for data at rest;
TLS 1.3 encryption for data in transit;
Multi-factor authentication (MFA) and biometric fallback;
Role-based access control with least-privilege enforcement;
Comprehensive audit logs to record access, changes, and consent.
Despite these measures, no method of transmission over the internet is 100% secure. In the event of a breach, we will notify affected users and regulatory authorities as required under applicable law.
We retain your personal data only as long as necessary to:
Maintain your account and provide the Services;
Comply with legal and regulatory obligations;
Maintain audit trails and backup logs (up to 90 days post-deletion).
You may delete your account at any time in the app. Data will be permanently deleted within 30 days unless longer retention is required by law..
DFend is not intended for users under 13 years of age, or under the minimum age of digital consent in your country. If we discover that a user underage has submitted personal data without parental consent, we will delete that data immediately and restrict access in accordance with COPPA and equivalent regional laws.
Age is verified at onboarding via self-attestation. Accounts created in violation of this policy will be flagged and removed.
DFend complies with privacy laws including:
COPPA (US) – strict underage access controls.
CCPA/CPRA (California) – users may opt out of data sharing and request deletion.
GDPR (EU/EEA) – opt-in required for all data processing.
LGPD (Brazil) – opt-in required for sensitive data.
We localize data handling, retention, and enforcement to match the laws of your jurisdiction.
We enforce consent preferences based on your region:
California: Opt-in required. A “Do Not Sell or Share My Personal Information” selection is provided.
Rest of World: Opt-in by default, with the ability to opt out at any time.
All consent states—granted, revoked, or updated—are securely stored and linked to your user profile. You can manage or withdraw your consent at any time in the Privacy Settings panel within the app.
We process your data using one or more of the following legal bases:
Consent – when you’ve explicitly agreed.
Contractual necessity – to deliver the Services you requested.
Legal obligation – to comply with laws, subpoenas, or regulatory requests.
Legitimate interest – for service performance, anonymized analytics, and fraud detection, unless overridden by user rights.
If you submit content (e.g., feedback, spam reports, flagged calls, or threat intelligence):
You grant DFend a limited license to use this content to improve our Services.
You agree not to submit false, unlawful, or infringing content.
DFend is not liable for content submitted by users and reserves the right to review or remove any content at its discretion.
Misuse of this feature may result in account suspension or termination.
You may be invited to test beta or experimental features.
These features:Are provided “as is” without warranties or guarantees;
May be discontinued at any time without notice;
May collect anonymized diagnostics and feedback (with consent).
Participation is optional and you can opt out at any time via the Settings → Privacy panel.
If you install DFend via the Apple App Store or Google Play:
App purchases and subscriptions are managed through your Apple or Google account.
Deleting your app store account does not automatically delete your
DFend account.Subscription cancellations and refunds are governed by the app store’s policies.
DFend will present clear purpose string prompts (e.g., for location access) when requesting system permissions. We only request access to sensitive device-level features when essential to a security feature you’ve enabled.
You agree not to use or access the Services in violation of:
U.S. export control and re-export laws;Sanctions administered by the Office of Foreign Assets Control (OFAC);
Any other jurisdiction’s applicable trade or embargo laws.
You further represent that you are not located in a restricted country and are not listed on any government-prohibited party list.
DFend maintains internal audit logs for all privacy-related actions, including:
Consent updates;
Regional assignments;
Data subject rights requests (DSARs);
Threat detections tied to anonymized metadata.
These logs are securely stored and may be used for compliance, legal defense, and regulatory audits.
We use analytics tools only after you provide explicit consent. If enabled, we may collect:
Frequency of feature usage;
Device performance data;
Anonymized user behavior trends.
You can disable analytics at any time within Settings → Privacy.
Your personal data may be transferred to and processed in countries outside your jurisdiction, including the United States.
Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to protect your data in transit and at rest.
We may update this Privacy Policy to reflect changes in technology, law, or our Services.
When material updates are made:
You will be notified via email or in-app notification;
The updated policy will be published at dfend.app/privacy;
Continued use of the Services after the effective date constitutes acceptance of the revised policy.
If you do not agree with any changes, you must discontinue use of the Services.
Contact Us: If you have questions, feedback, or wish to exercise your privacy rights, please contact:
DFend, Inc.
Email: hello@dfend.app
Website: www.dfend.app
DFend isn’t just security software — it’s a proactive security movement. The future of security is personal, and everyone deserves a digital security agent that protects them 24/7.
.png)
.svg){kind=logo}
.png)
