PRIVACY POLICY
Nirvar: Safe Focus Ecosystem
Effective Date: March 16, 2026 | Last Updated: March 16, 2026
Welcome to Nirvar ("we," "our," or "us"), developed by Onnorokom Innovation. Nirvar is a comprehensive digital safety and app management application designed for families, parents, students, and individuals seeking a safer, more productive digital experience. Nirvar provides app blocking, scheduling, Custom DNS-based content filtering, uninstall protection, and an admin-user profiling system to help create a controlled digital ecosystem.
This Privacy Policy explains how we collect, use, store, and protect your information when you use the Nirvar application. By downloading, installing, or using Nirvar, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our application.
1. Information We Collect
1.1 Information You Provide (Optional Account)
Nirvar can be used without creating an account. However, if you choose to create an optional account for features such as settings backup, admin panel access, and real-time sync, we collect the following:
- Name: Your display name for your account profile.
- Email Address: Used for account authentication and communication.
- Phone Number: Used for account verification and recovery.
- Date of Birth: Used to verify age eligibility.
- Password: Stored securely using industry-standard hashing. We never store passwords in plain text.
1.2 Information Collected Automatically
When Nirvar is installed and active on a device, the following information may be collected:
- App Usage Data (On-Device Only): Information about which applications are installed, opened, and how long they are used. This data is collected via the App Usage Access permission and remains stored entirely on the device. It is never transmitted to our servers.
- Accessibility Service Data (On-Device Only): We use the Android Accessibility Service to detect the currently active application and enforce blocking/scheduling rules. This service does NOT collect, store, or transmit screen content, keystrokes, passwords, or personal communications. All processing occurs locally on the device. See Section 6 for full details.
- DNS Configuration Data (On-Device Only): Nirvar applies Custom DNS settings on the device to filter content at the network level. DNS configuration data remains on the device.
- Device Information: Device model, operating system version, and basic device identifiers to ensure app compatibility and stable operation.
- Analytics Data: We use Firebase Analytics to collect anonymised usage statistics such as app opens, feature usage, and crash reports. Firebase may collect device identifiers and general usage patterns in accordance with Google's privacy policies.
1.3 Information Collected via Admin-User System
Nirvar features a dual profiling system where an admin (e.g., a parent or guardian) manages user devices (e.g., a child's or student's device). The following data may be collected and synced in real time between admin and user devices:
- App blocking and scheduling configurations set by the admin.
- Default and personalised profile settings (whitelisted apps, time windows, access rules).
- App access requests submitted by users to the admin.
- Screen time statistics shared with the admin dashboard.
This data is transmitted securely via encrypted connections (TLS/SSL) to our servers to enable real-time sync between admin and user devices.
2. Permissions We Require
Nirvar requires certain Android permissions to function. Below is a transparent explanation of each:
- App Usage Access: Monitors which apps are used and for how long, enabling usage reports and enforcement of time limits set by the admin or user.
- Accessibility Service: Detects the foreground app to enforce blocking/scheduling rules; prevents unauthorised DNS setting changes; detects and prevents app uninstallation. Does NOT read screen content, text input, or passwords. See Section 6 for full disclosure.
- Device Administrator: Prevents uninstallation of Nirvar, ensuring blocking, scheduling, and content filtering rules remain enforced.
- Ignore Battery Optimization: Ensures Nirvar runs reliably in the background on devices that aggressively restrict background processes (e.g., Xiaomi, Huawei, Oppo, Vivo, Realme).
- Background Running / Auto-Restart: On certain devices, manual configuration may be needed to allow Nirvar to persist in the background and restart after reboot.
3. How We Use Your Information
- To provide, operate, and maintain the Nirvar digital safety and app management service.
- To enforce app blocking, scheduling, content filtering, and usage limit rules configured by the admin or user.
- To apply Custom DNS filtering to block harmful content categories at the network level.
- To prevent unauthorised changes to DNS configuration and app uninstallation.
- To sync configurations, profiles, and usage data in real time between admin and user devices.
- To authenticate accounts and back up settings to our server (for account holders).
- To analyse anonymised usage patterns via Firebase Analytics to improve app performance.
- To communicate with you about your account, app updates, or support inquiries.
- To comply with applicable legal obligations.
4. Data Storage and Location
4.1 On-Device Data
App usage statistics, locally applied blocking rules, DNS configuration, and Accessibility Service processing data remain entirely on the device and are never transmitted to our servers (except where real-time sync with an admin device is enabled by the user).
4.2 Server-Side Data
The following data is stored on our secure servers:
- Account information (name, email, phone number, date of birth, hashed password).
- Admin-configured profiles, blocking rules, whitelists, blacklists, and scheduling configurations.
- User-submitted app access requests and admin approval/denial responses.
- Screen time statistics synced with the admin dashboard.
Server-side data is protected using encryption in transit (TLS/SSL), secure infrastructure, and access controls.
4.3 Firebase Analytics Data
Firebase Analytics collects anonymised data (app opens, feature interactions, crash reports) on Google's servers. This does not include personal app usage statistics, blocking configurations, or any data from the Accessibility Service.
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:
- With Linked Admin/User Devices: Configurations, profiles, access requests, and usage statistics are synced between admin and user devices as part of the core functionality of the app.
- Firebase / Google: Anonymised analytics data is processed by Firebase Analytics. No data from the Accessibility Service is shared with Firebase or any third party.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
- Safety and Protection: We may disclose information if we believe in good faith it is necessary to prevent fraud or protect the safety of users.
6. Accessibility Service API — Detailed Disclosure
This section provides a comprehensive disclosure of how Nirvar uses the Android Accessibility Service API, in compliance with Google Play's Permissions and APIs that Access Sensitive Information policy.
6.1 Why Nirvar Requires the Accessibility Service
Nirvar is a digital safety and app management tool — not an accessibility tool for users with disabilities. We do not set isAccessibilityTool=true. The Accessibility Service is required because Android does not provide alternative APIs that can reliably detect the foreground application and enforce real-time app blocking.
6.2 Specific Uses of the Accessibility Service
The Accessibility Service is used exclusively for the following purposes:
- Foreground App Detection: Nirvar monitors AccessibilityEvents (TYPE_WINDOW_STATE_CHANGED) to determine which app is in the foreground. This enforces app blocking rules and usage schedules configured by the admin or user. Only the package name of the foreground app is checked — no screen content is read.
- DNS Settings Protection: Nirvar detects when the user navigates to device network/DNS settings screens and redirects them back, preventing circumvention of Custom DNS-based content filtering.
- Uninstall Prevention: Nirvar detects navigation to app uninstall screens and prevents the uninstallation flow, ensuring digital safety rules configured by the admin remain active.
6.3 Data Accessed Through the Accessibility Service
The only data accessed through the Accessibility Service is:
- The package name of the currently active (foreground) application.
- The window/activity class name to identify specific system settings screens.
This data is processed in real time on-device and is never stored, logged, transmitted, or shared.
6.4 What the Accessibility Service Does NOT Do
- Read, collect, or store any screen content, text displayed in apps, or UI elements.
- Record, intercept, or log keystrokes, passwords, PINs, or text input of any kind.
- Capture screenshots or record screen activity.
- Access, read, or monitor messages, emails, calls, contacts, photos, or files.
- Transmit any data collected via the Accessibility Service to our servers, Firebase, or any third party.
- Perform any function unrelated to app blocking, scheduling, DNS protection, or uninstall prevention.
6.5 User Consent and Control
Before the Accessibility Service is enabled, Nirvar displays a prominent in-app disclosure screen that:
- Clearly explains what data the Accessibility Service accesses.
- Describes exactly how the data is used.
- Requires affirmative consent ("I Understand & Agree") before proceeding.
- Provides an option to decline without being forced to enable the service.
The Accessibility Service can be revoked at any time from Android Settings › Accessibility. Revoking this permission will disable app blocking, scheduling, DNS protection, and uninstall prevention features.
7. Children's Privacy
Nirvar may be used by parents or guardians to manage a child's or student's device. We take children's privacy seriously.
- We collect only the minimum data necessary to provide digital safety and app management functionality.
- We do not collect personal communications, photos, videos, or browsing history content from any device.
- We do not serve advertisements to users or use their data for advertising purposes.
- Parents, guardians, or admins can request deletion of a user's data at any time by contacting us.
We comply with applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) and similar regulations.
8. Data Retention
On-device data is retained for as long as Nirvar is installed. Uninstalling the app deletes all locally stored data.
Server-side data is retained while your account is active. You may request account deletion at any time by contacting us. Upon deletion, your data will be permanently removed from our servers within 30 days, except where retention is required by law.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated server-side data.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: You may stop using Nirvar at any time by disabling the Accessibility Service, removing Device Administrator privileges, and uninstalling the app.
To exercise any of these rights, contact us using the information in Section 13.
10. Third-Party Services
- Google Play Services: For app distribution and device compatibility.
- Firebase Analytics (Google): For anonymised usage analytics and crash reporting. See Google's Privacy Policy at https://policies.google.com/privacy.
These third-party services have their own privacy policies. We are not responsible for their privacy practices.
11. Age Requirements
Nirvar is intended for individuals who are at least 13 years old (or the minimum age required in your jurisdiction). Users under the required age must have consent from a parent or legal guardian.
We do not knowingly collect personal information from children under 13 without parental consent. If we become aware that we have done so, we will promptly delete that information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you through in-app notifications or email.