Effective Date: 30 April 2026
App Version: 1.0.1 (Build 2)
App Name: ImCrafter
Application ID: com.app.imcrafter
Developer Name: Sudhir Sid
Developer Contact: lamarulife@gmail.com
ImCrafter is an Android utility that scans documents, edits and resizes images and PDFs, performs offline OCR, signs PDFs, and stores files in encrypted vaults. The app operates entirely on your device. We do not collect, transmit, sell, or share any personal data.
Key facts you can verify yourself:
android.permission.INTERNET permission. You can confirm this by inspecting the installed APK with any package-info tool (e.g. aapt dump permissions). Without this permission, the app is technically incapable of contacting any server.We collect nothing. ImCrafter does not have any servers, accounts, or cloud storage. There is no sign-up, no log-in to a remote service, and no data syncing.
The following types of data stay exclusively on your device and are never transmitted:
| Type | Where it lives |
|---|---|
| Documents you scan, edit, sign, OCR, or resize | Download/ImCrafter/{Scanned Document, Image, Vault, PDFs, Text}/ on your device’s public storage |
| Activity history (action type, timestamp, file name, save path) | An encrypted SQLite database in the app’s private storage (AES-256 via SQLCipher) |
| Your drawn signature | A transparent PNG in the app’s private storage |
| Vault encryption passwords | Never stored. You type the password each time; it lives only in RAM during a single pack/unpack operation |
| User preferences (language, theme, default storage folder) | DataStore file in the app’s private storage |
| App authentication state | Device biometric / device PIN handled by Android’s BiometricPrompt API; ImCrafter never sees the credential |
We do not collect:
ImCrafter requests the minimum permissions necessary. Each is requested at the point of need (or during the first-run permissions walkthrough) and the app continues to function with reduced capability if you deny.
| Android permission | Why we need it | Where it’s used | Granted at |
|---|---|---|---|
CAMERA |
Capture document scans through Google’s ML Kit Document Scanner | Scanner feature | First-run setup or first scan attempt |
WRITE_EXTERNAL_STORAGE (Android 9 and earlier only — maxSdkVersion="28") |
Save output to Download/ImCrafter/... |
All save operations | Implicitly at install on those API levels |
USE_BIOMETRIC / USE_FINGERPRINT (transitively, via androidx.biometric) |
Unlock the app via fingerprint, face, or device PIN | Auth gate at launch | First app launch |
Notably absent: READ_MEDIA_IMAGES, READ_EXTERNAL_STORAGE, MANAGE_EXTERNAL_STORAGE. ImCrafter routes every gallery / file-picker interaction through the Android Photo Picker / Storage Access Framework (ActivityResultContracts.GetContent, OpenDocument, PickVisualMedia). Those contracts present the user with the system picker for each pick and hand back a content URI — no media-read permission required. This satisfies Play Store’s 2024+ Photo and Video Permissions policy without claiming a “frequent access” exception.
Notably absent permissions:
INTERNET — we cannot reach any server.ACCESS_NETWORK_STATE — we cannot probe network status.READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE / MANAGE_EXTERNAL_STORAGE — gallery picking goes through the Android Photo Picker / SAF.READ_CONTACTS / READ_PHONE_STATE / ACCESS_FINE_LOCATION — we have no use for these.RECORD_AUDIO — the app does no audio capture.Saved outputs (scans, edited images, PDFs, vaults, OCR text) are written to your device’s public Downloads folder under a top-level ImCrafter/ directory with five subfolders. These files are visible to you in any system file manager. You can move, copy, delete, or back them up exactly like any other file you save manually.
| Surface | Encryption |
|---|---|
| Activity-history database | SQLCipher AES-256. The 32-byte database key is generated on first launch using SecureRandom, stored in EncryptedSharedPreferences backed by Android Keystore (hardware-backed on devices with a Trusted Execution Environment). |
| Secure Vault ZIPs | AES-256 entry encryption (Zip4j). The password is supplied by you each time; we never persist it. |
| Encrypted PDFs (made via PDF Maker) | AES-128 (PdfBox-Android StandardProtectionPolicy). The password is supplied by you each time. |
| Cryptographic salts and database keys | Stored in keystore-backed EncryptedSharedPreferences, with a master key bound to the device’s Android Keystore. |
Authentication is delegated entirely to Android via the BiometricPrompt API with BIOMETRIC_WEAK or DEVICE_CREDENTIAL authenticators. ImCrafter:
If the Secure Vault unlock receives 3 wrong passwords in a row, the feature is locked for 1 hour. The attempt counter and lockout deadline are stored in DataStore and survive process death.
Tapping Settings → Lock now flips the in-memory session state to locked and wipes the app’s cacheDir, deleting any temporary files left behind by intermediate steps (uCrop work files, ML Kit scanner spools, PdfBox temp PDFs).
ImCrafter ships several open-source and Google-published libraries. The following provide on-device functionality only:
| Library | Provider | What it does | Network usage |
|---|---|---|---|
play-services-mlkit-document-scanner |
On-device document scan UI + ML | None — the model ships inside the AAR and runs in the Play Services process. The scanner activity is hosted by Play Services but does not require network for any operation. | |
play-services-mlkit-text-recognition |
On-device OCR (Latin script) | None — the Latin script model is bundled in the artifact. | |
pdfbox-android (Apache 2.0) |
TomRoush fork of Apache PDFBox | PDF generation, password protection, merging, splitting | None |
zip4j (Apache 2.0) |
Srikanth Reddy Lingala | AES-256 ZIP encryption for the Secure Vault | None |
compressor (Apache 2.0) |
Zelory | Image compression with iterative quality fitting | None |
photoeditor (MIT) |
Burhan Rashid | Multi-touch sticker for the Sign Document flow | None |
ucrop (Apache 2.0) |
Yalantis | Image crop and rotate | None |
sqlcipher-android (BSD-3) |
Zetetic | AES-256 SQLite encryption for the activity log | None |
androidx.biometric |
Google / AndroidX | Biometric authentication via Android Keystore | None |
ImCrafter does not use Google Analytics, Firebase, Crashlytics, AdMob, or any other Google data-collection product.
We do not share your data with anyone. Because we collect no data, there is nothing to share.
When you tap an item in the History screen, you may choose to share a saved file via your device’s standard share sheet (Intent.ACTION_SEND). That action invokes another app of your choosing (email, messaging, cloud drive, etc.). The choice and consequences of using that app are entirely yours; ImCrafter only hands the file over to the system share dispatcher.
When you tap OPEN on a save snackbar or a History row, ImCrafter fires Intent.ACTION_VIEW so the system can launch a viewer app of your choice (e.g. a PDF reader). Again, the third-party viewer’s behaviour is governed by its own privacy policy.
You control all data retention.
Download/ImCrafter/... until you delete them. Uninstalling ImCrafter does not remove these files (Android scoped-storage policy).Uninstalling ImCrafter removes the app’s private storage entirely. Files you saved to the public Download/ImCrafter/ directory are preserved unless you delete them manually.
ImCrafter is suitable for general audiences. We do not knowingly collect data from any user — including children under 13, 16, or any other age threshold. Because the app collects no data at all, no child-specific privacy concerns apply. The app does not contain advertisements or in-app purchases.
Because ImCrafter does not collect, store, or process any personal data on its servers (we have no servers), the rights granted by laws such as GDPR (EU), CCPA / CPRA (California), LGPD (Brazil), PIPL (China), and DPDP Act (India) — including the right to access, delete, port, or correct your personal data — are satisfied by the simple fact that we have no data to access, delete, port, or correct.
If you wish to verify this claim, you may:
INTERNET).tcpdump, NetGuard, PCAPdroid) to confirm the app makes zero outbound connections.If we update this Privacy Policy in a future version of ImCrafter, the new policy will be bundled with the updated app and the Effective Date at the top of this document will be revised. Material changes will be summarised in the Play Store release notes.
We will not retroactively change how older app versions handle data — older versions ship with the policy that was effective at the time of their release.
ImCrafter’s source code is maintained as an internal project of the developer. Build configuration, third-party library list, and security architecture are documented in the project’s README.
If you have questions, concerns, or feedback about this Privacy Policy, please contact:
Email: lamarulife@gmail.com Subject line: “ImCrafter Privacy”
We aim to respond within 7 business days.
This Privacy Policy must be reachable at a stable public URL for Google Play Console submission. Suggested options:
https://<username>.github.io/imcrafter-privacy/) is acceptable.Once hosted, paste the URL into Play Console → App content → Privacy policy.
End of Privacy Policy.