GuardLite
GuardLite Privacy Policy
Effective date: June 12, 2026
The short version
GuardLite is a no-root personal firewall for Android, developed by Sigfred Larot. It works by blocking apps you haven't allowed — not by reading your traffic. Everything GuardLite does happens on your device: it never inspects, logs, forwards, or stores the contents of your network traffic, it has no servers and no account, and it does not collect or transmit your browsing history or anything that identifies you.
1. What GuardLite stores on your device
GuardLite keeps a small amount of information, all of it in app-private files and databases that other apps cannot read:
- Your firewall rules — which apps you allow or block, and whether each app is allowed on Wi-Fi and/or mobile data — together with your profiles and any schedules you set.
- A history of actions GuardLite took — rule changes, profile switches, and protection turning on or off. This is a log of what you and the app did, not a record of your network traffic. Only the most recent entries are kept, and you can clear them in the app.
- Data-usage counters — running totals of how much data your device has
downloaded and uploaded, read from Android's own system counters
(
TrafficStats). These are device-wide totals used for the usage monitor and the optional data limit. They are an estimate, are stored only on your device, and you can reset them at any time. - Your preferences — such as the chosen theme, whether system apps are shown, and your data-limit setting.
To show the per-app rules screen, GuardLite also reads the list of apps installed on your device through Android's package APIs. This list is read for display; it is not transmitted anywhere.
2. What GuardLite does NOT collect or do
- It does not read, inspect, log, forward, or store the content of your network traffic.
- It keeps no connection logs — no record of the sites or servers you connect to, no IP addresses, ports, or packet contents, and no per-connection "which app connected where" attribution.
- It does no DNS logging, observation, or redirection.
- It runs no servers, has no account or sign-in, and does no cloud sync. Nothing you do in GuardLite is stored off your device by us.
- It does not collect your name, email, phone number, location, or any advertising or cross-app tracking identifier.
- It contains no analytics, crash-reporting, or tracking SDK of any kind.
3. How the firewall works (local only)
GuardLite uses Android's built-in personal-VPN feature as a local gate, not as a remote tunnel. When protection is on, GuardLite sets up a dead-end tunnel: apps you have allowed (for the network you're currently on) are routed around the tunnel and connect to the internet normally, while every other app's traffic is dropped on your device. GuardLite does not route your traffic through any VPN server, proxy, or relay operated by us or anyone else, and it never reads what your apps send. Your allowed apps reach the internet the same way they always would.
4. Android permissions
GuardLite requests only the permissions the on-device firewall needs:
INTERNET— required by Android for the VPN service to run. No traffic ever leaves your device for a server we control.ACCESS_NETWORK_STATE— to tell whether you are currently on Wi-Fi or mobile data, so per-network rules apply to the right network. It reads the connection type, not its contents.FOREGROUND_SERVICEandFOREGROUND_SERVICE_SPECIAL_USE— so the firewall keeps running while the app is in the background.POST_NOTIFICATIONS— to show the persistent "protection is on" status notification.QUERY_ALL_PACKAGES— so the per-app rules screen can list the apps installed on your device.RECEIVE_BOOT_COMPLETED— to re-apply your scheduled profile switches after the device restarts.
The firewall runs through Android's VpnService, which the system binds with
the BIND_VPN_SERVICE permission and only after you grant the VPN consent
prompt. GuardLite does not request access to your contacts, photos, location,
microphone, camera, SMS, call logs, calendar, or files.
5. Third-party services
GuardLite integrates no third-party services — no Google Play services, no payment processors, and no SDKs that communicate off your device.
GuardLite is built only with open-source Android libraries (AndroidX / Jetpack, Room, DataStore, Jetpack Compose, Hilt). GuardLite does not integrate any third-party analytics, advertising, or crash-reporting SDK, and does not sell your data.
Optional update check. GuardLite can check whether a newer version is available by fetching one small, static version file from the developer's website (larots.com) — the same site the app is downloaded from. This happens only when you tap Check for updates or turn on the optional once-a-day automatic check (off by default). The request is an ordinary download of a public file, like opening the page in a browser: it sends no identifiers, no account, and no usage data, and nothing about you or your device is included or stored.
If you choose to email us a screenshot or a backup file, the contents you send fall under the privacy practices of that channel. We only see what you send.
6. Data retention
- Rules, profiles, schedules, preferences, and data-usage counters are stored in app-private storage on your device. They persist across restarts and are removed when you uninstall GuardLite. You can reset the data-usage counter at any time in Data usage, and a backup you export is a file you control.
- The action history keeps only the most recent entries and can be cleared from the History screen.
7. Children's privacy
GuardLite is not directed at children under 13 (or the equivalent minimum age in your jurisdiction) and does not knowingly collect personal information from children. Because GuardLite stores nothing about you off your device, there is no information for us to retrieve, modify, or delete in response to a children's-data request.
8. Security
Everything GuardLite stores stays in app-private storage, protected by Android's standard app-sandbox isolation. There is no remote channel for us to read it through. If you root your device, grant another app debug-level access, or install another VPN that takes precedence, GuardLite's on-device data may become readable by those tools — that is a property of your device's configuration, not of GuardLite.
9. What the firewall can and cannot do
GuardLite blocks by Android's own per-app VPN routing, so a blocked app's traffic is dropped before it leaves the device — there is no per-packet inspection that could "leak". Two honest limits worth knowing:
- Per-network rules act on your active connection. If you block an app on mobile data but Wi-Fi is also connected, Android routes the app over Wi-Fi, so it still works; the mobile block takes effect when mobile data is the connection in use.
- Data usage is a device-wide estimate (all apps, Wi-Fi and mobile together), counted while protection is on. It is not a per-app or carrier-grade meter.
Neither affects this policy: regardless of your settings, none of your data leaves your device for a GuardLite-owned server.
10. Changes to this policy
If we change this policy, the effective date above will change and the updated version will be posted at the same URL. Material changes will be called out in the GuardLite app's release notes for that version.
11. Contact
Questions about this privacy policy or about how GuardLite handles data:
Sigfred Larot — svlarot@gmail.com
This privacy policy reflects the GuardLite Android app's actual on-device behavior as of the effective date above. This policy was previously published at bluenex.org/guardlite/privacy/; that URL now redirects here.