Privacy Policy - GarageAAtoESP32

Last updated: 2026-05-09

GarageAAtoESP32 ("the app") is an open-source Android Auto app that triggers a do-it-yourself ESP32-based garage door opener over Bluetooth Low Energy (BLE). This policy describes what data the app handles and how it is stored.

Summary

• The app does not send any data to any server.
• The app does not contain any third-party analytics, tracking, advertising, or telemetry libraries.
• All data stays on your phone, encrypted with the Android Keystore.
• The app communicates only with your own ESP32 device over local Bluetooth Low Energy.

Data the app stores on your phone

The app stores the following information locally, in EncryptedSharedPreferences (AES-256, backed by the Android Keystore):

• PIN - the shared secret used to authenticate with your ESP32. The PIN is never transmitted over the air; it is used only as the key for an HMAC-SHA256 challenge-response.
• BLE device address and name - so the app can reconnect to your chosen ESP32 without rescanning every time.
• Demo mode flag - whether you've enabled the simulated test mode.

Permissions and why they are needed

• BLUETOOTH_SCAN (with neverForLocation) - to discover your ESP32 device during one-time setup.
• BLUETOOTH_CONNECT - to connect to your ESP32 and send the open-garage command.
• ACCESS_FINE_LOCATION - required by Android for BLE scanning on older Android versions. The app does not access or store your location.

Data sent over Bluetooth

When you tap "Open Garage", the app exchanges a small number of bytes with your ESP32 over an encrypted local BLE connection:

• Reads a random nonce from the ESP32.
• Sends back an HMAC-SHA256 of that nonce, computed using your PIN as the key.
• Receives a 1-byte status response.

Your PIN is never sent over the air. No part of this exchange leaves your local Bluetooth radio.

Data sent to third parties

None. The app does not contact any server, does not include any analytics or crash-reporting SDK, does not include advertising, and does not share any data with anyone. There is no network code in the app at all.

How to delete your data

Because all data is stored locally and only on your phone, you can remove it completely at any time:

• Uninstalling the app removes all stored data. There is no cloud backup, no account, and no remote copy of anything.
• To clear data without uninstalling: Phone Settings - Apps - GarageAAtoESP32 - Storage - Clear data.

Children's privacy

The app is not directed at children and does not knowingly collect any data from anyone, regardless of age.

Changes to this policy

If this policy ever changes, the new version will be published at this URL with an updated "Last updated" date.

Contact

For privacy-related questions, contact: dunnow.software+privacy@gmail.com