PRIVACY POLICY — REDIL
Application: REDIL — Digital Evidence Registry with Location
Package: cloud.wilsondev.redil
Policy version: 2.0
Effective date: May 23, 2026
Last updated: May 23, 2026
1. WHO WE ARE
REDIL — Digital Evidence Registry with Location — is an Android application developed by WilsonDev, designed for professionals who perform fieldwork investigations, including investigative agents, forensic experts, inspectors, private investigators, attorneys, and audit teams.
Data Controller — Art. 5, VI of Brazilian LGPD:
Name: Wilson Souza
Brand: WilsonDev
Website: https://wilsondev.cloud
Contact e-mail: apc.wss@gmail.com
Data Protection Officer — DPO:
Wilson Souza — apc.wss@gmail.com
2. ABOUT THIS POLICY
This Privacy Policy describes which personal data REDIL collects, why we collect it, how we store it, with whom we share it, and what rights you have as a user.
This policy is drafted in compliance with:
• Brazilian General Data Protection Law — LGPD — Law No. 13.709/2018.
• Brazilian Internet Civil Framework — Law No. 12.965/2014.
• Google Play Store User Data Policy.
• General Data Protection Regulation — GDPR — principles, where applicable.
By installing and using REDIL, you agree to the terms described in this policy.
If you disagree, do not use the application.
3. WHAT DATA REDIL COLLECTS
3.1. Data you provide directly
REDIL may collect data provided directly by the user during sign-up, login, profile completion, route registration, and use of operational features.
Identification data:
• E-mail, used for sign-up and login.
• Password, stored only by Firebase, hashed, never by REDIL.
• Professional name, organization, badge number, role, and unit, optionally provided in the “Profile” tab.
• Institutional logo and digital signature, when optionally inserted in the “Profile” tab.
Operational data:
• Target names, addresses, coordinates, radii, and notes entered during route registration.
• Field observations and annotations entered after capture.
3.2. Data automatically collected during capture
During use of capture functions, REDIL may automatically collect technical and operational data necessary for the creation of digital evidence.
Location data:
• Latitude, longitude, altitude, and GPS precision, used as a forensic stamp embedded in each photo or video.
• Address derived from reverse geocoding, used as part of the forensic stamp.
Sensor data:
• Compass azimuth, when available and authorized, used as part of the forensic stamp.
Media data:
• Photos and videos captured by the camera, as the core function of the application.
• Audio track from recorded videos, as an integral component of the video.
Temporal and integrity data:
• Local date/time and NTP timestamp from pool.ntp.br, used for evidence integrity.
• SHA-256 file hash and EC P-256 cryptographic signature, used for digital chain of custody.
3.3. Data generated by Firebase Authentication
When you create an account, Firebase Authentication may generate and store:
• User ID — UID: unique identifier assigned by Firebase.
• E-mail verification status: “e-mail confirmed” flag.
• Login provider: e-mail/password or Google.
• Last login date and time.
3.4. Diagnostic data — opt-in, default off
Only if you manually enable telemetry in Settings → Telemetry, the following data may be collected:
• App crash and ANR reports.
• App version, device model, and Android version.
• Anonymous stack trace and logs related to the crash.
This data is sent to Firebase Crashlytics — Google — and is never associated with your name or e-mail.
3.5. Data REDIL does not collect
To be clear, REDIL does not access and does not collect:
• Your contacts list.
• Your calendar history.
• Your SMS, MMS, or e-mails.
• Your web browsing history.
• Advertising identifiers — Advertising ID.
• Persistent device identifiers — IMEI or serial number.
• Financial, banking, or card data.
• Health, biometric, or genetic data.
• Your background location.
• Any data from other installed applications.
The ACCESS_BACKGROUND_LOCATION permission was removed in version 1.1.2.
The fingerprint used to unlock the app stays on your device and never leaves it.
4. WHY WE COLLECT EACH PIECE OF DATA — PURPOSE AND LEGAL BASIS
E-mail and password:
Purpose: authentication in the app.
Legal basis: performance of contract — LGPD Art. 7, V / GDPR Art. 6(1)(b).
Name, organization, role, and related professional data:
Purpose: professional identification on reports.
Legal basis: consent — LGPD Art. 7, I / GDPR Art. 6(1)(a).
Observation: optional fields.
Precise location:
Purpose: stamping latitude and longitude on forensic evidence.
Legal basis: legitimate interest and contractual purpose — LGPD Art. 7, V and IX.
Photos and videos:
Purpose: core function of the application.
Legal basis: performance of contract — LGPD Art. 7, V.
Video audio track:
Purpose: integral preservation of the evidence.
Legal basis: performance of contract — LGPD Art. 7, V.
Hash, signature, and NTP:
Purpose: digital chain of custody.
Legal basis: legitimate interest — forensic integrity.
Diagnostics — opt-in:
Purpose: bug diagnosis and correction.
Legal basis: explicit consent — LGPD Art. 7, I.
5. HOW WE PROTECT YOUR DATA
5.1. At rest — on your device
The local database is encrypted with SQLCipher — AES-256.
The database key is protected by the Android Keystore, with hardware-backed key storage when available, using an AES-GCM wrapper key.
Photos, videos, and exported files are kept in the app’s internal storage — filesDir/ — inaccessible to other applications.
The app offers an optional biometric lock, using fingerprint or face unlock, when opening the application.
Your password is never stored by REDIL. It is stored only by Firebase, with a one-way hash.
5.2. In transit
All communications with servers — Firebase and Google Drive — occur via HTTPS/TLS 1.3.
The app’s networkSecurityConfig blocks cleartext traffic.
Queries to NTP servers — pool.ntp.br — use the standard SNTP protocol, UDP 123, without personal data.
5.3. Digital chain of custody
Each piece of evidence generated by REDIL receives:
• SHA-256 hash of the file, functioning as a unique identity of the content.
• NTP timestamp independent of the phone clock.
• EC P-256 cryptographic signature — SHA256withECDSA — generated by the Android Keystore.
These elements allow detection of any subsequent alteration to the evidence and are exportable as a signed JSON manifest for use in formal proceedings.
5.4. No automatic backup
The android:allowBackup="false" flag in the manifest prevents Android automatic backup to Google cloud.
Your data does not leave the device without your explicit action.
6. WITH WHOM WE SHARE YOUR DATA
6.1. Firebase Authentication — Google LLC
Data shared:
• E-mail.
• Password with hash.
• UID.
• E-mail verification status.
Purpose:
• Authentication only.
Server location:
• United States and European Union, according to default Firebase regions.
Firebase policy:
https://firebase.google.com/support/privacy
Status:
• Data processor, under standard Google contract.
6.2. Google Drive — Google LLC — only if you use the export function
Data shared:
• Only the files — photos, videos, and reports — that you explicitly export through the “Export to Drive” function.
Permission used:
• drive.file scope — REDIL only accesses files that REDIL itself created in your Drive and has no access to your other Drive files.
• documents scope — only to generate the consolidated Google Doc of the exported route.
Who has access:
• Only you, within your own Google account.
6.3. Firebase Crashlytics — Google LLC — only if you enable telemetry
Data shared:
• Crash stack traces.
• Device model.
• Android version.
• App version.
Anonymized data:
• Does not include your e-mail or personal data.
Purpose:
• Bug diagnosis.
Status:
• Explicit opt-in, default off.
6.4. Public NTP provider — pool.ntp.br
Data shared:
• Only your device’s IP address in the standard SNTP connection.
Purpose:
• Obtain reliable timestamp for the chain of custody.
Personal data:
• No personal data is transmitted. It is a standard worldwide clock query.
6.5. Who does not receive your data
REDIL does not share your data with:
• Advertising platforms, such as Google Ads, Meta Ads, etc.
• Data brokers.
• Third-party analytics platforms, such as Mixpanel, Amplitude, etc.
• Social networks.
• Any company not listed in sections 6.1 through 6.4 above.
7. HOW LONG WE KEEP YOUR DATA
7.1. On your device
Data remains as long as the app is installed.
If you uninstall the app without first deleting your account, local data is removed by Android along with the app, but the associated Firebase account remains.
7.2. In Firebase Authentication
Your Firebase account persists until you delete it, either:
• Via the “Delete account” button inside the app — Settings → LGPD section.
• By request to apc.wss@gmail.com.
After deletion, all records are removed from Firebase servers within 7 business days.
7.3. Firebase operational backups and logs
Firebase may retain internal backup copies for up to 30 days after deletion, in accordance with Google policy.
After this period, deletion is permanent.
7.4. Media exported to Google Drive
These files remain in your Google Drive account as long as you wish.
REDIL no longer has access to these files after export.
To delete them, you must remove them manually from your Drive.
8. YOUR RIGHTS — LGPD ART. 18 / GDPR CHAPTER III
As a data subject, you have the following rights:
8.1. Access to data — LGPD Art. 18, II
You can export all your data in structured JSON format at any time.
In the app:
Settings → “My Data” → Export.
The file is saved locally and can be shared.
8.2. Correction — LGPD Art. 18, III
Profile data, such as name and organization, can be edited in:
Settings → Profile.
To correct your registered e-mail, log out and register a new one, or contact:
apc.wss@gmail.com
8.3. Anonymization, blocking, or erasure — LGPD Art. 18, IV
You can request data deletion through the following means:
In the app:
Settings → LGPD section → “Delete account”.
By e-mail:
apc.wss@gmail.com
Suggested subject:
REDIL — Delete account
You must provide the registered e-mail.
On the web:
https://wilsondev.cloud/post/17/
Deletion removes:
• Firebase account.
• All routes, targets, captured media, reports, audit logs, cryptographic signature key, settings, and profile data.
Deletion does not remove:
• Media you shared or uploaded to your Google Drive, because REDIL does not have access to delete them.
• Media you shared via WhatsApp, e-mail, or other channels.
8.4. Portability — LGPD Art. 18, V
The “My Data” export mentioned in item 8.1 generates an open and readable JSON file, in the redil.my-data.v1 schema format.
This file can be imported by other tools that adopt the same format.
8.5. Information about data sharing — LGPD Art. 18, VII
This policy, in section 6, lists all third parties with whom your data is shared.
There are no others.
8.6. Withdrawal of consent — LGPD Art. 18, IX
You can disable telemetry — Crashlytics — at any time in:
Settings → Privacy → Disable Telemetry.
Withdrawal does not affect processing based on other legal grounds, such as performance of contract for authentication.
8.7. How to exercise your rights
All requests can be made:
In the app:
• Through Settings options.
By e-mail:
• apc.wss@gmail.com
Suggested subject:
REDIL — LGPD Rights
Response timeframe:
• Up to 15 calendar days.
9. ANDROID PERMISSIONS AND WHY
REDIL requests the following permissions. Each one is only requested when you use the corresponding functionality.
Camera:
• Used to capture photos and videos.
Microphone:
• Used to record audio in videos.
Precise location — ACCESS_FINE_LOCATION:
• Used to embed GPS in evidence, foreground only, during capture.
Approximate location — ACCESS_COARSE_LOCATION:
• Used as a fallback when precise GPS is unavailable.
Internet — INTERNET:
• Used for authentication, geocoding, Drive export, and NTP.
Network state — ACCESS_NETWORK_STATE:
• Used to detect connectivity.
Biometric — USE_BIOMETRIC:
• Used for optional lock when opening the app.
External storage — READ_EXTERNAL_STORAGE, Android ≤ 32 only:
• Used to import CSV/XLSX spreadsheets on older Android versions.
Permissions not requested as of version 1.1.2:
• ACCESS_BACKGROUND_LOCATION — removed, because there is no more geofencing.
• POST_NOTIFICATIONS — removed, because there are no more automatic notifications.
• READ_MEDIA_IMAGES / READ_MEDIA_VIDEO — removed, because the app now uses Android Photo Picker, which does not require permissions.
10. CHILDREN AND ADOLESCENTS
REDIL is not intended for users under 18.
It is a professional operational tool.
We do not knowingly collect data from minors.
If you are a legal guardian of a minor and believe they have provided data to REDIL, please contact:
apc.wss@gmail.com
We will remove the information within 7 business days.
11. COOKIES AND TRACKING TECHNOLOGIES
REDIL is a native Android application and does not use cookies.
There is no pixel tracking, device fingerprinting, or advertising identifiers.
12. INTERNATIONAL DATA TRANSFER
The data you provide to Firebase Authentication may be processed on Google servers located in the United States, European Union, Asia, or other regions, according to the service’s standard architecture.
Google adopts standard contractual clauses and internationally recognized safeguard mechanisms for this transfer.
For Google’s official position on international data transfer, see:
https://policies.google.com/privacy
13. UPDATES TO THIS POLICY
This policy may be updated periodically to reflect changes in the application or in legislation.
Major changes will be communicated:
• On the app’s home screen after an update that changes data handling.
• In the header of this page, in the “Effective date” field.
Previous versions remain archived at:
https://wilsondev.cloud/post/15/historico
We recommend consulting this page periodically.
Continued use of the app after a policy update means acceptance of the new terms.
14. HOW TO FILE A COMPLAINT WITH REGULATORS
14.1. Brazil — ANPD
If you believe your rights have not been respected, you may file a complaint with the Brazilian National Data Protection Authority — ANPD.
Website:
https://www.gov.br/anpd
Data subject complaint channel:
https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao/peticao-do-titular
14.2. Other jurisdictions
Users in the European Union may contact their local Data Protection Authority.
A list is available at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
15. CONTACT
For any question, request, or complaint regarding the handling of your data:
E-mail:
apc.wss@gmail.com
Website:
https://wilsondev.cloud
Account deletion:
https://wilsondev.cloud/post/17/
This policy complies with Brazilian LGPD — Law No. 13.709/2018, Brazilian Internet Civil Framework — Law No. 12.965/2014, Google Play Store User Data Policy, and aligns with GDPR principles.
Version 2.0 — effective as of May 23, 2026.
Portuguese version:
https://wilsondev.cloud/post/15/