Halonex Mail
Privacy Policy

1. Introduction

Welcome to Halonex Mail. Your privacy is not just a feature — it is the foundation upon which this application was built. This Privacy Policy explains in clear, plain language what personal data we collect, why we collect it, how we protect it, how long we keep it, and what rights you have over it.

Halonex Mail is a secure, privacy-first mobile email client developed and operated by Halonex ("the Data Fiduciary"). The App is designed exclusively for provisioned institutional and corporate email accounts and functions as a direct, authenticated client to designated IMAP/SMTP mail server infrastructure.

This policy applies to all users of the Halonex Mail Android application. Where applicable, it specifically addresses compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

By using Halonex Mail, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. No data is collected or processed until you provide explicit, granular consent through our in-app Consent Screen.

2. Data Fiduciary Information

3. Scope of This Policy

This Privacy Policy applies to:

• The Halonex Mail Android application (package: app.halonex.mail).
• All data processed on your device by the App.
• All network communications between the App and the designated mail server (fusion.mxrouting.net).
• All data processed by the Halonex Vanta phishing detection API (api.vanta.halonex.app).

This Privacy Policy does not apply to:

• The email server infrastructure itself (managed by a third-party mail hosting provider).
• Emails or data stored on the remote mail server (governed by your institution's own policies).
• Third-party websites, services, or applications linked within emails you receive.

4. Accounts & Authentication

4.1 No Account Creation

Halonex Mail does not offer account registration or sign-up functionality. The App is a closed system that exclusively supports pre-provisioned institutional or corporate email accounts. You can only log in with credentials assigned to you by your organization.

4.2 Authentication Method

Authentication is performed by directly connecting to the designated IMAP mail server over an encrypted TLS connection:

• Incoming Mail (IMAP): fusion.mxrouting.net, Port 993, TLS encrypted.
• Outgoing Mail (SMTP): fusion.mxrouting.net, Port 465, TLS encrypted.

We do not operate a proprietary backend server for user credential storage or authentication brokering. Your credentials are validated directly against the institutional mail server.

5. Personal Data We Collect

We adhere to the principle of data minimization — we only collect data that is strictly necessary for the App to function. Below is an exhaustive list of every category of personal data the App processes.

5.1 Data You Provide Directly

• Your password is stored exclusively in EncryptedSharedPreferences, protected by AES-256-GCM and the Android Keystore hardware-backed TEE.
• Halonex (the developer) never has access to your password.

5.2 Data Collected Automatically

5.3 Security & Device Metadata

5.4 Consent & Audit Data

5.5 Data We Do NOT Collect

• No location data — We do not access GPS, network-based location, or any location services
• No contacts or address book — We do not read your device contacts
• No camera or microphone — We do not access your camera or microphone
• No phone state or call logs — We do not access telephony data
• No device identifiers — We do not collect IMEI, Android ID, Advertising ID, or hardware serial numbers
• No browsing history — We do not track your web browsing activity
• No third-party analytics or tracking — We do not integrate Google Analytics, Firebase Analytics, Facebook SDK, or any third-party analytics or advertising framework
• No crash reporting services — We do not use Crashlytics, Sentry, Bugsnag, or any third-party crash reporting service
• No actual biometric data — The App delegates biometric authentication to the Android system BiometricPrompt API. Your fingerprint, face, or iris data is processed entirely within the device's Trusted Execution Environment (TEE)
• No IP addresses — The App does not log or store your IP address

6. Android Permissions

The App requests only the following Android permissions:

We do not request any dangerous or sensitive permissions beyond those listed above. The App does not request access to storage, contacts, camera, microphone, location, phone state, SMS, or any other sensitive Android permission.

7. How We Use Your Data

7.1 Purpose Limitation (DPDP Act Section 4)

Each category of data is processed strictly for the purpose for which it was collected. We do not repurpose your data for secondary uses.

7.2 Phishing Detection (Halonex Vanta)

When you open an email to read it, the App scans the email content for phishing indicators using the Halonex Vanta phishing detection service:

1. URLs and links are extracted from the email body (both HTML href attributes and plain-text URLs).
2. Sender domain is extracted from the sender's email address.
3. Each extracted domain is hashed using SHA-256 before being transmitted.
4. The SHA-256 hashes are sent to https://api.vanta.halonex.app/block/phishing/sha256/{hash} to check against a known phishing database.
5. The API responds with "true" (phishing) or "false" (safe).

Important privacy guarantees:

• Only cryptographic hashes of domains are sent — never raw URLs, email content, or personal data.
• SHA-256 is a one-way function; the original domain cannot be recovered from the hash.
• No email body content, headers, subject lines, or sender/recipient information is transmitted to the API.
• The scan operates on a fail-open model: if the API is unreachable, the email is displayed normally.

8. Data Storage & Encryption

8.1 Local-First Architecture

Halonex Mail uses a local-first architecture — all data displayed in the UI is read from the local encrypted database, never directly from the network. The remote IMAP server is treated as a sync source, not a live data feed.

8.2 Encryption at Rest

All personal data stored on your device is encrypted:

No plaintext personal data is ever written to the device's physical storage. Even with root access, the encrypted data cannot be decrypted without the hardware-backed Keystore keys stored in the device's Trusted Execution Environment (TEE) or StrongBox.

8.3 Encryption in Transit

All network communications are encrypted:

• Protocol: TLS 1.2 and TLS 1.3 only (TLS 1.0 and 1.1 are disabled).
• Cipher Suites: Restricted to strong AEAD ciphers: TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
• Certificate Pinning: The mail server's public key is pinned in the App's network security configuration. Even if a Certificate Authority is compromised or a rogue root certificate is installed, connections will only succeed if the server presents the expected certificate.
• Cleartext Blocked: All cleartext (unencrypted) network traffic is explicitly blocked at the OS level via android:usesCleartextTraffic="false".
• Hostname Verification: Strictly enforced via ssl.checkserveridentity=true on both IMAP and SMTP connections.

8.4 Backup Exclusion

All sensitive data is excluded from Android cloud backup and device-to-device transfer:

• Email database files
• Encrypted SharedPreferences (credentials, security settings, consent data)
• DataStore files
• Email cache files
• All external storage

Your email data, credentials, and security settings will never be uploaded to Google Drive backup or transferred during Android device migration. The android:allowBackup="false" flag is set in the App manifest as an additional safeguard.

9. Additional Security Measures

9.1 Biometric App Lock

When enabled (with your consent), the App requires biometric authentication (fingerprint, face recognition, or iris scan) or device credential (PIN/pattern/password) to unlock after a configurable period of inactivity (default: 5 minutes). This uses Android's BiometricPrompt API with BIOMETRIC_STRONG (Class 3) authentication.

9.2 Screenshot & Screen Recording Protection

By default, the App blocks screenshots, screen recordings, screen sharing, screen casting, and the recent-apps thumbnail via Android's FLAG_SECURE window flag. This prevents sensitive email content from being captured. You can toggle this setting in Security preferences.

9.3 Secure Clipboard Management

• On Android 13+, any text copied from the App is marked as IS_SENSITIVE, hiding it from clipboard previews.
• Clipboard contents are automatically cleared after 60 seconds.
• When the App goes to the background, the clipboard is immediately cleared to prevent data leakage to other apps.

9.4 Secure Logging

• In release builds, all logging is completely disabled — the App produces zero log output. This is enforced both programmatically (via BuildConfig.DEBUG checks in SecureLogger) and at the build level (ProGuard strips all android.util.Log calls).
• In debug builds, sensitive patterns (email addresses, passwords, tokens) are automatically redacted before logging.

9.5 Memory Safety

The App implements a SensitiveString class for handling passwords and tokens. Sensitive data is stored in mutable CharArray objects (not immutable Java String objects) and is explicitly zeroed (overwritten with null characters) immediately after use, preventing extraction via memory dumps.

9.6 Runtime Integrity Verification

At every app launch, the following security checks are performed locally on your device:

If a critical threat is detected (e.g., hooking framework, rooted emulator, repackaged APK), the App will block usage entirely. If a warning-level threat is detected (e.g., rooted device, emulator), a dismissible warning is shown.

Important: These checks are performed entirely on-device. No device security metadata is transmitted to any server.

9.7 Credential Migration Security

If you upgrade from an older version of the App that stored credentials in plaintext, the App automatically migrates them to encrypted storage and then securely wipes the old plaintext files by overwriting them with zeros before deletion.

10. Data Retention & Deletion

10.1 Retention Principles

We follow strict purpose limitation (DPDP Act Section 4) and storage limitation (DPDP Act Section 8 & 9) principles:

10.2 Automatic Data Purging

• On Logout: All locally cached emails, credentials, database contents, cache files, temporary attachments, and DataStore files are securely purged (overwritten and deleted). Only the consent audit log is preserved (required by law).
• On Session Timeout: Temporary data (attachment previews, temp cache) is automatically cleared.
• On Consent Withdrawal: Withdrawing all consent triggers a full data purge identical to the logout flow, executed on the next app launch.
• On Background Sync Consent Withdrawal: Background sync via WorkManager is immediately cancelled.

10.3 "Delete My Data" (Right to Erasure)

You can request complete deletion of all your data at any time via Settings → Privacy & Data → Delete My Data. This action performs 9 steps:

1. Deletes all emails from the local encrypted database.
2. Deletes all folder records.
3. Securely clears all encrypted credentials.
4. Deletes the app cache directory.
5. Deletes legacy email cache files.
6. Deletes temporary attachment files.
7. Securely wipes DataStore files (overwriting with zeros before deletion).
8. Clears all consent data.
9. Logs out and redirects to the onboarding screen.

This process is irreversible and leaves no orphan data on your device.

11. Your Rights as a Data Principal

Under the DPDP Act 2023, you have the following enforceable rights. Halonex Mail provides in-app tools to exercise each right without requiring you to contact us.

11.1 Right to Access (Section 11)

You can view exactly what data the App holds about you at any time via Settings → Privacy & Data. The Data Hub dashboard shows:

• Your account email address
• Number of cached emails, synced folders, and local drafts
• Encrypted database size
• All current consent toggle states
• Consent language and notice version
• Days until next consent re-confirmation

11.2 Right to Correction (Section 12)

You can update your profile information at any time through the App.

11.3 Right to Erasure (Section 12)

You can delete all your data with a single tap via Settings → Privacy & Data → Delete My Data. See Section 10.3 above for the complete deletion process.

11.4 Right to Data Portability

You can export all your local data in structured JSON format via Settings → Privacy & Data → Export My Data. The export includes your email address, cached email/folder/draft counts, all consent toggle states, consent language and notice version, and the full consent audit log. The export is shared via Android's standard share intent.

11.5 Right to Withdraw Consent (Section 6(6))

Withdrawing consent is as easy as giving consent:

• You can toggle individual consent categories on/off at any time via Settings → Privacy & Data.
• Changes take effect instantly — disabling Background Sync immediately cancels the WorkManager job; disabling Push Notifications immediately stops all notifications; disabling Biometric App Lock immediately removes the lock.
• You can withdraw all consent at once via the "Delete My Data" action, which triggers a full data purge.

11.6 Right to Grievance Redressal (Section 13)

If you have any concerns about how your data is processed, contact our Grievance Officer:

• Email: [email protected]
• Response Time: Within 72 hours

If you are unsatisfied with our response, you may file a complaint with the Data Protection Board of India as per Section 27 of the DPDP Act 2023.

12. Consent Framework

12.1 Granular Consent (Section 6, DPDP Act)

Halonex Mail implements a granular, purpose-specific consent model — there is no bundled "I Agree" button. Before any data collection begins, you are presented with individual toggles for each data processing purpose:

No pre-ticked boxes. All optional toggles default to OFF. You must explicitly enable each one.

12.2 Multilingual Consent (Section 6(3) / Rule 3, DPDP Rules 2025)

The consent screen includes a language selector supporting English and all languages of the Eighth Schedule of the Indian Constitution, ensuring consent is presented in a language you understand.

12.3 Periodic Re-Confirmation

To ensure ongoing informed consent, the App requires you to re-confirm your consent choices every 10 days. During re-confirmation:

• Your existing choices are pre-filled for convenience.
• You can modify any toggle before confirming.
• The re-confirmation is logged in the audit trail.

12.4 Consent Versioning

The privacy notice has a version number (currently 1.0.0). When we update the notice, the version is incremented, and you are required to review and re-consent before any new data processing begins.

12.5 Tamper-Proof Audit Trail

Every consent action is logged with:

• Action type (initial consent, update, withdrawal)
• ISO 8601 timestamp (UTC) with millisecond precision
• Privacy notice version in effect
• Specific consent category and new value
• Consent language

The audit log is stored in AES-256-GCM encrypted storage and retains up to 500 entries. This log is available for export via the Data Hub and serves as legal evidence of consent for compliance audits.

13. Third-Party Services

13.1 Mail Server (IMAP/SMTP)

Your email content is stored on the mail server per your institution's agreement with the hosting provider. The App's privacy policy governs only the data processed on your device by the App.

13.2 Halonex Vanta Phishing Detection API

13.3 No Other Third-Party Services

Halonex Mail does not integrate with:

• Google Analytics or Firebase
• Facebook SDK or Meta services
• Any advertising network or ad SDK
• Any crash reporting service (Crashlytics, Sentry, Bugsnag, etc.)
• Any social media SDK
• Any user behavior tracking or analytics platform
• Any cloud storage service (Google Drive, Dropbox, etc.)
• Any push notification service (FCM, OneSignal, etc.) — notifications are powered entirely by local WorkManager sync

14. Data Localization & Cross-Border Transfers

14.1 India-First Data Routing

All network traffic from the App is routed exclusively to India-based servers. The App's network configuration is hardcoded to connect only to the designated mail server infrastructure.

14.2 No International Data Transfers

We do not transfer your personal data outside of India. All email processing, caching, encryption, and storage occurs locally on your device or on the designated India-based mail servers.

14.3 Data Sovereignty Badge

The App displays a verified badge in Security settings: "100% Sovereign Data Routing: All campus communications are encrypted and processed locally within India, strictly adhering to DPDP Act data localization principles."

15. Children's Privacy

Halonex Mail is designed for institutional and corporate use and is not intended for children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected], and we will take steps to delete such data.

16. Notification Privacy

16.1 Consent-Gated Notifications

Push notifications are only sent if you have explicitly enabled the "Push Notifications" consent toggle. Without consent, no notifications are generated regardless of Android permission state.

16.2 Lock Screen Privacy

Email notifications use Android's VISIBILITY_PRIVATE setting. On your lock screen, instead of showing the sender name, subject, or email preview, the notification displays only:

This prevents shoulder-surfing and protects sensitive email content from being visible on your locked device.

16.3 Notification Actions

Notifications include a "Mark as Read" action that processes the request locally and syncs it to the server in the background. Tapping a notification opens the App directly to the relevant email.

17. Offline Functionality & Background Processing

17.1 Foreground Sync

While the App is open, it syncs your inbox every 60 seconds. This sync reads email headers from the IMAP server and writes them to the local encrypted database. The UI observes the database via reactive Flows and updates automatically.

17.2 Background Sync (Consent Required)

If you enable "Background Sync," the App uses Android's WorkManager to sync your inbox approximately every 15 minutes, even when the App is closed. The sync:

1. Replays any pending offline actions (mark as read, move, delete).
2. Fetches new email headers from IMAP.
3. Posts notifications for new unread emails (if notification consent is given).
4. Prefetches full email bodies for instant rendering.

17.3 Offline Mutations

When you perform actions while offline (mark as read, move to folder, delete, star), the action is applied immediately to the local database (optimistic UI) and queued for replay on the next successful server connection.

18. Open-Source Libraries & Dependencies

Halonex Mail uses the following open-source libraries. None of these libraries collect, transmit, or process personal data:

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

1. The "Last Updated" date at the top will be revised.
2. The in-app Privacy Notice version will be incremented.
3. You will be prompted to review and re-consent before any new data processing begins.
4. Material changes will be highlighted in the consent re-confirmation screen.

Your continued use of the App after re-consenting to an updated privacy notice constitutes acceptance of the changes. If you do not consent, you may exercise your Right to Erasure and discontinue use.

20. Governing Law & Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of India, particularly the Digital Personal Data Protection Act, 2023, and the DPDP Rules, 2025.

Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the Data Protection Board of India and the competent courts of India.

21. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:

22. Security Measures Summary

For quick reference, here is a summary of every security measure protecting your data in Halonex Mail for Android: