Privacy Policy

Mortui is built on the principle that your data belongs to you. We've designed our system from the ground up to protect your privacy.

Last updated: February 2026

Our Privacy Principles

Local Storage

All behavioral data remains on your device. Zero cloud storage.

Minimal Collection

Only necessary behavioral metrics for core functionality.

Full Transparency

Clear documentation of what data is collected and how it's used.

User Control

Complete control over data collection and usage.

What Data the App Uses

Important: Mortui (the company) does not collect your data. The Mortui app processes data locally on your device only — it never leaves your phone, never goes to our servers, and is never shared with third parties.

Behavioral Metrics

The Mortui app processes behavioral data locally on your device for the purpose of establishing your baseline patterns and detecting anomalies. This data never leaves your device. This includes:

  • App usage patterns: Aggregate counts of app opens, screen time duration, and interaction frequency (specific app names are hashed, not stored in plain text)
  • Device interaction: Screen unlock frequency, notification interactions, typing activity patterns
  • Physical activity: Step counts and movement patterns from device sensors
  • Circadian data: Typical active hours and sleep patterns based on device usage timing

Configuration Data

Your configured preferences are stored locally on your device only:

  • Action settings: Files to delete, recipients for messages, browser cleanup preferences
  • Authentication data: Hashed PIN, encrypted security questions, biometric enrollment status
  • Email credentials: OAuth tokens or encrypted SMTP passwords for message delivery

What Mortui Does NOT Access

Because all data stays on your device, Mortui (the company) has no access to:

  • Content of your messages, emails, or communications
  • Your browsing history or website content
  • File contents (only paths for deletion are stored)
  • Location data or GPS coordinates
  • Contacts, photos, or personal media
  • Any data sent to third-party analytics services

Data Storage & Security

Your data is yours. Mortui (the company) cannot access it, cannot see it, and cannot share it. Everything stays on your device.

On-Device Only

All data processed by the Mortui app is stored exclusively on your device. Mortui (the company) does not operate cloud servers and cannot access your data. Your behavioral patterns, configuration, and all sensitive information never leave your device except when you explicitly trigger message delivery (and even then, only the message you compose is sent — not your behavioral data).

Encryption

All stored data is encrypted using industry-standard encryption:

  • SQLCipher database encryption (AES-256)
  • Android Keystore for key management
  • Hardware-backed encryption where available

Data Retention

Behavioral data is retained for 90 days to maintain statistical accuracy. Older data is automatically deleted. You can delete all data at any time by uninstalling the application or using the in-app data deletion feature.

Third-Party Services

Email Delivery (Paid Tier)

When you configure email delivery, Mortui may interact with:

  • Gmail API: If you connect your Gmail account via OAuth. Your Gmail credentials are managed by Google; we only store the OAuth token.
  • Microsoft 365: If you connect your Outlook account via OAuth. Same OAuth token storage applies.
  • Custom SMTP: If you configure a custom SMTP server. Your password is encrypted locally.

These services are only contacted when actions are executed. No data is shared with these services during normal operation.

No Analytics Services

The Mortui app does not use Google Analytics, Firebase Analytics, Crashlytics, or any other third-party analytics service. Mortui (the company) cannot track your usage patterns because your data never leaves your device. We do not share any data with advertisers or third parties.

Subscription Management

Subscription purchases are processed through Google Play. Google handles all payment information; we receive only subscription status confirmations, not your payment details.

Your Rights

Access

View all data stored about you through the app's settings.

Export

Export your data in a portable format at any time.

Deletion

Delete all your data instantly through in-app settings or by uninstalling.

Control

Modify what data is collected through granular permission controls.

Regulatory Compliance

GDPR Ready

Mortui's privacy-by-design architecture naturally aligns with GDPR requirements:

  • Data minimization: We only collect necessary data
  • Purpose limitation: Data used only for stated purposes
  • Right to erasure: Easy data deletion available
  • Data portability: Export functionality provided
  • Privacy by design: Built into the architecture

Questions or Concerns?

If you have any questions about this privacy policy or our data practices, please reach out to us.

Contact Support Privacy Questions