PAA Bootcamp — Privacy Policy

Effective date: 2026-05-30
Last updated: 2026-05-30
App: Phone Addict Anonymous Bootcamp / “PAA Bootcamp” (com.AMIRGROUP.paabootcamp)
Developer contact: paa@am3rgroup.com

This page explains what data the PAA Bootcamp Android application (“PAA Bootcamp”, “the app”, “we”, “us”, “our”) processes, where it goes, and the controls you have. The app is designed around the principle that your data stays on your phone unless a third-party service we depend on (Google) needs it to function.

1. Summary in plain English

PAA Bootcamp does not run a server. We have no backend. We do not collect your data, log you, profile you, sell your data, or share it with advertisers ourselves.
Everything you do in the app — step counts, screen-time minutes, your password, your settings, your trivia progress — is stored only on your device. It is not transmitted to us.
Three Google services do receive data on our behalf because the app uses them: Google AdMob (advertising), Google Play Billing (in-app purchases), and Google Health Connect (optional step source).
Cloud backup is disabled — your data is not copied to your Google account and is not synced across devices.
You can stop the app from collecting anything by uninstalling it.

2. Data the app processes locally on your device

The following data is read, computed, and stored only on your device. None of it is transmitted to us.

Data	Source	Why it’s used	Where it lives
Step count	Device step sensor or Google Health Connect	Convert steps to earned screen-time minutes	Device-only Room database + Android SharedPreferences
Foreground app package name	Android Accessibility Service	Block restricted apps when you have not earned enough minutes; protect Settings / Play Store from being used to uninstall the app outside your unlock window	In-memory only, not persisted
App-usage events	`PACKAGE_USAGE_STATS` permission	Same blocking logic as above	In-memory only, not persisted
Your password	You type it during setup	Lock the app’s own settings and uninstall flow	Device-only, hashed with PBKDF2 and a per-install salt (older installs upgraded from SHA-256) in SharedPreferences. The plaintext password never leaves the input field.
Trivia progress	Your gameplay	Track your cumulative trivia grade	Device-only SharedPreferences
Setup time, last-unlock time, last-difficulty-change time	Computed by the app	Enforce the cooldown for changing protected settings	Device-only SharedPreferences
Battery-optimization exemption status	Device	Keep the foreground service alive	Device-only

When you uninstall the app, all of the above is deleted with it.

3. Data shared with third parties

We embed three Google services. Each is governed by Google’s own privacy practices, not ours. We do not have access to the data they collect.

3.1 Google AdMob (advertising)

Purpose: to display banner and rewarded ads in the free version.
What is sent to Google: device advertising ID (AAID), IP address, approximate location derived from IP, ad-interaction events, app identifier, and other signals listed in Google’s privacy policy.
EU/UK/Swiss users: the first time the app shows ads, the Google User Messaging Platform (UMP) shows a consent form covering personalised vs. non-personalised ads under GDPR.
You can reset your advertising ID at any time in Android Settings → Privacy → Ads.
Premium users do not see ads. Ad SDK calls are skipped when the premium gate is satisfied.

3.2 Google Play Billing (in-app purchases)

Purpose: to process in-app purchases (e.g. premium upgrade).
What is sent to Google: purchase tokens, the SKU you purchased, purchase status. Google handles your payment information directly; we never see card numbers, addresses, or your Google account email.
What we keep on the device: a flag indicating whether the premium upgrade is active.

3.3 Google Health Connect (optional step source)

Purpose: if you grant Health Connect permission, the app reads your step count from Health Connect to improve accuracy and include steps recorded by other fitness apps or wearables.
What is sent to Google: nothing additional from us. Health Connect is an on-device data hub; the read happens locally.
Permission is optional. If you do not grant READ_STEPS, the app falls back to the device step sensor (ACTIVITY_RECOGNITION).

We do not embed analytics SDKs (no Firebase Analytics, no Crashlytics, no Facebook SDK, no Amplitude, no Mixpanel). The app does not report crash reports or usage analytics to anyone.

4. Permissions and why each is requested

Permission	Purpose
`ACTIVITY_RECOGNITION` / `HIGH_SAMPLING_RATE_SENSORS`	Read your step count to convert to screen-time minutes.
`health.READ_STEPS` (Health Connect)	Optional alternative step source.
`FOREGROUND_SERVICE`, `FOREGROUND_SERVICE_HEALTH`, `WAKE_LOCK`	Keep the step-counting and app-blocking service running while the app is in the background.
`RECEIVE_BOOT_COMPLETED`	Restart the protection service after a reboot.
`REQUEST_IGNORE_BATTERY_OPTIMIZATIONS`	Ask Android not to kill the foreground service to save battery. Granting is optional but the app may not function reliably without it.
`POST_NOTIFICATIONS`	Show the persistent foreground-service notification and earned-minute alerts.
Accessibility Service	Detect which app is in the foreground so we can block it when you are out of minutes, and prevent uninstall through Settings outside your unlock window. The accessibility service does not read text input, navigate other apps, or send any data off-device.
`PACKAGE_USAGE_STATS`	Same purpose as the accessibility service: identify which app is in the foreground.
`SYSTEM_ALERT_WINDOW`	Render the lock-overlay screen on top of blocked apps.
`QUERY_ALL_PACKAGES`	Read the list of installed apps so you can pick which apps to restrict.
Device Admin	Prevent uninstall of the app outside your unlock window — the core anti-bypass mechanism.
`INTERNET` / `ACCESS_NETWORK_STATE`	Required by Google AdMob and Google Play Billing. The app’s own logic does not make network calls.
`VIBRATE`	Haptic feedback in the UI.

5. Children’s privacy

PAA Bootcamp is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. Ad requests are tagged as family-safe (rated G). If a parent or guardian believes their child under 13 has used the app, they can simply uninstall it; no server-side deletion request is needed because no data has been transmitted to us.

6. Data retention and deletion

Because all your data lives on your device:

To delete individual data: Settings → Apps → PAA Bootcamp → Storage → Clear data.
To delete everything: uninstall the app. The device-admin lock may require unlock through the in-app password before uninstall is allowed; this is by design (the app’s purpose is to make uninstalling hard for yourself).

We do not retain any backups of your data because we never received it, and cloud backup is disabled in the app.

7. Security

Your password is stored as a PBKDF2 hash with a per-install salt, not plaintext.
All sensitive operations (Settings unlock, password change, app uninstall) are gated behind your password.
The app uses HTTPS for the only outbound connections, which are made by Google’s AdMob and Play Billing SDKs.

No system is perfectly secure. If you discover a security issue, please email paa@am3rgroup.com.

8. Your choices

Disable ads: purchase the premium upgrade.
Reset your ad identifier: Android Settings → Privacy → Ads → Reset advertising ID.
Revoke step access: Android Settings → Apps → PAA Bootcamp → Permissions → Physical activity / Health Connect.
Stop everything: uninstall the app (the in-app unlock window is required to bypass the device-admin lock; this is documented in the app).

9. International users

The app is the same everywhere. The third-party services we embed (AdMob, Play Billing, Health Connect) operate Google’s regional compliance themselves (GDPR in the EU/UK, CCPA in California, etc.). The GDPR consent form for personalised vs. non-personalised ads is shown via Google’s UMP SDK on first launch in regulated regions.

10. Changes to this policy

If we change this policy, we will update the “Last updated” date at the top of this page and bump the app’s version. Material changes will be called out in the Play Store release notes. Continuing to use the app after the change constitutes acceptance.

11. Contact

If you have any questions about this policy or about the data the app processes, email paa@am3rgroup.com.