Privacy Policy

Last updated: June 10, 2026

TL;DR: The TrueTo Android app is anonymous by default. The free tier has no user accounts and does not collect your name, email, contacts, location, or browsing activity — to keep its automation working and safe, it sends one anonymous app-installation identifier to Google Firebase to download configuration, and if the app crashes it sends an automatic crash report (with no screen content or personal content) to Google's Crashlytics service. Premium adds an optional account: if you create one, the TrueTo authentication service (Google Cloud, United States) stores your email, passkey, subscription status and tier, and the state of the settings you've scanned, synced across the devices you sign in on. It never stores a list of your apps, usage analytics, or your on-screen content. Subscriptions are billed through Google Play Billing. This website uses Cloudflare Web Analytics for aggregate traffic measurement.

Data Controller

TrueTo ("TrueTo", "we", "our", "the app") is provided by an independent developer. For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), we act as the data controller for the limited data described in this policy.

Contact: privacy@trueto.app

Overview

TrueTo is an Android app that navigates into other apps to check and change their accessibility-related settings (with additional support for categories like privacy, data, and battery). Users tap a specific action card, and TrueTo navigates to the relevant setting and checks or changes it on their behalf.

This policy explains how we handle information when you use our app. We have written it to be specific and accurate rather than reassuring — if the app collects something, this policy says so.

TrueTo is anonymous by default. Everything in the free tier works without an account. Premium adds an optional account so your subscription and your scan results follow you across devices — the free tier stays anonymous. Creating an account is the one clearly-labeled exception to the no-data posture, and the section If you create an account (optional) below describes exactly what it stores.

Information We Collect

The free tier has no user accounts and does not ask for or collect your name, email address, phone number, or any other contact or identity information.

For anonymous (free-tier) use, the app collects one identifier: a Firebase Installation ID. If the app crashes, it also sends an automatic crash report (see Crash Reporting below).

What the Firebase Installation ID is

The Firebase Installation ID is a random identifier that is automatically generated for each installation of the app. It is not your name, email, phone number, or Google account, and it is not an advertising identifier. On its own it cannot identify you as a person, and unless you create an account it is not linked to any profile.

Why the app needs it

To work correctly, TrueTo needs an up-to-date set of automation instructions — the steps it follows to find and change a setting inside another app. Those steps can break when a target app updates its screens, and a faulty step can be turned off remotely so it does not misbehave on your device. TrueTo therefore downloads its configuration from Google Firebase (Firebase Remote Config and Firebase Cloud Storage). The Firebase software requires the Firebase Installation ID to request this configuration. The identifier is sent to Google Firebase over an encrypted (HTTPS/TLS) connection.

If you create an account (optional)

Premium adds an optional account so your subscription and your scan results follow you across devices — the free tier stays anonymous. If you choose to create one, the TrueTo authentication service — hosted on Google Cloud in the United States (Identity Platform, Firestore, and Cloud Run in the us-central1 region) — stores the following, and nothing more:

  • Email address — your account identity and how you sign in. Sign-in is passwordless: we email you a magic link rather than asking for a password.
  • Passkey credential — the public key and a device hint used for passkey sign-in. This is not a password, and the private key never leaves your device.
  • Subscription status and tier — whether Premium is active and which tier, so your subscription follows your account rather than a single device.
  • Your scan results and decisions, synced across your devices. A scan result stores the state or value of a privacy or accessibility setting — a toggle state, or a bounded setting-option label — not personal content. A decision is your keep-or-ignore choice for a given setting. Both sync across the devices you are signed in on, and deleting them on one signed-in device deletes them on all of your devices.

That is the complete list for signed-in users, on top of the anonymous Firebase Installation ID described above (which is present whether or not you have an account). The account does not store a list of the apps you have installed, any behavioral or usage analytics, or the optional free-text reason you can attach to a decision — that note stays on your device and is never synced.

What TrueTo does NOT collect

Whether or not you create an account, TrueTo does not collect:

  • Your name, phone number, or any contact information beyond the account email you choose to provide
  • Your precise or approximate location
  • Your messages, emails, photos, files, contacts, or calendar
  • Your browsing history, which apps you use, or a list of the apps you have installed
  • Behavioral or usage analytics
  • The contents of the screens TrueTo navigates, or the free-text reason you can attach to a decision (that stays on your device)
  • Any advertising identifier

This collection is also disclosed in the Data safety section of TrueTo's Google Play store listing, under "Device or other IDs" (and, for accounts, "Personal info").

Accessibility Service Usage

TrueTo uses Android's Accessibility Service to navigate into apps and change settings on your behalf. Specifically, the service:

  • Navigates directly to buried settings screens (reducing multiple taps to one tap)
  • Reads UI elements to find the correct settings toggle
  • Performs click actions to change settings

The Accessibility Service does not transmit anything off your device. For anonymous use, the only data the app sends off-device is the Firebase Installation ID described above and automatic crash reports (see Crash Reporting) — both sent by the Firebase software, not by the Accessibility Service. If you create an account, the app also syncs your account basics, scan results, and decisions to the TrueTo authentication service as described above — but never the contents of the screens it navigates.

Scope Limitation

The Accessibility Service is limited to the apps listed in TrueTo's supported app list (currently Spotify, Chrome, and Android Settings — enforced at the OS level by Android's packageNames restriction). The full list of supported apps is visible within the app. The service does not interact with any app outside this list.

What We Do NOT Access

The Accessibility Service:

  • Does NOT read your messages, emails, or personal content
  • Does NOT access passwords or account information
  • Does NOT monitor your browsing or app usage
  • Does NOT perform any actions in the background
  • Only activates when you explicitly tap a "Check" or "Fix" action

User Control

You remain in full control:

  • The app shows you exactly what it will do before you tap
  • Each action requires your explicit tap to execute
  • You can revoke the Accessibility Service permission at any time in Android Settings
  • No actions run automatically or in the background
  • Accounts are optional — you can use TrueTo anonymously, and you can delete your account in-app at any time (see Your Rights)

Debug Reports

If something goes wrong, TrueTo can offer to send a debug report so we can investigate. A debug report is only created and sent when you explicitly choose to send one — it never uploads on its own. The report includes a screenshot of the screen where the problem occurred, the on-screen accessibility layout, app logs, and the scan results from that session, so it can contain personal content that happened to be on screen at the time. It is uploaded over an encrypted (HTTPS/TLS) connection to a TrueTo support server and stored in Google Cloud Storage (United States), used solely to diagnose and fix the issue you reported. If you do not send a report, none of this leaves your device.

Crash Reporting

TrueTo uses Google's Firebase Crashlytics to collect automatic crash reports. If the app crashes, a report containing the stack trace, relevant app state, device model, OS version, and app version is sent over an encrypted (HTTPS/TLS) connection to Google's Crashlytics service, where we use it to diagnose and fix the crash. Crash reports also carry an anonymous Crashlytics installation identifier used only to count how many users a crash affects — per Google, it does not uniquely identify you or your device.

Crash reports contain no screen content, no personal content, and no account information, and they are not linked to your account if you have one. Crash reporting is currently not user-configurable in the app; a control for it is planned alongside TrueTo's upcoming consent settings.

Subscription Billing

TrueTo offers an optional paid subscription. Payment is processed by Google Play Billing, which is built into the Google Play Store on your device.

What Google Play handles

Google Play handles the entire transaction. It collects and stores your payment information (credit card, billing address, etc.) under its own privacy policy. TrueTo never sees, stores, or transmits your payment details.

What TrueTo sees

When you subscribe, TrueTo reads the following from Google Play Billing on your device:

  • Product ID: the subscription you purchased
  • Subscription state: active, in free trial, expired, paused, on hold, or canceled

No name, email, payment method, billing address, or other identifying information is visible to TrueTo. For anonymous use, subscription state is read at runtime from Google Play Billing on your device and is not stored anywhere else. If you have a TrueTo account, your subscription status and tier are also stored with your account (on the TrueTo authentication service described above) so that Premium follows you across the devices you sign in on, rather than living on a single device. Uninstalling the app removes any local copy from the device; your subscription itself is managed in Google Play (see Terms of Service for cancellation and refund details), and your account-side subscription record is removed when you delete your account.

Legal Basis for Processing

For users in the European Economic Area and the United Kingdom, our legal basis under the GDPR for processing the Firebase Installation ID is legitimate interest (Article 6(1)(f)): delivering up-to-date automation configuration, and being able to remotely disable a faulty automation step so the app behaves safely and reliably on your device. The data involved is a single anonymous identifier; we do not build profiles, target advertising, or track behavior.

If you create an account, we process your account data — your email, passkey credential, subscription status and tier, and your synced scan results and decisions — to provide the Premium features you signed up for. Our legal basis is performance of a contract (Article 6(1)(b)): you create the account voluntarily, and we need this data to authenticate you, deliver your subscription across devices, and sync your scan results. You can withdraw at any time by deleting your account.

Subscription product ID and subscription state read from Google Play Billing on your device are non-personal operational data.

Data Sharing with Third Parties

We do not sell your data, and we do not share it for advertising.

The Firebase Installation ID is processed by Google through Firebase Remote Config and Firebase Cloud Storage. Google acts as our service provider (data processor) for the purpose of delivering app configuration, and processes this data under the Firebase Data Processing and Security Terms and Google's privacy policy.

If you create an account, your account data (email, passkey credential, subscription status and tier, and synced scan results and decisions) is stored and processed on Google Cloud in the United States — using Google Cloud Identity Platform, Firestore, and Cloud Run — which acts as our service provider (data processor) under the same Google data-processing terms linked above. Debug reports you choose to send are received by a TrueTo support server on Google Cloud and stored in Google Cloud Storage (United States).

Beyond Google (for Firebase configuration delivery, crash reporting, account and authentication services, debug-report intake, and Google Play Billing), TrueTo:

  • Uses no advertising networks or advertising SDKs
  • Runs no behavioral or usage analytics inside the app
  • Sends crash and diagnostic data to no one other than Google's Crashlytics service, as automatic crash reports (see Crash Reporting above)
  • Uses no social media integrations
  • Stores no list of your installed apps, and no on-screen content beyond a debug report you explicitly choose to send

Data Retention

For anonymous use, the Firebase Installation ID exists on your device only while the app is installed; uninstalling the app removes it. The identifier is processed on Google's infrastructure under the Firebase terms linked above. TrueTo holds no other personal data for anonymous users.

If you create an account, your account data (email, passkey credential, subscription status and tier, and synced scan results and decisions) is retained on the TrueTo authentication service (Google Cloud, United States) until you delete your account. Deleting your account removes that data from the service and across all of your signed-in devices. Debug reports you choose to send are retained only as long as needed to diagnose and resolve the issue.

For step-by-step instructions on removing your data, see How to Delete Your Data.

Data Security

TrueTo protects your privacy through technical design:

  • Anonymous by default: The free tier collects a single anonymous installation identifier and nothing else; accounts are opt-in
  • Encrypted in transit: All communication with Google Firebase, Google Cloud, and Google Play services uses encrypted (HTTPS/TLS) connections
  • Account data scope: If you create an account, it holds only your email, passkey credential, subscription status and tier, and synced setting-scan states and decisions — never an app inventory, analytics, or on-screen content
  • Passwordless sign-in: Authentication uses magic-link email and passkeys; we never store a password
  • Limited accessibility scope: The Accessibility Service only interacts with apps listed in TrueTo's supported app list
  • User-initiated only: All settings actions require explicit user interaction; nothing runs in the background

Marketing Website Analytics

The TrueTo marketing website (trueto.app) uses Cloudflare Web Analytics to measure aggregate website traffic.

What Cloudflare Web Analytics collects:

  • Page URLs visited and referrer sources (including UTM campaign parameters)
  • Approximate geographic location (country/region level)
  • Browser type and operating system
  • Device type (desktop/mobile)

Cloudflare Web Analytics does not use cookies or store personal data. IP addresses are not logged. Data is processed by Cloudflare, Inc. For more details, see Cloudflare's privacy policy.

The Android app does not use this analytics setup. The visitor data described here applies only to the trueto.app website, not to the app on your device.

How to Delete Your Data

For anonymous use, the only data the app collects is an anonymous installation identifier, so the most direct way to delete it is to uninstall the app, which removes the Firebase Installation ID from your device. You can also clear the app's storage. If you have an account, you can delete it in-app, which erases your account data across all of your devices. Full step-by-step instructions, and a description of exactly what is deleted and what is kept, are on the How to Delete Your Data page.

Your Rights Under GDPR

If you are in the European Economic Area or the United Kingdom, you have rights over your personal data, including the rights of access, rectification, erasure, restriction, data portability, and objection.

If you have an account, you can exercise these rights directly. You can delete your account in-app, which erases your email, passkey credential, subscription link and tier, and all synced scan results and decisions across every device you are signed in on. You can also use "Download my data" in the app to export your account data. Because account data is linked to the email you provided, we can identify and act on it on request at privacy@trueto.app.

For anonymous (free-tier) use, TrueTo collects only a single anonymous installation identifier and holds no name, email, or account, so we cannot link that identifier to a specific person or look it up on request. In practice, the most reliable way to exercise your right to erasure is to delete your data by uninstalling the app or clearing its storage. If you have any question about your rights, contact us at privacy@trueto.app and we will help to the extent the data allows.

Supervisory Authority

If you are located in the European Economic Area and believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at: European Data Protection Board - Members

Children's Privacy

TrueTo is not directed to children. The free tier has no accounts and collects no name, email, contacts, or other information that could identify a user of any age; the single installation identifier it collects is anonymous and is not used to profile or track anyone. Optional accounts require an email address and are intended for adults — they are not directed to or intended for children under 13 (COPPA) or under 16 (GDPR).

International Data Transfers

The Firebase Installation ID is processed by Google, which operates data centers in multiple countries. Your data may therefore be processed outside your country of residence. Google applies safeguards for international transfers as described in the Firebase Data Processing and Security Terms and Google's privacy policy. Subscription transactions are handled entirely by Google Play under the same framework.

If you create an account, your account data is stored and processed in the United States on Google Cloud (Identity Platform, Firestore, and Cloud Run in the us-central1 region). If you are located outside the United States and create an account, your account data will be transferred to and processed in the United States; Google applies the international-transfer safeguards described in the Google terms linked above.

Changes to This Policy

We may update this policy from time to time. Updates will be posted at this URL with a new "Last updated" date.

Contact

Questions about this privacy policy? Contact us at privacy@trueto.app