Last Updated: June 13, 2026
Intrepid (“we,” “our,” or “us”) is committed to protecting the privacy of our users (“user,” “you,” or “your”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website intrepidtech.net, use our mobile applications (the “Apps”), or use our browser extensions (the “Extensions”) available on the Apple App Store, Google Play Store, and Chrome Web Store.
This Privacy Policy applies to our entire portfolio of applications and extensions, including our Free, Paid, Educational, Financial/Productivity tools (AuraSpend), Utility tools (InboxSync), and Security/Authentication tools (Aegis Auth). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Apps or Extensions.
1. Information We Collect
We strive to minimize data collection across all our apps and extensions. Depending on the type of application or extension you are using, the following data practices apply:
A. Financial and Sensitive Data (AuraSpend)
For applications designed to track finances, specifically AuraSpend:
- Local Storage: All sensitive entries (income, expenses, notes) are stored locally on your device.
- No Server Data: AuraSpend does not store user financial data on external servers.
- Optional Authentication: Use of AuraSpend does not require account registration. Core functionality and In-App Purchases are available without an account. Users may choose to remain entirely anonymous.
B. SMS and Communication Data (InboxSync)
For users of InboxSync, we access sensitive communication data to provide archival services:
- SMS Messages: We read SMS content, sender numbers, and timestamps to archive them to your Gmail account. We do not store the actual content of your messages; we only store encrypted SHA-256 hashes for deduplication.
- Contacts: If permission is granted, we access contacts to resolve phone numbers to names in-memory. This data is never stored on disk.
- Google Account: We use the Google Sign-In SDK to manage OAuth 2.0 tokens for Gmail API access. We store only your email address for UI display.
C. Device Permissions & Sensory Data (AuraSpend)
To enable “Smart Entry” and “Spatial Intelligence” in AuraSpend, we require:
- Location (Approximate & Precise): Used locally to categorize spending based on merchant location history.
- Microphone (Audio): Used for real-time voice logging. Audio is processed ephemerally to generate text transcripts and is not recorded or saved.
- Camera & Photos: Used to extract transaction details from receipts via local/ephemeral scanning.
D. Personal & Device Data (General)
- Support: We only collect information you voluntarily provide (e.g., email address) when you contact
dev@intrepidtech.net. - Registration & Purchases: Account registration is strictly optional and not required to access content or features that are not specifically account-based. In-App Purchases are tied to your Apple ID or Google Play Account.
- Device Info: We may collect device model, OS version, and anonymous crash logs (via Firebase) to ensure app stability.
E. Security and Authentication Data (Aegis Auth)
For users of the Aegis Auth browser extension:
- Local Storage: All credentials (2FA/TOTP keys, accounts, metadata) are stored in an encrypted format locally on your device using the
chrome.storage.localAPI. No server databases are maintained by us. - Zero-Trust Architecture: We never transmit your secrets, 2FA codes, or backup files off your device. All encryption keys are derived on your local device (using PBKDF2 for PINs or WebAuthn PRF for Passkeys) and never leave your machine.
- No Telemetry: Aegis Auth does not collect usage metrics, analytics, or crash logs.
2. How We Use Your Information
We use the collected information strictly to:
- Provide core App and Extension functionality (e.g., generating 2FA codes, local QR code scanning, archiving SMS, tracking budgets).
- Facilitate secure data transmission to your own Gmail account (InboxSync).
- Detect and fix technical issues.
- Comply with legal and regulatory obligations.
3. Children’s Privacy (Educational Apps)
This section applies to our Educational Apps (e.g., Daily Vocab).
Daily Vocab Specific Disclosure
Daily Vocab does not collect, store, or share any personal information. All app data is stored locally on your device and can be cleared at any time by clearing the app’s storage or history.
- Strict Compliance: We strictly adhere to COPPA and the Google Play Families Policy.
- No Personal Data: We do not knowingly solicit or collect data from children under 13.
- Family-Safe Ads: If ads are present, we use only Google-certified ad networks with personalized advertising disabled.
4. Third-Party Services & AI Processing
We do not sell your data. We use trusted services for infrastructure:
- Google Play / App Store Services: For security, core functionality, and payment processing.
- Gmail API: For InboxSync, data is sent directly from your device to your personal Gmail account.
- Google Analytics for Firebase: For anonymous usage analysis.
- Third-Party AI (AuraSpend): For features incorporating AI (such as receipt scanning and voice entry), we utilize Google Gemini API via Google Cloud Vertex AI (a paid, enterprise-tier service).
- Data Sent: We transmit only the specific data required to process your request, such as voice transcripts, user-inputted text, and images of receipts.
- Data Privacy: Google does not use this data to train its models.
- Equal Protection: We confirm that Google, as a third-party processor, provides data protection and security standards that are equal to or greater than those described in this policy.
- Permission: User permission is obtained within the app prior to the first transmission of data to the AI service.
5. Data Retention and Deletion
- Retention: We retain personal data only as long as necessary.
- Deletion: Users can uninstall our apps to delete all local data.
Specific App Deletion Instructions
- AuraSpend: Users can delete all transaction history and settings at any time by going to Aura Preferences and tapping the ‘Hard Reset: Erase All Data’ button.
- InboxSync: Users can sign out from the app or revoke access via myaccount.google.com/permissions.
- Aegis Auth: Users can delete all stored accounts, settings, and encryption keys by uninstalling the extension from their browser, or by using the Purge Vault button inside the settings dashboard.
6. Security
We implement rigorous technical security measures (HTTPS, AES-256 encryption, Android Keystore, local Web Crypto API) to protect your data during transmission and local storage.
7. Changes to This Policy
We may update this Privacy Policy. We will notify you by updating the “Last Updated” date at the top of this page.
URL: https://dev.intrepidtech.net/privacy-policy
8. Contact Us
Intrepid
- Email: dev@intrepidtech.net
- Website: https://www.intrepidtech.net