Last updated: 2026-07-14

Privacy Policy

This is a plain description of what ENCLAY actually does with data, written to be checked against the source code, not marketing copy written to sound reassuring. If something below turns out to not match how the app behaves, that's a bug in the app or in this page, and either way it's worth reporting.

Summary

The short version.

ISThe block/allow decision for every connection is made entirely on-device, against a local copy of the threat index. No connection history, no list of installed apps, no identifying information is ever sent to ENCLAY or anyone else.
IS NOTA cloud-connected security product. There is no account, no server-side dashboard, and no telemetry SDK (analytics, crash reporting, or advertising) of any kind built in.
ISMaking a small number of specific, feature-driven network requests, listed in full below, each one clearly tied to a feature you can see in the app.
IS NOTCollecting data for any purpose beyond making that specific feature work in the moment it runs.
Network requests

Every request ENCLAY itself makes, and why.

This is exhaustive as of this page's last-updated date above. If a future version of the app adds a new network request, this page should be updated in the same change.

Threat feed sync (every 8 hours, always on)

Downloads the merged threat index (IPs, domains, TLS fingerprints) from ENCLAY's own update server. This is a plain file download -- no user data, device identifier, or app list is sent as part of it, beyond what any HTTP request inherently carries (your IP address, as with any internet connection).

Domain age lookup (RDAP)

When you view a connection's detail sheet, the domain you're looking at is sent to the relevant public RDAP registry to check its registration date. Only runs for a domain you're already actively looking at in the app.

Reverse DNS / hosting classification

A standard PTR lookup against the destination IP you're already connected to, to label whose infrastructure it's on. No different in kind from what any device on the internet already does to resolve a connection.

JARM active fingerprinting (opt-in, off by default)

Sends ten extra TLS handshakes directly to a destination IP your device already connected to, to identify the server software by its fingerprint. Never contacts a new destination you haven't already reached on your own.

DNS enrichment (opt-in, off by default)

Resolves the real IP of a domain your device already tried to reach and had blocked, purely so the app can display it. The domain was already in your own connection history before this runs.

On-device storage

What's kept, for how long, and why.

Connection history

Kept for 90 days, or the newest 500,000 connections, whichever is smaller -- pruned automatically. Never leaves the device unless you tap an explicit export/share button yourself.

Installed-app list

Read on-device to attribute connections to the right app and to check for known stalkerware packages. Never transmitted anywhere; not even written to a log.

Crash logs

If ENCLAY crashes, a local text file with the stack trace is saved to the device only. Nothing is sent automatically -- exporting it is a manual action from Settings, entirely your choice.

Your own rules

Blocked/allowed apps, hosts, and countries you've configured. Stored on-device only, same as everything above.

Permissions

Why each one is needed.

VPN service

The mechanism the firewall runs on. Android requires explicit one-time consent for this, shown by the system, not ENCLAY.

Query all packages

Needed to attribute a connection's uid to the app that made it, and to check installed apps against the known-stalkerware list. Android 11+ hides this information from every app by default unless requested explicitly.

Notifications

Used only for the mandatory persistent "protection is on" notice, and (only if you opt in) the USB HID lockdown alert. Requested at the point one of those actually applies, not at install.

Battery optimization exemption

Optional, prompted from a dashboard banner. Keeps the periodic threat-feed refresh and background maintenance running reliably; declining it doesn't disable anything, it just means Android may delay those jobs.

Questions

If anything here is unclear or looks wrong.

This page is meant to be checked against what the app actually does, not taken on faith. The source for both the app and this page is available for review.