Privacy Policy
Last updated: March 5, 2026
This Privacy Policy applies to Avalw Shield for macOS and Windows ("the App"), developed and published by Avalw SRL ("Avalw", "we", "us", "our"), a company registered in Romania.
At Avalw, your privacy is not just a feature — it is the foundation of everything we build. This Privacy Policy describes in detail how Avalw Shield collects, uses, stores, and protects your information across all supported platforms.
Avalw Shield processes all data 100% on your device. No camera footage, face data, biometric information, or personal data is ever sent to our servers or any third party. This applies to both the macOS and Windows versions of the App.
1. Definitions
For the purposes of this Privacy Policy:
- "Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable data protection laws including the GDPR.
- "Biometric Data" means data resulting from specific technical processing relating to the physical characteristics of a natural person, including facial geometry and recognition data.
- "Processing" means any operation performed on data, whether automated or not, such as collection, recording, storage, adaptation, retrieval, use, disclosure, or erasure.
- "Device" means the Mac or Windows computer on which the App is installed.
- "Face Embedding" means a mathematical vector representation derived from facial features, used solely for recognition purposes.
2. Data Controller
The data controller for any information processing associated with the App is:
Avalw SRL
Romania
Email: office@avalw.com
Website: shield.avalw.ai
Main website: avalw.ai
However, because Avalw Shield processes all data exclusively on your device and transmits no data to Avalw or any third party, Avalw does not act as a data controller in the traditional sense under the GDPR. You, the user, maintain full and exclusive control over all data processed by the App.
3. Data We Collect
We collect no personal data whatsoever. Avalw Shield does not collect, store, transmit, or share any personal information, biometric data, usage data, device identifiers, IP addresses, location data, or telemetry of any kind.
3.1 Data NOT Collected
To be explicit, the following data is never collected, stored on our servers, or transmitted:
| Data Type | Collected? |
|---|---|
| Name, email, phone number | No |
| Camera images or video | No |
| Face embeddings or biometric data | No (stored locally only) |
| Device identifiers (UDID, serial number) | No |
| IP address | No |
| Location data | No |
| Usage analytics or telemetry | No |
| Crash reports | No |
| Browsing or app usage history | No |
| Advertising identifiers | No |
| Keystroke or input data | No |
| Screen content or screenshots | No |
4. Camera Data
Avalw Shield requires access to your device's camera (built-in or external) to provide face detection, face recognition, and shoulder detection features. Camera data is handled with the following strict safeguards:
- Real-time processing only: Camera frames are processed in volatile memory (RAM) and immediately discarded after each processing cycle. No frames are ever written to disk, saved to a file, or stored in any persistent format.
- Zero retention policy: On macOS, each frame is processed within an autoreleasepool that guarantees immediate memory deallocation. On Windows, equivalent memory management ensures no camera data persists between processing cycles.
- No recording or capture: The App never records video, captures screenshots, creates image files, or stores camera footage in any format (JPEG, PNG, HEIC, MP4, or otherwise).
- No transmission: Camera data is never sent over any network interface — not to Avalw servers, not to Apple or Microsoft servers, not to any third party, and not to any local network device.
- No display: The camera feed is never rendered on screen. Unlike video conferencing apps, the App processes camera data entirely in the background without displaying it.
- Hardware LED indicator: On Mac, the hardware-controlled camera LED is active whenever the camera is in use and cannot be disabled by software. This provides a visible, tamper-proof indicator of camera activity.
5. Face Recognition Data
During the enrollment process, Avalw Shield creates mathematical representations (embeddings) of your facial features. These embeddings are numerical vectors used solely for face matching and cannot be used to reconstruct, generate, or approximate an image of your face.
5.1 Storage
- macOS: Face embeddings are stored exclusively in the macOS Keychain, which provides hardware-backed encryption using the Secure Enclave (on supported Mac models) or software encryption.
- Windows: Face embeddings are stored in the Windows Credential Manager with encryption provided by the Data Protection API (DPAPI), tied to your Windows user account.
5.2 Properties of Face Embeddings
- Non-reversible: It is mathematically infeasible to reconstruct a face image from the stored embedding vectors.
- Non-transferable: Embeddings are encrypted and tied to your device's keychain/credential store. They cannot be exported, copied, or transferred to another device.
- Never transmitted: Face embeddings never leave your device — not to Avalw, not to Apple, not to Microsoft, not to any third party.
- User-deletable: You can delete all enrolled face data at any time from the App's Settings. Deletion is immediate and irreversible.
5.3 Adaptive Enrollment
Avalw Shield may update stored face embeddings over time as it recognizes you successfully (adaptive enrollment). This process occurs entirely on-device, uses the same secure storage, and is subject to the same privacy protections described above. Adaptive enrollment helps the App adapt to changes in your appearance such as new glasses, hairstyles, or lighting conditions.
6. On-Device Processing
All face detection, recognition, matching, and shoulder detection is performed entirely on your device using proprietary AI models bundled with the App. No cloud-based AI, no remote API calls, and no server-side processing is involved at any point. The App functions fully without an internet connection.
7. Network Usage
Avalw Shield makes zero network connections for its core functionality. The only network activity occurs for:
- In-App Purchases (macOS): Processing subscriptions and purchases through Apple's StoreKit framework. All payment processing is handled entirely by Apple. Avalw never sees, processes, or stores your payment information, Apple ID, or transaction details.
- In-App Purchases (Windows): Processing subscriptions and purchases through the Microsoft Store commerce platform. All payment processing is handled entirely by Microsoft. Avalw never sees, processes, or stores your payment information or Microsoft account details.
No other network connections are made. The App does not connect to Avalw servers, analytics services, CDNs, advertising networks, or any other remote service. You can verify this using network monitoring tools such as Activity Monitor (macOS), Little Snitch, Lulu, or Wireshark.
8. Third-Party Services and SDKs
Avalw Shield does not integrate, bundle, or communicate with any third-party services, including but not limited to:
- Analytics platforms (Google Analytics, Mixpanel, Amplitude, etc.)
- Crash reporting services (Crashlytics, Sentry, Bugsnag, etc.)
- Advertising networks or demand-side platforms
- Attribution or tracking SDKs
- Social media SDKs
- Cloud storage providers (AWS, Google Cloud, Azure, etc.)
- Remote configuration services (Firebase Remote Config, LaunchDarkly, etc.)
The only external frameworks used are Apple's StoreKit (macOS) and Microsoft Store APIs (Windows) for processing in-app purchases.
9. Data Sharing and Disclosure
We do not sell, rent, lease, trade, license, or share any data with any third party. Because we collect no data, there is no data to share. Specifically:
- We do not sell personal information to data brokers or advertisers.
- We do not share data with business partners, affiliates, or parent companies.
- We do not provide data to government agencies or law enforcement (as we have no data to provide).
- We do not use data for profiling, targeted advertising, or behavioral analysis.
Law enforcement disclosure: In the event Avalw receives a lawful request from a government authority for user data, we would be unable to comply because we do not possess, store, or have access to any user data. We would challenge any such request and notify affected users to the extent permitted by law.
10. Cookies and Tracking
Avalw Shield does not use cookies, web beacons, pixel tags, local storage, or any other tracking technologies. The App does not track your behavior, usage patterns, or interactions in any way.
11. Children's Privacy
Avalw Shield does not knowingly collect, store, or process data from children under 13 (or under 16 in jurisdictions where the GDPR applies). The App does not collect data from users of any age. Face recognition accuracy may be reduced for users under 13 as facial features are still developing. If you believe a child has provided personal information to Avalw (though this should not be possible given our architecture), contact us immediately at office@avalw.com.
12. Data Security
Although we collect no data on our servers, we implement comprehensive security measures to protect the data processed locally on your device:
12.1 Encryption
- Face embeddings encrypted in macOS Keychain with hardware-backed protection (Secure Enclave where available)
- Face embeddings encrypted via Windows DPAPI tied to user credentials
- All local data at rest is encrypted using platform-native encryption
12.2 Memory Security
- Zero camera data retention — immediate memory cleanup after each processing cycle
- Autoreleasepool-based memory management on macOS prevents data lingering in RAM
- No temporary files, caches, or swap files containing camera data
12.3 Application Security
- Software integrity verification (code signature validation) to detect tampering
- Code signing through Apple's Developer Program (macOS) and Microsoft's code signing (Windows)
- App Sandbox isolation on macOS limits access to system resources
- Screen capture protection — App windows are protected against screenshots and screen recording by third parties
- Anti-spoofing measures including liveness detection (eye-open verification)
- Lockout mechanism after 5 failed face recognition attempts, requiring system password
12.4 Distribution Security
- Distributed exclusively through the Apple App Store and Microsoft Store
- Both stores perform security reviews before publishing updates
- Binary integrity verified through platform code signing
13. Your Rights
Since Avalw does not collect personal data on any server, traditional data subject rights (access, rectification, portability, restriction) do not apply in the conventional sense. However, you retain full control over all data on your device:
13.1 Right to Delete
- Delete your enrolled face data at any time from the App's Settings
- Uninstall the App to remove all associated local data
13.2 Right to Restrict Processing
- Revoke camera permission at any time through System Settings (macOS) or Windows Settings
- Disable the App at any time — no residual processing occurs when the App is disabled
13.3 Right to Information
- This Privacy Policy provides complete transparency about all data practices
- The App provides a "Security & Trust" section where you can verify all claims
- You can independently verify our privacy claims using network monitoring tools
13.4 Right to Object
- You may stop using the App at any time by disabling or uninstalling it
- No data persists after uninstallation beyond what is managed by the OS keychain
14. International Data Transfers
Avalw Shield does not transfer any data internationally because it does not transfer any data at all. All processing occurs exclusively on your local device. There are no cross-border data flows associated with the use of this App.
15. GDPR Compliance (European Economic Area)
For users in the European Economic Area (EEA), the United Kingdom, and Switzerland:
- Avalw Shield is GDPR-compliant by design and by default (Privacy by Design, Article 25 GDPR).
- No personal data is collected, processed, or stored on Avalw's servers, making traditional GDPR obligations regarding data controllers largely inapplicable.
- Biometric data (face embeddings) is processed exclusively on your device under your sole control, pursuant to Article 9(2)(a) GDPR (explicit consent given during enrollment).
- Data Protection Impact Assessment (DPIA): Given the on-device-only architecture, the risk to data subjects is minimal. No high-risk processing as defined by Article 35 GDPR occurs.
- No Data Protection Officer (DPO) appointment is required given the nature of our processing activities.
16. California Privacy Rights (CCPA/CPRA)
For California residents under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Avalw does not sell, share, or disclose personal information as defined by the CCPA/CPRA.
- Avalw does not collect personal information from California consumers.
- There is no data to disclose, delete, correct, or opt out of selling/sharing.
- Avalw does not use sensitive personal information for purposes beyond what is reasonably necessary.
- Avalw does not engage in cross-context behavioral advertising.
17. Brazilian Data Protection (LGPD)
For users in Brazil: Avalw Shield complies with the Lei Geral de Proteção de Dados (LGPD). No personal data is collected, processed, or transferred to Avalw's servers. All biometric processing occurs locally on your device.
18. Data Retention
Avalw does not retain any data on its servers because it does not collect any data. Locally on your device:
- Camera frames: Retained for zero seconds — processed and immediately discarded.
- Face embeddings: Retained until you delete them from Settings or uninstall the App.
- App preferences: Retained locally (UserDefaults on macOS, Registry on Windows) until App uninstallation.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App functionality. When we make material changes:
- We will update the "Last updated" date at the top of this policy.
- We will notify users through the App for significant changes.
- The updated policy will be published at shield.avalw.ai/privacy.
Continued use of the App after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.
20. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, contact us:
Avalw SRL
Email: office@avalw.com
Product website: shield.avalw.ai
Company website: avalw.ai
We will respond to all privacy-related inquiries within 30 days. If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.