Skip to content
Bluenex
Back to Bluenex
GuardLite

GuardLite Privacy Policy

Effective date: June 2, 2026

The short version

GuardLite is a no-root personal firewall for Android, developed by Bluenex. It works by blocking apps you haven't allowed — not by reading your traffic. Everything GuardLite does happens on your device: it never inspects, logs, forwards, or stores the contents of your network traffic, it has no servers and no account, and it does not collect or transmit your browsing history or anything that identifies you.

1. What GuardLite stores on your device

GuardLite keeps a small amount of information, all of it in app-private files and databases that other apps cannot read:

  • Your firewall rules — which apps you allow or block, and (on Pro) whether each app is allowed on Wi-Fi and/or mobile data — together with your profiles and any schedules you set.
  • A history of actions GuardLite took — rule changes, profile switches, and protection turning on or off. This is a log of what you and the app did, not a record of your network traffic. Only the most recent entries are kept, and you can clear them in the app.
  • Data-usage counters — running totals of how much data your device has downloaded and uploaded, read from Android's own system counters (TrafficStats). These are device-wide totals used for the usage monitor and the optional data limit. They are an estimate, are stored only on your device, and you can reset them at any time.
  • Your preferences — such as the chosen theme, whether system apps are shown, your data-limit setting, and whether Pro is unlocked.

To show the per-app rules screen, GuardLite also reads the list of apps installed on your device through Android's package APIs. This list is read for display; it is not transmitted anywhere.

2. What GuardLite does NOT collect or do

  • It does not read, inspect, log, forward, or store the content of your network traffic.
  • It keeps no connection logs — no record of the sites or servers you connect to, no IP addresses, ports, or packet contents, and no per-connection "which app connected where" attribution.
  • It does no DNS logging, observation, or redirection.
  • It runs no servers, has no account or sign-in, and does no cloud sync. Nothing you do in GuardLite is stored off your device by us.
  • It does not collect your name, email, phone number, location, or any advertising or cross-app tracking identifier.
  • It contains no analytics, crash-reporting, or tracking SDK of any kind.

3. How the firewall works (local only)

GuardLite uses Android's built-in personal-VPN feature as a local gate, not as a remote tunnel. When protection is on, GuardLite sets up a dead-end tunnel: apps you have allowed (for the network you're currently on) are routed around the tunnel and connect to the internet normally, while every other app's traffic is dropped on your device. GuardLite does not route your traffic through any VPN server, proxy, or relay operated by us or anyone else, and it never reads what your apps send. Your allowed apps reach the internet the same way they always would.

4. Android permissions

GuardLite requests only the permissions the on-device firewall needs:

  • INTERNET — required by Android for the VPN service to run. No traffic ever leaves your device for a server we control.
  • ACCESS_NETWORK_STATE — to tell whether you are currently on Wi-Fi or mobile data, so per-network rules apply to the right network. It reads the connection type, not its contents.
  • FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE — so the firewall keeps running while the app is in the background.
  • POST_NOTIFICATIONS — to show the persistent "protection is on" status notification.
  • QUERY_ALL_PACKAGES — so the per-app rules screen can list the apps installed on your device.
  • RECEIVE_BOOT_COMPLETED — to re-apply your scheduled profile switches after the device restarts.
  • com.android.vending.BILLING — to let you buy GuardLite Pro through Google Play.

The firewall runs through Android's VpnService, which the system binds with the BIND_VPN_SERVICE permission and only after you grant the VPN consent prompt. GuardLite does not request access to your contacts, photos, location, microphone, camera, SMS, call logs, calendar, or files.

5. Google Play services

GuardLite integrates two Google Play services. Both involve Google Play Services on your device communicating with Google in the normal way for those APIs; Google's handling is governed by Google's Privacy Policy.

  • Google Play Billing. GuardLite Pro is a subscription you buy through Google Play. The purchase is handled entirely by Google Play. GuardLite receives only whether you currently have an active Pro subscription — not your payment details.
  • Google Play Integrity. GuardLite may ask Google Play to confirm the app and device have not been tampered with. The request is handled by Google Play Services. GuardLite operates no server, does not send the result to any server we control, and does not store it off your device.

Otherwise, GuardLite is built only with open-source Android libraries (AndroidX / Jetpack, Room, DataStore, Jetpack Compose, Hilt). GuardLite does not integrate any third-party analytics, advertising, or crash-reporting SDK, and does not sell your data.

If you choose to email us a screenshot or a backup file, the contents you send fall under the privacy practices of that channel. We only see what you send.

6. Data retention

  • Rules, profiles, schedules, preferences, and data-usage counters are stored in app-private storage on your device. They persist across restarts and are removed when you uninstall GuardLite. You can reset the data-usage counter at any time in Data usage, and a backup you export is a file you control.
  • The action history keeps only the most recent entries and can be cleared from the History screen.

7. Children's privacy

GuardLite is not directed at children under 13 (or the equivalent minimum age in your jurisdiction) and does not knowingly collect personal information from children. Because GuardLite stores nothing about you off your device, there is no information for us to retrieve, modify, or delete in response to a children's-data request.

8. Security

Everything GuardLite stores stays in app-private storage, protected by Android's standard app-sandbox isolation. There is no remote channel for us to read it through. If you root your device, grant another app debug-level access, or install another VPN that takes precedence, GuardLite's on-device data may become readable by those tools — that is a property of your device's configuration, not of GuardLite.

9. What the firewall can and cannot do

GuardLite blocks by Android's own per-app VPN routing, so a blocked app's traffic is dropped before it leaves the device — there is no per-packet inspection that could "leak". Two honest limits worth knowing:

  • Per-network rules act on your active connection. If you block an app on mobile data but Wi-Fi is also connected, Android routes the app over Wi-Fi, so it still works; the mobile block takes effect when mobile data is the connection in use.
  • Data usage is a device-wide estimate (all apps, Wi-Fi and mobile together), counted while protection is on. It is not a per-app or carrier-grade meter.

Neither affects this policy: regardless of your settings, none of your data leaves your device for a GuardLite-owned server.

10. Changes to this policy

If we change this policy, the effective date above will change and the updated version will be posted at the same URL. Material changes will be called out in the GuardLite app's release notes for that version.

11. Contact

Questions about this privacy policy or about how GuardLite handles data:

Bluenex — support@bluenex.org

This privacy policy is published from the GuardLite project's public repository and reflects the GuardLite Android app's actual on-device behavior as of the effective date above.

All Bluenex policies →