Skip to content
Vireks
Home Terms Imprint See all apps
← Back to Vireks

Privacy Policy

Last Updated: July 6, 2026 · Effective: June 11, 2026 · Version 1.1 (Vireks v1)

Short version: Vireks does not collect any data. The Android manifest does not request the INTERNET permission. The app does not link to any analytics, crash-reporting, or advertising library. Your recordings are stored locally in DCIM/VireksUserFiles/ and leave the device only when you explicitly share them through the Android share sheet. The Google Play "Data safety" form for Vireks states what is literally true: no data collected, no data shared.
Data Controller: ZADIO EOOD, EIK 201209745, VAT BG201209745, registered seat at Ploshtad Han Kubrat 1, 7000 Ruse, Bulgaria. Email: app@zadio.bg. ZADIO EOOD is the data controller under the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the Bulgarian Law on Personal Data Protection.

This Privacy Policy describes how ZADIO EOOD (“Company,” “we,” “us,” “our”) handles information in connection with the Vireks Android application (“App”). The same policy applies to the Vireks marketing website at zadio.bg/vireks (“Site”).

Data Protection Officer (DPO): Not appointed. Given the nature, scope, context, and purposes of our processing — most notably the fact that we do not process personal data on our servers because we have none — we are not required to designate a DPO under Article 37 GDPR. Privacy enquiries may be directed to app@zadio.bg.

Scope. This policy covers the Vireks Android application. It is the only application published under this website. Any future ZADIO EOOD applications will be released with their own separate privacy policies on their own sites.

Contents

  1. Overview
  2. Information we collect and process
  3. Purposes and legal bases
  4. Permissions used by the App
  5. Storage, security, and hosting
  6. Third parties
  7. International data transfers
  8. Your choices and controls
  9. Data retention and deletion
  10. Children's privacy
  11. Your rights
  12. Cookies and trackers
  13. Changes to this policy
  14. Contact

1. Overview

Vireks is an offline-first screen recorder. It is built so that the answer to the privacy question is structural, not promotional. There is no analytics SDK, no crash reporter, no advertising library, no account system, no profile, no telemetry, no device fingerprinting, no opt-in dialog for the user to disable any of the above, because there is nothing to disable. The Android manifest does not even request the INTERNET permission, so the App is technically incapable of sending data off the device.

We do NOT:

  • Display advertisements of any kind;
  • Use advertising tracking SDKs or identifiers (AAID / IDFA);
  • Sell, rent, or share personal data with third parties for marketing;
  • Collect or access your personal files (only the screen frames Android hands us during a recording, and optionally the microphone audio if you toggled it on);
  • Use cookies, web beacons, fingerprinting, or any cross-site tracking on the Site;
  • Perform profiling or automated decision-making within the meaning of Article 22 GDPR.

2. Information we collect and process

2.1 What stays on your device (we never receive it)

Strictly local. Vireks writes the following information to its own private storage on your device. None of it is transmitted to ZADIO EOOD or to any third-party server, because the App cannot send anything anywhere.

  • Your settings (record-with-audio toggle, output format, capture quality knobs, "Show taps" preference, theme choice). Stored in Android Preferences DataStore.
  • The free-recordings counter. A small HMAC-signed value tracking how many of your five free recordings you have used. Layered between Preferences DataStore and a signed marker file in shared storage so it survives an honest reinstall but resists casual tampering. Bound to your device's ANDROID_ID for tamper detection; that binding is computed and verified locally and never transmitted.
  • Your purchase status as reported by the Google Play Billing library on this device. Vireks does not maintain a separate account record; the Play Billing library is the source of truth.
  • Your recordings themselves as MP4 (or WebM) files in DCIM/VireksUserFiles/. These are normal media files; the Photos / Gallery / Files apps see them like any other video. Deleting the file in any of those apps deletes it from Vireks's list as well.
  • One-shot onboarding flags (whether you have already seen the "How to stop a recording" gate card, whether you have already been asked about the launcher pin-shortcut).

All of the above is removed from your device when you uninstall the App. None of it is backed up to the cloud unless your device's overall backup policy already does so under Android Auto Backup — and even then, the backup target is your own Google account, not ours.

2.2 What Google Play handles on its side

When you purchase the €5 unlock, the transaction is processed entirely by Google Play. Google Play is the merchant of record for end-user purchases in the EU/EEA and in most other jurisdictions where Google Play operates.

ZADIO EOOD receives from Google, in connection with that transaction, only:

  • The fact that a sale of the Vireks unlock occurred (so that we can be paid the developer payout);
  • The aggregated sales reports Google Play exposes in the Play Console (country, product, count, payout amount). These reports do not identify individual buyers to us.
  • For tax purposes, the country of supply needed for Google Play's OSS/IOSS VAT reporting on our behalf. We do not see your name, your email, your card details, your billing address, or your IP address.

If you contact Google for a refund, that refund is processed inside the Google Play account system. We learn about the refund only as an offsetting line in Google's payout report.

2.3 What ZADIO EOOD itself receives from the App

Nothing. The App is incapable of opening a network socket to a server we control because the INTERNET permission is absent from its merged manifest. There is no server we operate, no endpoint Vireks talks to, no SDK that opens a side channel.

The single boundary across which data crosses our way at all is the Play Console payout / sales report described in §2.2, and that boundary is wholly managed by Google.

2.4 The marketing website

The Site (zadio.bg/vireks) is a static HTML site. It does not set cookies, does not run analytics, does not embed third-party fonts or scripts that would expose your IP to a third party, and does not contain any social-network tracking pixels. The host's standard HTTP access log captures the usual minimum (IP address, requested URL, timestamp, user agent) on the host's behalf and is rotated according to the host's retention policy; we do not aggregate or analyse it. See §5.2 for details.

2.5 Information we do NOT collect (explicit, illustrative list)

  • Your name, email address, phone number, or any contact identifier.
  • Your Google account identity (we do not implement Google Sign-In).
  • Your location (we do not request location permissions; we do not perform IP geolocation; we do not log IP at all).
  • The Android advertising ID (AAID / IDFA).
  • A device identifier we ever transmit. ANDROID_ID is read locally for free-quota tamper detection and never leaves the device.
  • Your contacts, call logs, SMS messages, calendar, camera, microphone (unless you toggled "Record with audio" on for a recording, in which case the captured audio is mixed into your video and stays in your video).
  • Your installed-apps list.
  • The contents of any file on your device other than what you record yourself.
  • Crash reports (no Crashlytics, no Sentry, no Bugsnag, no App Center — no crash reporter at all).
  • Performance metrics (no Firebase Performance, no New Relic, no DataDog — none).
  • Special-category data (Article 9 GDPR).

3. Purposes and legal bases of processing (GDPR Article 6)

Because Vireks v1 does not process any personal data on our servers, the GDPR's "purposes and legal bases" table is short and serves mainly to document the structural absence.

DataWhere it livesPurposeLegal basisRetention
App settings, free-quota counter, purchase-state cache, onboarding flags Your device (Android DataStore + shared storage marker) Make the App work the way you configured it Art. 6(1)(b) contract performance (you installed the App to use it) Until you uninstall the App or clear its data
Recordings (MP4/WebM) you produce Your device (DCIM/VireksUserFiles/) Save the output you asked the App to produce Art. 6(1)(b) contract performance Until you delete the file or factory-reset the device
Google Play sales / payout reports (Country, product, count, payout) Google Play Console Pay us our share; let us comply with bookkeeping law Art. 6(1)(b) contract performance + Art. 6(1)(c) legal obligation (Bulgarian Accounting Act Art. 12 — 10-year record retention) 10 years (statutory)
Your email correspondence with us Our email mailbox (Google Workspace / Gmail) Answer your question Art. 6(1)(f) legitimate interest (responding to inbound enquiries) Closed within the conversation; bookkeeping-relevant copies retained 10 years (Bulgarian Accounting Act)
Host HTTP access log on the marketing site Hosting provider (server-side, opaque to us) Operational security of the host Art. 6(1)(f) legitimate interest (server-side abuse prevention) Per host policy; we do not aggregate or analyse

Balancing test for legitimate interests. We have conducted a legitimate-interests balancing test (LIA) and concluded that our processing is necessary, proportionate, and does not override your rights because (i) we collect no identifiers, (ii) we perform no profiling, (iii) we maintain no servers that hold personal data, and (iv) you are transparently informed in this Policy. A summary of the LIA is available on request.

4. Permissions used by the App

Vireks v1 requests only the permissions strictly required to do its job. None of the permissions is used to collect or transmit data; each is used for the screen-recording feature it advertises.

PermissionTypeWhat Vireks uses it for
MEDIA_PROJECTIONPer-session, granted via the OS consent dialogCapture screen frames. Without this Vireks cannot record.
FOREGROUND_SERVICE + FOREGROUND_SERVICE_MEDIA_PROJECTIONManifest-onlyHost the MediaProjection beyond the Activity's foreground lifetime, as required by Android 14+.
RECORD_AUDIORuntime, only when you toggle "Record with audio: yes"Capture microphone audio and mix it into the video. If you decline, Vireks records a silent video.
POST_NOTIFICATIONSRuntime, Android 13+Show the mandatory foreground-service notification while recording. The OS requires this.
SYSTEM_ALERT_WINDOW (“Display over other apps”)Special access, granted once in Android SettingsHost a fully transparent 80 dp tap zone on the top-right corner of the screen so a single tap stops the recording. The overlay draws no pixels and reads no data.

Notably absent from the manifest:

  • INTERNET — not present. The Google Play Billing library's transitive copy is explicitly stripped at the manifest merger via <uses-permission android:name="android.permission.INTERNET" tools:node="remove"/>.
  • ACCESS_NETWORK_STATE — not present.
  • CAMERA — not requested by Vireks. Vireks does not access any camera; it is a screen recorder only.
  • Location, contacts, SMS, calendar, body sensors, activity recognition, phone state, accessibility services — none requested.
  • Broad storage (READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE, or READ_MEDIA_VIDEO / READ_MEDIA_IMAGES / READ_MEDIA_AUDIO) — none requested. We use scoped MediaStore APIs that do not require them.

5. Storage, security, and hosting

5.1 On-device storage

Settings, the free-quota counter, the cached purchase state, and your recordings live on your device. Settings and counters are in app-private storage (inaccessible to other apps) and your recordings are in DCIM/VireksUserFiles/ (scoped MediaStore; visible to media apps). Encryption at rest is provided by Android Filesystem Encryption (FBE) on all supported devices.

5.2 The marketing website

The Site is a static HTML site hosted with a commercial European hosting provider. The host operates the web server on our behalf and, like any web server, writes an access log containing the IP address, the requested URL, the timestamp, the response code, and the user-agent string for each HTTP request. That log is operated by the host for the host's own operational and security purposes; ZADIO EOOD does not analyse it, aggregate it, or feed it into any other system. The host's own privacy and retention policy applies; access logs are rotated and deleted according to the host's defaults.

The Site does not embed third-party scripts, third-party fonts loaded from a third-party CDN, third-party iframes, social-network tracking pixels, analytics, or cookies. The system fonts on your device are used.

5.3 Security measures (GDPR Art. 32)

  • App-private storage for all local data (inaccessible to other apps);
  • HMAC-signed free-quota counter with multi-layer tamper detection;
  • HTTPS / TLS 1.2+ for the marketing website (no plaintext HTTP);
  • Strict minimisation: nothing collected, nothing to leak;
  • Manifest-level network isolation: no INTERNET permission, no ACCESS_NETWORK_STATE;
  • No third-party SDKs in the release build other than Google Play Billing (which transitively pulls a single utility module from which we strip the INTERNET dependency).

5.4 Personal-data-breach notification

In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the Bulgarian Commission for Personal Data Protection (CPDP) without undue delay and, where feasible, within 72 hours (GDPR Art. 33). High-risk breaches will also be communicated to affected data subjects without undue delay (GDPR Art. 34). Given that ZADIO EOOD holds no Vireks user database, the realistic breach surface is limited to ZADIO EOOD's own email correspondence with users who contact us; the marketing Site contains no user records.

6. Third parties

6.1 Google Play (Google Ireland Limited / Google LLC)

Google Play is the App's distribution channel and the payment processor for the €5 unlock. When you install Vireks, Google Play receives your Google account identity, your device identity, and the install event; this happens entirely between you and Google, on your device. When you purchase the unlock, Google Play processes the transaction (collecting and remitting VAT under the EU OSS/IOSS scheme on our behalf). Google's privacy practices apply: policies.google.com/privacy.

6.2 Hosting provider for the marketing site

The Site is hosted by a European hosting provider. The host processes HTTP requests on our behalf as a sub-processor; the contract relies on EU Standard Contractual Clauses where relevant.

6.3 No other third parties

We do not integrate advertising networks, social-media tracking pixels, attribution SDKs, analytics SDKs, crash reporters, customer-data platforms, or any third-party identity, A/B, or growth tooling. Vireks's release build has zero third-party network destinations.

6.4 Data Processing Agreement

We have entered into the standard Data Processing Addendum with Google under Article 28 GDPR. A copy of the executed DPA can be requested by email.

7. International data transfers (GDPR Chapter V)

Because ZADIO EOOD does not collect personal data from users, the only international-transfer surface relevant to this Policy is Google's processing of the Google Play sales / payout records:

  • EU-U.S. Data Privacy Framework (DPF): Google LLC is certified under the DPF (adequacy decision C(2023) 4745 of 10 July 2023). Transfers to Google LLC therefore benefit from an adequacy decision of the European Commission.
  • Standard Contractual Clauses (SCCs): For transfers not covered by adequacy, Google's data-processing terms rely on the European Commission's SCCs (Implementing Decision (EU) 2021/914).

You may request a summary of the safeguards applied by emailing app@zadio.bg.

8. Your choices and controls

8.1 Microphone audio

Off by default. Toggle "Record with audio: yes" in Settings to enable; toggle back to disable. You may also decline the runtime RECORD_AUDIO prompt, in which case the recording proceeds without audio (silent video, no error).

8.2 Notifications

The mandatory foreground-service notification appears only while a recording is in progress; it disappears when the recording finishes. You may revoke POST_NOTIFICATIONS in Android Settings, but Android requires Vireks to post a notification while a MediaProjection capture is active, and revoking the permission may make Vireks unable to start a recording until you re-grant it.

8.3 Display over other apps

You can revoke this in Android Settings → Apps → Vireks → Display over other apps. Vireks will then refuse to start a recording until you re-grant it, because the corner-tap is the App's only Stop affordance.

8.4 Uninstall

Uninstalling Vireks removes all on-device settings, counters, and onboarding flags. Your recordings remain in DCIM/VireksUserFiles/ as normal media files; remove them with your file manager or gallery app if you wish. Your Google Play purchase history is unaffected — Google Play remembers that you bought the unlock and will restore it automatically the next time you install Vireks on the same Google account.

8.5 Withdraw consent / opt out

There is no consent to withdraw and no analytics to opt out of, because we collect nothing and run no analytics. If you no longer wish to use the App, simply uninstall it.

9. Data retention and deletion

9.1 Retention periods

Concrete retention periods for each category are in the table in §3.

9.2 Local data

All locally stored data is removed when you uninstall the App or clear its data.

9.3 Cloud / server data

We do not operate any user-facing servers, so there is nothing on a server of ours to delete or to retain.

9.4 Google Play records

Google Play retains the purchase record on your Google account for the lifetime of the account or until you delete that account / refund the purchase. We retain the aggregated sales / payout report we receive from Google Play for 10 years under the Bulgarian Accounting Act (Art. 12).

9.5 Deletion requests

If you have corresponded with us at app@zadio.bg and wish to have your email correspondence deleted from our mailbox (subject to bookkeeping-retention overrides), email us with that request. We process such requests within 30 days (extendable by 2 months per GDPR Art. 12(3)).

10. Children's privacy

The App is not directed at children. Per Article 8 GDPR and Bulgarian LPDP Art. 25в, the minimum age for consent to information-society services in Bulgaria is 14 years. In other EU/EEA Member States the minimum age is between 13 and 16 as set by national law. In all cases:

  • The App is intended for users aged at least 14 in Bulgaria (or the applicable local age elsewhere).
  • Users under 18 should have permission from a parent or legal guardian.

Because Vireks collects no personal data of any kind, the practical risk to minors is the same as the risk to adults — namely, none. If you nonetheless believe a child has provided us with personal data through email correspondence, contact app@zadio.bg and we will delete that correspondence.

11. Your rights

11.1 EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

  • Right of access (Art. 15) — we will confirm in writing that we hold no personal data about you beyond any email you have sent us.
  • Right to rectification (Art. 16).
  • Right to erasure / "right to be forgotten" (Art. 17).
  • Right to restrict processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21) to processing based on legitimate interests.
  • Right to withdraw consent at any time (Art. 7(3)).
  • Right not to be subject to automated decision-making (Art. 22) — we perform none.
  • Right to lodge a complaint with a supervisory authority (Art. 77).

Exercise your rights: app@zadio.bg. We respond within 30 days, extendable per Art. 12(3) GDPR.

11.2 Supervisory authority — Bulgaria

Commission for Personal Data Protection (CPDP)
Комисия за защита на личните данни (КЗЛД)
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Phone: +359 2 915 3 518 · Email: kzld@cpdp.bg
Website: www.cpdp.bg

You may also lodge a complaint with the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement.

11.3 California (CCPA / CPRA)

California residents: right to know, delete, opt-out of sale / share (we do not sell or share), limit use of sensitive PI (we collect none), and non-discrimination. Contact app@zadio.bg.

11.4 Brazil (LGPD)

Residents of Brazil have rights to access, correct, delete, anonymise, and port the personal data we hold about them. Contact app@zadio.bg.

12. Cookies and trackers

The App does not use cookies. The Site (zadio.bg/vireks) does not use advertising, analytics, or cross-site tracking cookies. See the full Cookie Policy.

13. Changes to this Privacy Policy

We may update this Policy from time to time — for example, to reflect a change in Google Play's data-processing terms, or to correct or clarify wording. Material changes will be reflected by updating the “Last Updated” date at the top. Prior versions available on request.

14. Contact

ZADIO EOOD · EIK 201209745 · VAT BG201209745
Registered seat: Ploshtad Han Kubrat 1, 7000 Ruse, Bulgaria, EU
Email: app@zadio.bg
Website: https://zadio.bg/vireks


ZADIO EOOD · EIK 201209745 · VAT BG201209745 · Registered in Bulgaria (EU)
Email: app@zadio.bg · EU Online Dispute Resolution: ec.europa.eu/consumers/odr
Imprint Privacy Policy Terms of Service Content License Refund & Withdrawal Copyright & Takedown Cookie Policy AI Overview See all apps

© 2026 ZADIO EOOD · zadio.bg/vireks