One of the most common questions from users considering their first Castle installation is simple: is this app safe? This page exists to answer that question directly and transparently. We explain exactly what data Castle collects during normal use, what it never touches, and what technical measures are in place to keep your device and personal information secure. All practices described here are aligned with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. What Castle Accesses on Your Device

Castle is an indexing application, not a social or financial platform. It does not need access to the kind of personal data that banking apps or social networks typically request. During normal operation, Castle interacts only with the following technical information:

  • Device Specifications: Your device model, Android version, and processor type are read at launch to confirm APK compatibility and optimize rendering settings for your specific hardware.
  • Display Preferences: Any language, theme, or subtitle settings you configure are stored locally on your device. These preferences never leave your phone unless you explicitly sync across devices.
  • Session Bookmarks: If you use Castle's bookmark or watch-history feature, that data is temporarily cached to allow you to resume sessions across multiple Android devices. This cache is fully erasable from the Settings menu at any time.
  • Network Type Detection: Castle reads whether you are on a Wi-Fi or mobile data connection to adjust link quality recommendations. No location data, ISP account details, or browsing history outside the app is accessed.

That is the complete list. Castle does not run background processes that collect data while the app is closed.

2. What Castle Never Accesses

To be unambiguous about our boundaries, the following categories of data are never requested, read, stored, or transmitted by Castle under any circumstances:

  • Aadhaar, PAN, or Voter ID numbers
  • Bank account details, UPI handles, or credit and debit card information
  • Fingerprints, facial recognition data, or any biometric markers
  • SMS messages, call logs, or phonebook contacts
  • Photos, videos, or files stored in your private gallery
  • Passwords or authentication credentials for any third-party service

If you have downloaded a version of Castle that requests any of the above permissions during installation, that file is not genuine. Uninstall it immediately and run a full device security scan. The official Castle APK requires none of these permissions.

3. Advertising & the Google AdMob Framework

Castle is free to use because it is supported by advertising revenue. We work with Google AdMob, one of the most widely used and regulated mobile advertising networks in the world, to display commercial content within the app interface.

AdMob may use an anonymous identifier called the Google Advertising ID (GAID) to serve ads that are relevant to your general interests. This identifier is a randomly generated string. It contains no name, phone number, address, or financial information. It is not linked to your Google account without your explicit consent.

You can reset your Google Advertising ID or opt out of personalized advertising entirely through your Android device settings under Google, then Ads. Doing so does not affect your ability to use Castle.

4. Castle on PC: What the Emulator Isolates

Because Castle is an Android-only application, desktop users run it inside an Android Emulator such as BlueStacks or LDPlayer. A question we receive frequently is whether Castle can access files on the host computer through the emulator.

The answer is no. Android emulators operate as self-contained virtual machines. Castle runs inside the emulator's sandboxed Android environment and has no pathway to your Windows or macOS file system, browser history, saved passwords, or any other data stored on your PC. The emulator acts as a wall between Castle and your primary operating system.

Castle also does not request any permissions inside the emulator that it would not request on a physical Android device. The same minimal permission set applies in both environments.

5. Your Rights Under DPDP Act 2023

India's Digital Personal Data Protection Act, 2023 gives you meaningful control over any personal data that applications collect. As a Castle user, you can exercise the following rights at any time:

  • Right to Access: You can view all bookmarks, search history, and saved preferences stored within the Castle interface directly from the app's Settings menu.
  • Right to Erasure: A single tap on "Clear Cache and History" in Settings removes all locally stored session data from your device immediately.
  • Right to Correction: Language, display, and regional preferences can be updated at any time without restriction.
  • Right to Deletion from Backend: If you wish to request removal of any device-linked synchronisation metadata from our servers, submit a written request through our official support portal. We process all such requests within the 15-day statutory window.

6. How to Report a Privacy Concern

Castle has appointed a dedicated Grievance Officer in compliance with the Information Technology (Intermediary Guidelines) Rules. If you believe your data has been handled incorrectly, or if you have any question about how Castle processes information, you can reach the Grievance Officer through the official contact portal on our website.

We acknowledge all formal privacy complaints within 24 hours. Our target resolution window is 15 days, in line with Indian statutory requirements. Anonymous or informal inquiries are also welcome and will be addressed on a best-effort basis.