The Pile ("the app", "we") is developed and published by Vladimir Yakunin as an individual developer. This policy explains what the app does with your information. If any behaviour of the app contradicts this policy, that is a bug — please report it to vyakunin@gmail.com.
The Pile is built so that your document content never reaches any endpoint that is not owned by you. Concretely, the app never:
| Location | What is stored | Who can read it |
|---|---|---|
| Encrypted database on your device | Document metadata, extracted fields, OCR text, and search embeddings | Only this app, using a key held in your device's hardware-backed keystore |
| Encrypted files in app-private storage on your device | The original PDFs and images you add | Only this app |
| Your own Google Drive — hidden app folder (opt-in) | Encrypted backups of your documents and their metadata | Only this app, holding your passphrase-derived key. (If you explicitly choose the "open blobs" mode, the original files are stored in your Drive un-encrypted; metadata stays encrypted regardless.) |
Google Drive backup is opt-in. A fully local, no-cloud mode is always available and fully supported.
If you enable backup/sync, the app asks for the Google
drive.appdata permission. This grants access only to a
private application-data folder that other apps — and the Drive web/mobile UI —
cannot see. The app cannot read, list, or modify any of your other Drive files.
Sign-in uses Google OAuth (accounts.google.com); we never see or
store your Google password.
The on-device database and file blobs are encrypted with a 256-bit key stored in your device's hardware-backed keystore (Android Keystore / StrongBox where available). Google Drive backups are encrypted with a separate key derived from your passphrase using Argon2id; that key is never written to disk and is held in memory only while the app is in the foreground. If your phone is lost, the vault cannot be read without your biometric or passphrase.
We do not share, sell, rent, or transfer your data to anyone. There is no third party to share it with — the app has no backend. The only network destination is your own Google Drive, at your choice.
Your data lives on your device (and, if you enabled it, in your own Drive) for as long as you keep it. You are always in control: delete a document in the app to remove it, or uninstall the app to remove the local vault. If you used Drive backup, delete the app's data from your Google Drive to remove the cloud copy. Because we hold none of your data, there is nothing for us to delete on your behalf.
The Pile is a general-purpose document utility and is not directed at children. It collects no personal information for us regardless of the user's age.
If this policy changes, we will update the effective date above and post the revised policy at this URL. Material changes will be reflected in the app's release notes.
Questions about this policy or the app's privacy practices: vyakunin@gmail.com.