Skip to main content
TACUNS
Back to Firewall App

Privacy Policy for TacU-NS Firewall

Effective Date: May 18, 2026

Last Updated: June 21, 2026

Important Google Play Disclosures

VpnService: The app uses Android's built-in VpnService to create a local VPN tunnel for intercepting DNS queries and applying firewall rules on-device without requiring root access. Traffic is NOT routed through any remote VPN server operated by us.

QUERY_ALL_PACKAGES: This permission enables enumeration of installed applications to support per-app blocking rules for Wi-Fi and Mobile Data. Per-app firewall functionality depends on this permission.

1. Overview

TacU-NS Firewall is a no-root network firewall for Android. This policy explains what data is processed, how it is used, and what is shared externally.

2. How the App Works

The app uses Android's built-in VPN API (VpnService) to create a local VPN tunnel that intercepts DNS domain name queries and applies firewall rules. All firewall decisions occur entirely on-device without requiring root access. No traffic is routed through any remote server operated by TacU-NS.

Before the VPN tunnel is created, Android presents a system-level permission dialog that the user must accept. The firewall cannot activate without this explicit consent.

3. Data We Collect

3.1 Data Stored On-Device Only (never uploaded to our servers)

  • DNS query logs: app name, destination domain, blocked/allowed status, timestamp — stored in local database for log display and security analysis.
  • Firewall rules: custom domain blocks, per-app blocking policies (Wi-Fi/Mobile Data), geo TLD blocks, schedule rules — stored locally.
  • App settings: boot-on-start preference, schedule config, import/export usage counter — stored in local device storage.

3.2 Data We Do NOT Collect

  • No name, email, phone number, or personal identity information.
  • No analytics SDKs (Firebase Analytics, Crashlytics, or any third-party).
  • No advertising SDKs.
  • No user account requirement.
  • No uploading of firewall rules, DNS logs, or app usage data to our servers.

4. DNS Query Forwarding (Important Disclosure)

When an app makes a DNS query that is NOT blocked by firewall rules, TacU-NS Firewall forwards the query to Google Public DNS (8.8.8.8) to resolve the domain name.

What this means:

  • Allowed DNS queries (unblocked domains) are sent to Google's DNS servers.
  • Google processes these queries per the Google Public DNS Privacy Policy.
  • Blocked DNS queries NEVER reach external servers — they receive NXDOMAIN responses generated entirely on-device.

Why Google DNS is used:

Google Public DNS (8.8.8.8) is used for its speed, reliability, and global availability. It performs the same role as an ISP's DNS server.

5. Community Blocklist Downloads

When enabled, the app downloads domain blocklists from these public sources over HTTPS. Only domain names are transmitted — no personal or device data:

BlocklistSourceLicense
StevenBlack Unified Hostsgithub.com/StevenBlack/hostsMIT
OISD Bigbig.oisd.nlPublic
HaGeZi Progithub.com/hagezi/dns-blocklistsPublic
AdGuard DNS Filtergithub.com/AdguardTeam/AdGuardSDNSFilterGPL-3.0
Dan Pollock Hostssomeonewhocares.org/hostsPublic

All lists are stored on-device only.

6. Geo Location Data

The app includes a bundled MaxMind GeoLite2-Country database for displaying geographic locations of DNS query destinations on the Map screen. All processing is entirely on-device with no external data transmission to MaxMind or any other service.

Licensed under Creative Commons Attribution-ShareAlike 4.0 International.

7. Permissions Used

PermissionWhy It Is Needed
BIND_VPN_SERVICERequired to create the local VPN tunnel for DNS interception
FOREGROUND_SERVICERequired to keep the firewall running while the screen is off
FOREGROUND_SERVICE_SPECIAL_USERequired for VPN foreground service on Android 14+
POST_NOTIFICATIONSTo display the persistent firewall status notification
INTERNETTo download community blocklists and forward allowed DNS queries
ACCESS_NETWORK_STATETo detect WiFi vs Mobile Data for per-transport app blocking
RECEIVE_BOOT_COMPLETEDTo restart the firewall after device reboot (if enabled)
QUERY_ALL_PACKAGESRequired to enumerate all installed apps so per-app firewall can route each app's traffic correctly. Without this, per-app blocking cannot function.

8. Third-Party Services

The App interacts with the following external services:

ServicePurposeTheir Privacy Policy
Google Public DNS (8.8.8.8)Resolves allowed DNS queriesGoogle Privacy Policy
Community blocklist hosts (see §5)Downloads domain blocklistsSee each source

No other third-party SDKs, analytics services, or advertising networks are integrated in this App.

9. Data Security

  • Firewall rules and DNS logs are stored in an SQLite database on-device, protected by Android's application sandbox.
  • No sensitive data is transmitted to company servers — no backend server operates for this app.
  • Blocklist downloads use HTTPS. DNS forwarding uses standard UDP to 8.8.8.8. The VPN tunnel endpoint is local to the device (the tun interface). DNS queries that exit the device travel to Google Public DNS (8.8.8.8) via standard UDP — the same path any DNS resolver uses.

10. Children's Privacy

The app does not knowingly collect information from children under 13. No personal information is collected from any user.

11. Data Retention

All data (logs, rules, settings) is stored locally on your device. Delete all app data via Android Settings → Apps → TacU-NS Firewall → Clear Data. Uninstalling the app removes all locally stored data.

12. Your Rights

Since no personal data is collected or stored on our servers, there is no personal data held by us to access, correct, or delete. You retain full control of on-device data through Android's app data management.

13. Changes to This Policy

We may update this policy when new features are added. The “Last Updated” date reflects the most recent revision. Continued use of the app constitutes acceptance of updates.

14. Contact

If you have questions about this Privacy Policy, contact us at: