Privacy Policy for TacU-NS Firewall
Effective Date: May 18, 2026
•
Last Updated: May 2026
Important Google Play Disclosures
VpnService: TacU-NS Firewall uses Android's built-in VpnService to create a local VPN tunnel. This is strictly required to intercept DNS queries and apply your firewall rules on-device without needing root access. Your traffic is NOT routed to any remote VPN server operated by us.
QUERY_ALL_PACKAGES: We require this permission to enumerate installed apps so that you can apply per-app blocking rules (e.g., block Wi-Fi/Mobile Data for specific apps). The firewall cannot function on a per-app basis without it.
1. Overview
TacU-NS Firewall ("the App", "we", "our") is a no-root network firewall for Android. This policy explains what data the App processes, how it is used, and what is shared externally.
2. How the App Works
TacU-NS Firewall uses Android's built-in VPN API (VpnService) to create a local VPN tunnel on your device. This tunnel intercepts DNS (domain name) queries made by apps on your device and applies firewall rules to block or allow them.
No root access is required. All firewall decisions are made on your device.
3. Data We Collect
3.1 Data Stored On-Device Only
The following data is generated and stored exclusively on your device. It is never uploaded to any server operated by us:
- DNS query logs: app name, destination domain, blocked/allowed status, timestamp. Stored in a local database. Used to display the Logs screen and security analysis features.
- Firewall rules: custom domain blocks, per-app blocking policies (Wi-Fi / Mobile Data), geo TLD blocks, schedule rules. Stored in a local database.
- App settings: boot-on-start preference, schedule configuration, import/export usage counter. Stored in local device storage.
3.2 Data We Do NOT Collect
- We do not collect your name, email address, phone number, or any personal identity information.
- We do not use analytics SDKs (no Firebase Analytics, no Crashlytics, no third-party analytics).
- We do not use advertising SDKs.
- We do not require a user account.
- We do not upload firewall rules, DNS logs, or app usage data to any server operated by us.
4. DNS Query Forwarding (Important Disclosure)
When an app on your device makes a DNS query and that query is not blocked by your firewall rules, TacU-NS Firewall forwards the DNS query to Google Public DNS (8.8.8.8) to resolve the domain name.
What this means:
- Allowed DNS queries (domains you have not blocked) are sent to Google's DNS servers.
- Google may process these queries in accordance with Google's Privacy Policy and Google Public DNS Privacy Policy.
- Blocked DNS queries (domains matching your rules) are never forwarded — they are rejected on-device with an NXDOMAIN response and never reach Google or any external server.
Why Google DNS is used:
Google Public DNS (8.8.8.8) is used as the upstream resolver because it is fast, reliable, and widely available globally. It is used solely to resolve domain names for allowed traffic — the same function performed by your ISP's DNS server without this app.
5. Community Blocklist Downloads
If you enable community blocklists (StevenBlack, OISD, HaGeZi, AdGuard DNS Filter, Dan Pollock), the App downloads domain lists from the following public sources over HTTPS:
| Blocklist | Source URL | License |
|---|---|---|
| StevenBlack Unified Hosts | github.com/StevenBlack/hosts | MIT |
| OISD Big | big.oisd.nl | Public |
| HaGeZi Pro | github.com/hagezi/dns-blocklists | Public |
| AdGuard DNS Filter | github.com/AdguardTeam/AdGuardSDNSFilter | GPL-3.0 |
| Dan Pollock Hosts | someonewhocares.org/hosts | Public |
These downloads contain only domain names. No personal data from your device is sent during these downloads. Downloads happen over HTTPS. The downloaded domain lists are stored on your device only.
6. Geo Location Data
The App includes a bundled copy of the MaxMind GeoLite2-Country database to display the geographic location of DNS query destinations on the Map screen. This database is processed entirely on-device. No data is sent to MaxMind or any external service for geo lookups.
The GeoLite2 database is used under the Creative Commons Attribution-ShareAlike 4.0 International License.
7. Permissions Used
| Permission | Why It Is Needed |
|---|---|
| BIND_VPN_SERVICE | Required to create the local VPN tunnel for DNS interception |
| FOREGROUND_SERVICE | Required to keep the firewall running while the screen is off |
| FOREGROUND_SERVICE_SPECIAL_USE | Required for VPN foreground service on Android 14+ |
| POST_NOTIFICATIONS | To display the persistent firewall status notification |
| INTERNET | To download community blocklists and forward allowed DNS queries |
| ACCESS_NETWORK_STATE | To detect WiFi vs Mobile Data network type for per-transport app blocking |
| RECEIVE_BOOT_COMPLETED | To restart the firewall automatically after device reboot (if enabled) |
| QUERY_ALL_PACKAGES | Required to enumerate all installed apps so the per-app firewall can route each app's traffic correctly. Without this permission, per-app blocking cannot function. |
8. Third-Party Services
The App interacts with the following external services:
| Service | Purpose | Their Privacy Policy |
|---|---|---|
| Google Public DNS (8.8.8.8) | Resolves allowed DNS queries | Google Privacy Policy |
| Blocklist hosts (see §5) | Downloads community domain blocklists | See each source |
No other third-party SDKs, analytics services, or advertising networks are integrated in this App.
9. Data Security
- All firewall rules and DNS logs are stored in an encrypted-at-rest SQLite database on your device, protected by Android's application sandbox.
- No sensitive data is transmitted to our servers (we operate no backend servers for this App).
- Blocklist downloads and DNS forwarding use standard HTTPS/UDP connections.
10. Children's Privacy
This App does not knowingly collect any information from children under the age of 13. The App does not collect personal information from any user.
11. Data Retention
All data (logs, rules, settings) is stored locally on your device. You can delete all App data at any time via Android Settings → Apps → TacU-NS Firewall → Clear Data. Uninstalling the App removes all locally stored data.
12. Your Rights
Since we do not collect or store any personal data on our servers, there is no personal data held by us to access, correct, or delete. For data stored on your device, you retain full control through Android's app data management.
13. Changes to This Policy
We may update this Privacy Policy when new features are added. The "Last updated" date at the top will reflect the most recent revision. Continued use of the App after changes constitutes acceptance of the updated policy.
14. Contact
If you have questions about this Privacy Policy, contact us at: