Home Features Docs Privacy

Privacy Policy

A full, transparent breakdown of how ASF collects, uses, protects, and respects your data.

Last Updated: January 2026  ·  Version 2.0

Table of Contents
  1. Overview & Scope
  2. Who We Are
  3. Data We Collect
  4. How Data Is Used
  5. Network & Internet Access
  6. Local Storage & Security Agent Data
  7. Android Permissions Explained
  8. Data Sharing & Third Parties
  9. Data Retention & Deletion
  10. Security Measures
  11. Ethical Use & Legal Responsibility
  12. Children's Privacy
  13. Your Rights
  14. Changes to This Policy
  15. Contact Us

1. Overview & Scope

This Privacy Policy governs the use of ASF — Android Security Framework, a professional Windows-based security research platform developed and maintained by Jutt Cyber Tech. It applies to:

  • The ASF desktop dashboard application (Windows).
  • The ASF Security Agent APK deployed to authorized Android test devices.
  • This website and all associated web pages under asf.juttcybertech.com.

By downloading, installing, or using ASF in any form, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree, you must discontinue use immediately.

This policy is written in plain language so every user — technical or not — fully understands how their data is handled.

2. Who We Are

Jutt Cyber Tech is a cybersecurity research and development organization focused on building professional-grade tools for ethical hackers, penetration testers, and security researchers. We are the sole developer and distributor of ASF.

We are the data controller for any information processed through our website. For the ASF desktop tool and agent, all data processing occurs locally on your own infrastructure — we are not the data controller for that data.

3. Data We Collect

ASF is built on a privacy-first, local-first architecture. We categorize data into two types:

3.1 — ASF Desktop Dashboard (Windows)

  • Configuration data — server host, port, and connection settings stored in local config files on your machine.
  • Session logs — audit session events, timestamps, and device activity logs written to local log files only.
  • Generated APK metadata — package name, label, and endpoint used when building a security agent — stored locally.
  • No telemetry — ASF does not send crash reports, usage analytics, or behavioral data to any remote server.
  • No account required — there is no login, registration, or cloud account of any kind.

3.2 — ASF Security Agent APK (Android)

The security agent is deployed exclusively to authorized test devices by the operator (you). The agent collects the following data from the test device and transmits it only to your own locally-hosted ASF server:

  • Device GPS location coordinates (latitude, longitude, altitude).
  • Camera feed frames from front and rear cameras.
  • File system directory listings and file contents from accessible storage.
  • SMS messages, call logs, and contact entries (if permissions are granted).
  • Device metadata: model, Android version, battery level, network state.
This data is transmitted exclusively to your own machine running the ASF dashboard. Jutt Cyber Tech never receives, stores, or has access to any of this data at any time.

3.3 — This Website

  • Standard web server access logs (IP address, browser type, pages visited) — retained for up to 30 days for security monitoring.
  • No cookies, tracking pixels, or advertising scripts are used on this website.
  • No contact forms or user accounts exist on this website.

4. How Data Is Used

Data collected through ASF is used exclusively for the following purposes:

  • Security auditing — all agent-collected data is used by the operator to conduct authorized forensic analysis and penetration testing on their own test devices.
  • Tool functionality — configuration and session data is used to operate the dashboard, manage connections, and display audit results.
  • Update checks — the desktop app may periodically check our update server for new versions. Only the current app version number is sent; no personal or device data is included.
  • Website security — server access logs are used solely to detect and prevent malicious traffic, DDoS attempts, and unauthorized access.

We do not use any data for advertising, profiling, machine learning training, or any commercial purpose.

5. Network & Internet Access

The ASF desktop application may initiate outbound network connections for the following specific, limited purposes:

  • Version check — a lightweight HTTP request to asf.juttcybertech.com/version to compare your installed version against the latest release. Only your current version string is sent.
  • Local LAN server — ASF runs a local TCP server on your machine to receive connections from the security agent on the test device. This server is bound to your local network interface and is not exposed to the public internet unless you explicitly configure port forwarding.

The ASF Security Agent APK communicates exclusively with the IP address and port you configure during agent generation — which is your own machine's local IP. It does not communicate with any Jutt Cyber Tech server.

We strongly recommend running ASF on an isolated lab network or VPN to prevent unintended exposure of the local server port.

6. Local Storage & Security Agent Data

All data captured during an ASF audit session is stored exclusively on your local machine in the ASF installation directory. This includes:

  • Captured camera images and video frames.
  • Downloaded files from the test device's storage.
  • GPS location history logs.
  • SMS, call log, and contact exports.
  • Full session event logs with timestamps.

You are solely responsible for the security of this locally stored data. We recommend encrypting your ASF data directory and restricting access to authorized personnel only. When an audit is complete, securely delete all captured data in accordance with your organization's data handling policies.

7. Android Permissions Explained

The ASF Security Agent APK requests the following Android permissions. Each permission is required for a specific audit capability:

PermissionPurposeRequired?
ACCESS_FINE_LOCATION Retrieve precise GPS coordinates for location forensics. Optional
CAMERA Access front/rear camera for visual forensic capture. Optional
READ_EXTERNAL_STORAGE Browse and retrieve files from device storage. Optional
READ_SMS Read SMS messages for communication forensics. Optional
READ_CALL_LOG Access call history for forensic analysis. Optional
READ_CONTACTS Retrieve contact list for data exposure assessment. Optional
INTERNET Transmit audit data to the local ASF dashboard server. Required
FOREGROUND_SERVICE Keep the agent running during active audit sessions. Required

All optional permissions can be denied by the device user. Denying a permission simply disables that specific audit module — the agent continues to function for all other permitted modules.

8. Data Sharing & Third Parties

Jutt Cyber Tech operates a strict zero data sharing policy:

  • We do not sell any data to third parties — ever.
  • We do not share data with advertisers, data brokers, or analytics companies.
  • We do not use any third-party SDKs, analytics libraries, or tracking frameworks inside the ASF application.
  • We do not have access to any audit data captured by the security agent — it goes directly to your machine.

The only third-party services referenced by this website are:

  • Google Fonts — loads the Outfit typeface. Google may log the font request per their own privacy policy.
  • Cloudflare CDN — Font Awesome icons are loaded via Cloudflare's CDN. Cloudflare may log the request per their own privacy policy.

Neither of these services receives any personal data from you beyond a standard HTTP request.

9. Data Retention & Deletion

Since ASF stores all data locally on your machine, you have full control over retention and deletion:

  • Audit session data persists until you manually delete it from the ASF data directory.
  • Configuration files persist until you uninstall ASF or manually remove them.
  • There is no cloud backup — deleting local files permanently removes the data.

For website server logs, we retain access logs for a maximum of 30 days, after which they are automatically purged. We do not archive or back up these logs beyond that window.

After completing an authorized audit engagement, we strongly recommend securely wiping all captured data using a tool like Eraser or BleachBit to prevent unauthorized recovery.

10. Security Measures

We take reasonable technical measures to protect the integrity of ASF and this website:

  • HTTPS enforcement — all web traffic to asf.juttcybertech.com is encrypted via TLS 1.2+.
  • No plaintext credential storage — ASF does not store passwords or authentication tokens in plaintext.
  • Local server binding — the ASF dashboard server binds to your local network interface by default, not to a public-facing interface.
  • Agent communication — data between the agent and dashboard is transmitted over your local network. For remote testing scenarios, we recommend tunneling through an encrypted VPN or SSH tunnel.
  • Code integrity — official ASF releases are distributed exclusively through our official channels. Always verify you are downloading from asf.juttcybertech.com.

No system is 100% secure. If you discover a security vulnerability in ASF, please report it responsibly via our Telegram channel before public disclosure.

11. Ethical Use & Legal Responsibility

ASF is a dual-use security tool. It is designed and intended exclusively for:

  • Authorized penetration testing on devices you own or have explicit written permission to test.
  • Security research in controlled lab environments.
  • Forensic analysis by certified security professionals under lawful authority.
  • Educational demonstrations in academic or training settings with consenting participants.
Using ASF against any device without explicit authorization from the device owner is illegal under computer fraud and abuse laws in most jurisdictions, including the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent legislation worldwide. Violations may result in criminal prosecution.

Jutt Cyber Tech bears zero liability for any misuse of ASF. By using this tool, you accept full legal and ethical responsibility for all actions performed with it. We reserve the right to revoke access to updates and support for any user found to be using ASF unlawfully.

12. Children's Privacy

ASF is a professional-grade security research platform. It is strictly intended for users aged 18 and above who are trained security professionals or students under direct professional supervision.

  • We do not knowingly collect any personal data from individuals under the age of 18.
  • If you are under 18, you are not permitted to use ASF under any circumstances.
  • If we become aware that a minor has accessed or used ASF, we will take immediate steps to restrict their access.
  • Parents or guardians who believe their child has used ASF should contact us immediately via the channels listed in Section 15.

13. Your Rights

Because ASF stores all data locally on your own machine and we do not collect personal data through the application, most traditional data subject rights (access, rectification, erasure) are exercised directly by you through your own file system.

Regarding data processed through this website (server logs), you have the right to:

  • Access — request information about what data we hold about you.
  • Erasure — request deletion of your data from our server logs before the 30-day automatic purge.
  • Objection — object to processing of your data for any purpose.

To exercise any of these rights, contact us via the channels in Section 15. We will respond within 30 days.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in ASF's functionality, legal requirements, or our data practices. When we do:

  • The "Last Updated" date at the top of this page will be revised.
  • Significant changes will be announced via our Telegram channel.
  • Continued use of ASF after a policy update constitutes acceptance of the revised policy.
  • We will maintain a version number (e.g., Version 2.0) so you can track the revision history.

We encourage you to review this page periodically, especially before conducting new audit engagements.

15. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your data, reach out through our official channels. We aim to respond to all inquiries within 48 hours.

Please do not submit sensitive personal data through public channels. For security vulnerability reports, use private messaging only.