Stesh Stesh

Privacy Policy

How Stesh handles your data — and why there's almost nothing to say.

Effective: April 2026

The short version

1. Who we are

Stesh is an Android application developed by Knowledge Channels Technologies. The app encodes and decodes secret text messages hidden inside PNG images using steganography and AES-256 encryption. It operates entirely offline.

2. Information we collect

We collect nothing. Stesh does not collect, transmit, store remotely, or share any personal data, usage statistics, crash reports, analytics, or any other information about you or your device.

There are no third-party SDKs, advertising frameworks, or analytics libraries included in the app.

3. What stays on your device

All data generated by Stesh is stored locally on your device only:

Gallery images

Encoded images are saved to your device's Pictures/ folder via Android's MediaStore API. These are standard PNG files. Stesh does not upload, back up, or transmit them anywhere.

Scan cache

To avoid re-scanning your gallery on every launch, Stesh stores a small cache of scan results (URI, last-modified timestamp, whether a secret was detected) in Android's SharedPreferences under the app's private storage. This cache contains no message content — only metadata about which images have been scanned. It can be cleared at any time from Settings → Developer → Clear Cache.

User preferences

Two settings are persisted locally: whether the biometric vault lock is enabled, and whether encoding replaces images in-place. These are stored in app-private SharedPreferences and never leave the device.

Shared files

When you share a .stsh file, Stesh writes a temporary copy to the app's cache directory and passes it to the Android share sheet. The temporary file is managed by the OS and is not transmitted by Stesh.

4. Permissions

Stesh requests the following Android permissions:

Permission Why it's needed
READ_MEDIA_IMAGES Read images from your gallery to encode or decode secrets. Required on Android 13+.
READ_EXTERNAL_STORAGE Read gallery images on Android 12 and below.
WRITE_EXTERNAL_STORAGE Save encoded images to your gallery on Android 9 and below.
CAMERA Take a new photo directly from the app to encode a secret into it immediately.
USE_BIOMETRIC Authenticate with fingerprint or face unlock before opening the Vault. Biometric data is handled entirely by the Android system — Stesh never sees it.
READ_MEDIA_VISUAL_USER_SELECTED Support Android 14's partial photo access model.

No permission is used for any purpose other than what is described above.

5. Biometric data

Stesh uses Android's BiometricPrompt API to protect access to the Vault. Biometric authentication is performed entirely by the Android operating system. Stesh never accesses, processes, or stores any biometric data such as fingerprints or facial geometry.

6. Encryption

All messages encoded by Stesh are encrypted with AES-256-CBC before being written into image pixels. Encryption keys are derived on-device from image content and, optionally, a user-supplied password. No encryption keys are stored, transmitted, or recoverable by us.

We have no technical ability to decrypt your messages. If you lose your password, the message cannot be recovered.

7. Children's privacy

Stesh does not knowingly collect any information from anyone, including children under 13. As no data is collected at all, there is nothing to distinguish.

8. Changes to this policy

If we ever change how Stesh handles data — for example, if a future version adds optional crash reporting — this policy will be updated with a new effective date and a clear description of what changed. The updated policy will be available before the updated app version is published.

Given the offline-only nature of the app, we do not anticipate material changes.

9. Contact

If you have questions about this privacy policy or how Stesh works, you can reach us at:

info@kchannelstech.com