Gemma Guard — Privacy Policy
Last updated: 2026-05-14
Scope
This privacy policy applies to the Gemma Guard
Android application distributed through the Google Play Store
(package org.gemmaguard.android), published by
Pavel Kerbel.
A separate open-source reference implementation is published at github.com/GemmaGuard/gemma-guard-android for the Google Gemma 4 Good Hackathon. That source repository is provided for transparency and review only and is not covered by this policy. If you build the app yourself from source or install it from any channel other than the Google Play Store, you are responsible for its data handling and this policy does not apply.
Summary
Gemma Guard analyzes screenshots for phishing entirely on your phone. We do not collect, store, or transmit your personal data or any content you scan. There is no account, no telemetry, and no analytics.
What we collect
Nothing. Gemma Guard does not transmit screenshots, extracted text, scan results, device identifiers, IP addresses, or any other personal information to us or any third party.
Permissions and why each is needed
- Display over other apps: Required to render the floating capture button that lets you trigger a scan from any app. The button only appears while a capture session is active.
- Screen capture (MediaProjection): Required to take a single screenshot when you tap the capture button. The screenshot is held briefly in app memory and a temporary cache file, both deleted after analysis completes.
- Notifications: Required by Android to display the foreground service notification while a screen capture session is active and while the Gemma 4 model is downloading.
- Internet and network state: Used only to download the Gemma 4 model file from Hugging Face Hub on first launch. Once the file is downloaded, no further network traffic is generated by Gemma Guard. The phishing analysis itself runs entirely offline.
- Foreground service (data sync): Required to keep the one-time model download active when the app is backgrounded.
- Foreground service (media projection): Required by Android 14+ to perform screen capture in the background.
Model download
On first launch, Gemma Guard downloads the Gemma 4 model file (~2 GB)
from Hugging Face Hub. The file is served from a public,
unauthenticated URL hosted by the litert-community
organization, the Google AI Edge team's community space on Hugging
Face Hub.
The download uses HTTPS. We (the Gemma Guard developers) do not operate the hosting server and do not have access to download logs. Hugging Face Hub, as the hosting infrastructure, may log connection metadata in line with its own privacy policy (https://huggingface.co/privacy). After download completes, the file is verified by SHA-256 and stored in private app storage. No further network traffic is generated.
Local data storage
The following data is stored locally on your device only:
- The Gemma 4 model file (~2 GB) in the app's private storage.
- A short scan history of up to 10 recent results.
- Temporary screenshot files used during sharing, deleted on a best-effort basis when the app exits.
This data is excluded from Android's Auto Backup, so it is not transferred to your Google account or to a new device. Uninstalling Gemma Guard removes all of it.
Third-party software
Gemma Guard uses the following components that run on your device only and do not transmit data to their authors:
- Google AI Edge LiteRT-LM (model runtime)
- Google ML Kit Text Recognition (on-device OCR)
- Google Gemma 4 (the on-device language model)
- OkHttp (one-time HTTPS download of the model from Hugging Face Hub)
These libraries operate locally. They do not phone home, send analytics, or upload your screenshots.
Children's privacy
Gemma Guard is not directed to children under 13 and does not knowingly collect data from anyone — children included.
Changes to this policy
If we change this policy, we will update the "Last updated" date above. Material changes will be reflected in the app's onboarding flow on the next update.
Contact
For questions about this policy: