Privacy Policy

Last updated: May 26, 2026

Short version

Lava Security is designed so routine domain filtering happens locally on your device. Lava Security LLC does not receive your routine browsing history or a stream of domains your device contacts.

Who we are

Lava Security is provided by Lava Security LLC, a Wyoming limited liability company. You can contact us at support@lavasecurity.app. Privacy and legal requests can be sent to legal@lavasecurity.app.

Local filtering

Domain decisions are made from local rules and blocklists on your device. Local activity counts and optional local domain history are stored on your device for your own diagnostics. You can clear local domain history in the app.

Information we do not receive by default

We do not receive your normal browsing history, a live stream of DNS requests, passwords, payment card numbers, or the contents of the websites and apps you use.

Information the app may send

The app may contact Lava Security servers to fetch catalog metadata and safety guardrail metadata. When you enable a third-party blocklist, the app may fetch that list directly from the upstream source URL shown in Legal Notices or from a custom URL you entered. These requests help update protection data and are not used by Lava as a browsing-history feed.

Support and diagnostics

If you contact support, we receive the information you choose to send, such as your email address, message, app version, device details, and optional diagnostic information. Bug reports are designed to avoid including browsing history by default. If you choose to include a domain, screenshot, or other sensitive detail in a support message, we will receive that information.

Accounts and backup features

Core Lava Security protection does not require an account. If you choose encrypted backup, the app encrypts your protection settings on this device before upload. The encrypted payload may include enabled blocklist IDs, allowed domains, blocked domains, resolver settings, local-log preferences, custom blocklist source metadata, and a protection-enabled hint. Lava stores ciphertext and non-secret envelope metadata, but not your backup password, recovery phrase, plaintext settings, browsing history, or decryption keys.

Service providers

We use infrastructure providers to run the site, email routing, app distribution, and update services. These may include Cloudflare, Apple, Google, and other providers needed to deliver the app and support service. Selected DNS resolvers may also process DNS queries according to their own policies if you configure the app to use them.

Retention

Local app data remains on your device until you clear it or remove the app. Support messages and bug reports are retained only as long as reasonably needed to respond, debug, protect against abuse, and maintain business records.

Deletion requests

You can clear local domain history in the app. To request deletion of support messages or account-related data associated with your email address, contact legal@lavasecurity.app.

Children

Lava Security is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Changes

We may update this policy as the app changes. The "Last updated" date at the top of this page shows when the policy was last changed.