Privacy Policy for WristMSG
tech.benri.wristmsg)Summary (the important stuff in plain English)
- WristMSG does not collect, transmit, or store your personal data on any server we operate. We don't have servers that handle your data.
- All message content stays on your phone and watch. It never leaves the devices you own.
- We use no third-party analytics, advertising, or tracking SDKs.
- The only network connection WristMSG makes is between your phone and your paired Wear OS watch via Google's standard Wear OS Data Layer (operated by Google, not us).
- No Google API authentication. WristMSG does not log into your Google account, does not request OAuth scopes, and does not call the Google Chat API. It reads Google Chat notifications via Android's standard
NotificationListenerServicepermission, which you grant explicitly.
If you're an IT administrator evaluating WristMSG for fleet deployment: there is no data-processing agreement (DPA) we can sign, because there is no data we process on your behalf. WristMSG is a stateless, on-device app.
1. Introduction
BenriTech ("we," "us," or "our") is committed to protecting your privacy. This policy explains how WristMSG handles data when you use our Wear OS application.
WristMSG is published by Technical Initiative, LLC, a US-registered entity with operations in Yokohama, Japan.
2. What WristMSG does
WristMSG is an Android app (with a Wear OS companion) that lets you reply to Google Chat messages from your Wear OS smartwatch. It works by:
- Reading incoming Google Chat notifications on your phone, with your explicit consent via Android's Notification Listener permission
- Forwarding a minimal subset of the notification (sender display name, recent message excerpt) to your paired Wear OS watch
- Sending your typed or dictated reply back to the phone, which uses the original Google Chat notification's reply intent to deliver it
WristMSG does not log into your Google account. It does not have OAuth tokens or API credentials. It reads notifications via Android's standard NotificationListenerService API — the same mechanism used by every notification-mirroring app on the Play Store.
3. Data we handle (and what we do with it)
Stored locally on your phone
| Data | Where | Why | Shared with us? |
|---|---|---|---|
| Recent contact metadata (display name, photo, space ID) | Android app-private storage, encrypted at rest by the OS | To populate the watch contact list | No |
Cached reply tokens (PendingIntent references from Google Chat notifications) | App-private RAM, briefly | To send your reply back through Google Chat's own notification mechanism | No |
| App settings (theme, keep-alive mode, first-name preference) | Android app-private storage, encrypted at rest by the OS | To remember your preferences | No |
| Premium unlock state | Android app-private storage, encrypted at rest by the OS | To remember whether you've purchased Premium | No (Google Play handles the purchase record) |
Sent over the network
| Data | Where it goes | Why |
|---|---|---|
| Contact list + reply requests | Your paired Wear OS watch, via Google's Wear OS Data Layer (Google Play Services) | To sync the watch UI. Encrypted by the Android system; never traverses our infrastructure. |
| Your Google Chat reply text | Google Chat itself, via the notification's reply PendingIntent | To deliver your reply, the same way the Android notification reply box does it. |
That's the entire list. WristMSG does not make any other network requests. We do not phone home, beacon, or collect telemetry.
Voice data
Voice-to-text processing is handled locally by the Android system or Google Assistant services running on your watch. WristMSG never receives, records, or transmits raw audio. We only receive the transcribed text from the system, after dictation completes.
Optional crash diagnostics (coming in v1.1)
A future version of WristMSG will include an opt-in crash diagnostics feature using Google Firebase Crashlytics. When that ships, it will:
- Be off by default and require explicit opt-in
- Send only crash stack traces, device model, and Android version — never message content, contact names, or any user data
- Be toggleable at any time in Settings
- Be force-disablable via Android Enterprise managed configuration for organization deployments
We will update this policy and clearly notify users before any crash reporting ships.
4. Permissions WristMSG requests
| Permission | Why | If you deny |
|---|---|---|
Notification access (BIND_NOTIFICATION_LISTENER_SERVICE) | To read incoming Google Chat notifications and forward them to your watch. Only notifications from com.google.android.apps.dynamite are processed; all others are ignored. | App cannot function — this is the core integration |
Post notifications (POST_NOTIFICATIONS, Android 13+) | To show the foreground service indicator and the listener-revoked alert | Background reliability degrades but core flow still works |
| Foreground service — connected device | To keep reply tokens alive while you're away from the phone | Tokens may be lost overnight; messages won't deliver until the next incoming Google Chat notification refreshes them |
| Boot completed | To re-start the keep-alive service after a phone reboot | Keep-alive feature won't auto-restart after reboot |
| Ignore battery optimizations (optional) | To survive aggressive battery management. Requested only after you explicitly enable keep-alive in Settings → Reliability. | Same as above |
We do not request location, contacts, camera, microphone, SMS, OAuth tokens, or any other sensitive permission.
5. Security Measures
- Storage at rest: All app data lives in Android's app-private encrypted storage. Other apps on the device cannot read it. Uninstalling WristMSG deletes everything.
- Phone-to-watch transport: Data transferred to the paired watch via the Wear OS Data Layer is encrypted by the Android system (over Bluetooth or Wi-Fi Direct, depending on pairing).
- No external endpoints: WristMSG makes no network requests to any server we operate, because we operate none.
- No persistent identifiers are generated by us or transmitted.
- Notification source verification: Only notifications originating from the official Google Chat package (
com.google.android.apps.dynamite) are processed. Notifications from other apps are ignored.
6. Third parties
WristMSG integrates with the following Google services as part of its normal operation. We do not control these services, and their respective privacy policies apply to data they handle:
- Google Wear OS Data Layer (operated by Google Play Services) — connects your phone and watch.
- Google Play Billing — handles in-app purchases. We never see your payment details.
- Google Chat — the source of the notifications WristMSG processes.
We do not use, embed, or integrate with any third-party analytics, advertising, attribution, or tracking SDKs.
7. Enterprise deployment (for IT administrators)
WristMSG is suitable for deployment to managed device fleets via Managed Google Play with standard Android Enterprise distribution.
For your security review:
- No data leaves the device other than the connections listed in §3 (verifiable with any network-inspecting MDM)
- No persistent identifiers are generated or transmitted
- No PII is collected by us — we have no servers to receive PII, and no DPA is required for that reason
- No advertising or marketing tracking
- No analytics SDKs
- No cloud account creation
For managed configuration (forced settings via MDM), see the WristMSG Deployment Guide . Advanced managed configuration support is on the v1.1+ roadmap; v1.0 supports standard Managed Google Play distribution.
8. International Disclosures
United States (CCPA)
We comply with the California Consumer Privacy Act (CCPA) and equivalent state laws.
- We do not sell or share personal information, because we collect none.
- Right to know: there is nothing on our side to disclose, because we hold no personal information about you. All your data is on your device, accessible to you directly.
- Right to delete: uninstalling the app deletes everything.
- Right to non-discrimination: not applicable, as we offer no service tier that depends on personal information.
Japan (APPI)
As a developer with operations in Japan, we comply with the Act on the Protection of Personal Information (個人情報の保護に関する法律 / APPI).
- Users have the right to request the deletion of any locally cached metadata. Uninstalling the app accomplishes this immediately.
- We do not transfer personal information cross-border because we collect none.
- For any other APPI inquiries, contact us at the email below.
European Union / United Kingdom (GDPR / UK GDPR)
While we do not have business establishment in the EU or UK, we offer WristMSG to users globally. Because we collect and process no personal data:
- We are neither a data controller nor a data processor under GDPR for any data WristMSG handles
- No DPA is required because there is no processing happening on our side
- Right to access / portability: there is nothing on our side to access; everything is on your device
- Right to erasure: uninstalling the app deletes everything
- Right to lodge a complaint: see contact below; you also retain the right to contact your local data protection authority
9. Children's privacy
WristMSG is not directed at children under 13. We do not knowingly collect any data from anyone, including children.
10. Changes to this policy
We will update this policy if anything material changes (e.g. when crash reporting ships, when managed configurations ship). The "Last Updated" date at the top will reflect the most recent change. Substantive changes will be announced in the Play Store listing's "What's New" section and via email to enterprise customers.
11. Contact & Representative
Developer entity: Technical Initiative, LLC (operating as BenriTech)
Operations: United States and Yokohama, Japan
Email: support@benri.tech
For enterprise / IT-admin specific questions, mention "Enterprise" in the subject line for priority routing.
For data deletion requests, security reports, or any privacy inquiry, the same email address handles all categories.