Privacy Policy for Scan & Store

Last updated: June 27, 2026

1. Controller and Contact

This Privacy Policy explains how Scan & Store processes personal data in connection with the Scan & Store mobile application and its included extensions.

Controller

  • Morten Ottow
  • Tulpenstrasse 4
  • 12203 Berlin
  • Germany

General contact

  • support@scan-and-store.com

Privacy contact

  • support@scan-and-store.com

Data Protection Officer

No Data Protection Officer has been appointed unless expressly stated otherwise here.

    2. Scope of this Privacy Policy

    This Privacy Policy applies to

    • the Scan & Store iOS application;
    • the Scan & Store Share Extension;
    • the Scan & Store Document Picker Extension;
    • the Scan & Store File Provider Extension; and
    • the Scan & Store website, support pages, publicly accessible legal pages, and public Split Bill receipt-sharing pages to the extent they are used in connection with the app, contact requests, public product information, or shared receipt item selection.

    This Privacy Policy does not automatically cover a separate companion or standalone application unless that product is separately distributed and expressly linked to this notice.

    3. How Scan & Store Works

    Scan & Store is a local-first document app. We do not operate a general hosted document storage backend for user documents.

    Documents are generally stored and processed locally on your device unless you actively choose to

    • import content from an external source;
    • export or share content;
    • connect a third-party cloud provider; or
    • use an optional AI assistance function after separate consent and an active user request; or
    • use purchase, restore, or subscription-related functions provided through Apple and RevenueCat.

    Core scanning, local storage, OCR, archive organization, editing layers, and many viewer functions are designed to work primarily on-device.

    In the current public V1, archive documents are intended to remain in the app's private local storage area on your device unless you export, share, or enable a cloud connection. If you enable cloud sync or cloud-linked restore, the selected provider may also receive readable PDF files, filenames, folder structure, and technical restore or sync metadata used by the app.

    Split Bill is a limited sharing feature and an exception to the general local-only archive model. If you create or open a Split Bill link, structured receipt item data and participant selection status data may be processed through the public Split Bill page and supporting Supabase/Vercel infrastructure so participants can choose receipt items. The public Split Bill page works with structured item/text data and does not upload, display, or download the original receipt image or PDF itself.

    Optional AI assistance for naming or metadata suggestions is another exception to the purely local processing model. It is not started automatically after scan, import, or OCR. If you actively use such an AI function and have consented beforehand, document context relevant to that specific function may be transmitted through supporting app infrastructure to an external AI provider. AI results remain suggestions until you confirm them in the app.

    If your documents contain special categories of personal data or particularly sensitive content, such as health records, identity documents, financial records, or data about other people, use external AI, cloud sync, Split Bill, support messages, and exports only where this is necessary for your purpose and you have the required permission or legal basis.

    4. Storage Zones

    The currently shipped public V1 stores archive documents in a standard local archive within the app's private storage area on your device. Certain imports may temporarily pass through a shared local staging zone used by extensions and handoff flows before being copied into the archive or cleaned up. The public V1 does not expose or require a separate Vault feature.

    5. Categories of Personal Data

    Depending on how you use the app, we may process the following categories of personal data

      User-provided and document-related data

      • scanned documents;
      • PDF files;
      • imported images;
      • imported files;
      • previews and thumbnails;
      • titles, tags, document types, folder selections, and user-entered metadata;
      • user-created notes, annotations, signatures, markups, and redaction rectangles; and
      • depending on your use of the app, document contents that may include financial records, contracts, identity documents, health-related documents, or other sensitive content you choose to scan, import, store, or sync.

      Locally generated content and metadata

      • OCR text;
      • OCR suggestions;
      • detected dates, sender suggestions, type suggestions, headings, and similar recognition metadata;
      • duplicate-detection fingerprints and visual matching data;
      • archive, restore, and sync metadata, which may include document titles, sender information or sender suggestions, document types, OCR text, and related local state used for restore or continuity flows;
      • cloud replica metadata, including remote identifiers, verification state, and related sync state;
      • technical file references, timestamps, and processing state.

      Security and authentication data

      • Keychain-bound authentication data;
      • provider access tokens;
      • provider refresh tokens where applicable;
      • app-lock or device-authentication state, where enabled by you.

      Subscription and entitlement data

      • subscription status;
      • entitlement state;
      • product identifiers;
      • restore-related status information;
      • purchase and billing-related metadata provided via Apple and RevenueCat.

      Technical and session data

      • technical session state;
      • provider session validation data;
      • connection state;
      • limited installation or device-context identifiers used for connection integrity, including the pCloud connection flow;
      • limited authentication, connection-integrity, abuse-prevention, and error-diagnostics data used in connection with supporting provider connection functions; and
      • basic technical integrity and error information required to provide, secure, and troubleshoot the service.

      AI assistance data, if you actively use an external AI function and have consented

      • status and version of your AI consent;
      • document context relevant to the specific AI function, for example document image, PDF excerpt, OCR/recognition context, or metadata to the extent required for the requested suggestion function;
      • requested AI purpose, language, timestamp, technical processing metadata, and result status;
      • suggestions, confidence/evidence indicators, or reasoning generated by the AI provider to the extent the app displays them or processes them as a local draft; and
      • local confirmation or rejection state of suggestions.

      Split Bill data, if you create or open a Split Bill link

      • private share-link identifier;
      • receipt title, merchant name, currency, total amount, expiry status, and related session status;
      • recognized receipt item names, amounts, quantities, and calculated participant shares;
      • participant names entered by participants;
      • browser-local participant identifier used to keep one participant's selection separate from other participants using the same display name;
      • selected receipt items, selected quantities, selection status, and related timestamps;
      • optional PayPal.me link provided by the Split Bill creator; and
      • technical operational, integrity, and abuse-prevention data required to operate the public Split Bill page.

      Analytics and diagnostics data (TelemetryDeck, Firebase Analytics, Firebase Crashlytics, Firebase Performance Monitoring, or comparable diagnostics), if enabled in the shipped app version

      • app launch events;
      • feature usage and workflow/screen events;
      • generic success/failure and reliability states;
      • subscription/paywall interaction state;
      • privacy-preserving installation/device identifier; and
      • technical diagnostics used for product quality, performance, crash investigation, and reliability analytics.

      Analytics and diagnostics exclusion scope

      • we do not send document contents, OCR text, complete AI request texts, transmitted AI document contents, complete AI provider responses, filenames, file paths, cloud provider credentials, raw search queries, PDFs, images, scanned pages, receipt item names, receipt amounts, participant names, PayPal.me links, or Split Bill selection contents as analytics, crash, or performance events.

      Website/contact data, if applicable

      • standard server log data when you access our website, support pages, or legal pages;
      • contact details and message contents if you contact us.

      6. Sources of Personal Data

      We collect personal data from the following sources

        Directly from you

        • when you scan, import, edit, organize, export, share, delete, or connect a cloud provider;
        • when you contact us;
        • when you create notes, tags, titles, signatures, or other editing layers;
        • when you actively request an AI function, grant or withdraw consent, or accept or reject an AI suggestion;
        • when you create a Split Bill link, enter a participant name, select receipt items, or provide an optional PayPal.me link.

        From your device and the operating system

        • when the app processes scans, files, previews, OCR, biometrics-based unlock flows, file-provider interactions, or app-group imports;
        • when Apple frameworks provide system-level file, picker, authentication, or entitlement information.

        From Apple

        • for App Store distribution;
        • for in-app purchases;
        • for subscription management;
        • for restore flows;
        • for Apple system containers and related Apple platform functions you use.

        From RevenueCat

        • for product loading;
        • for entitlement resolution;
        • for subscription state handling; and
        • for purchase restoration support.

        From analytics and diagnostics providers, if enabled in the shipped app version

        • analytics ingestion, crash diagnostics, performance diagnostics, and reporting for privacy-friendly product quality events generated by app usage.

        From third-party cloud providers selected by you

        • from Google Drive, Dropbox, or pCloud when you connect such a provider, validate the connection, upload files, download files, restore files, or manage archive folders used by the app, including related readable filenames, folder structure, and technical restore or sync metadata required by the integration.

        From Supabase

        • for limited authentication and connection functions in connection with the pCloud connection flow;
        • for Split Bill session, item, participant selection, participant display-name, and link-security data when you use public Split Bill links; and
        • for coordinated forwarding of optional AI requests to the named AI provider when you actively use an AI function and have consented; and
        • not as a general document-storage backend or file proxy for your archive documents.

        From Anthropic or another AI provider named in the app

        • AI suggestions, confidence/evidence indicators, or reasoning when you actively use an external AI function and have consented.

        From Vercel and website infrastructure

        • technical access, routing, and security data when you access the public website, legal pages, support pages, or a public Split Bill link.

        7. Purposes of Processing and Legal Bases

        We process personal data for the following purposes and on the following legal bases under Article 6 GDPR.

        7.1 Providing core app functionality

        Purpose

        • scanning documents;
        • locally storing documents and previews;
        • generating OCR text and recognition suggestions;
        • organizing documents;
        • exporting and sharing files;
        • creating and opening public Split Bill links for receipt item selection where available;
        • providing archive, viewer, and editing functions;
        • providing direct cloud connection, synchronization, restore, related file access, and related metadata-continuity functions;
        • providing subscription, entitlement, and restore functions.

        Legal basis

        Article 6(1)(b) GDPR, performance of a contract or steps taken at your request before entering into a contract.

          7.2 Maintaining security, integrity, and abuse prevention

          Purpose

          • protecting access to the app;
          • validating provider sessions;
          • preventing abuse, fraud, bot activity, and unauthorized use;
          • ensuring integrity of connection flows;
          • limiting misuse of cloud connection flows;
          • troubleshooting technical issues;
          • protecting legal claims and defending rights.

          Legal basis

          Article 6(1)(f) GDPR, legitimate interests.

            Legitimate interests

            security of our app and systems, prevention of misuse, preservation of service integrity, technical stability, and enforcement or defense of legal claims.

              7.3 Fulfilling legal obligations

              Purpose

              • complying with legal obligations that may apply to us, including tax, accounting, bookkeeping, or regulatory retention obligations where applicable.

              Legal basis

              Article 6(1)(c) GDPR, compliance with a legal obligation.

                7.4 Operating legal pages and responding to contact requests

                Purpose

                • operating our website, legal pages, and privacy-policy URL;
                • operating our public support pages and contact channels;
                • processing technically necessary server logs and access data;
                • responding to contact requests and support-related inquiries received outside the app; and
                • protecting the security, availability, and legal integrity of those pages and contact channels.

                Legal basis

                Article 6(1)(b) GDPR where your request relates to the use of the app or a contractual relationship, and otherwise Article 6(1)(f) GDPR, legitimate interests.

                  Legitimate interests

                  providing legally required information, maintaining secure and reliable public pages, responding to contact requests, and protecting our rights.

                    7.5 Product analytics, diagnostics, and reliability measurement

                    Purpose

                    • understanding feature usage and workflow reliability;
                    • measuring app quality and generic success/failure states; and
                    • improving product stability and UX decisions.

                    Legal basis

                    Article 6(1)(f) GDPR, legitimate interests.

                      Legitimate interests

                      operating a reliable app, prioritizing fixes, and improving core product quality without processing document content analytics.

                        7.6 Split Bill shared receipt links

                        Purpose

                        • creating private, unlisted Split Bill links for receipt item selection;
                        • showing structured receipt items, quantities, amounts, participant names, selection status, and remaining availability to people who open the link;
                        • saving participant item selections;
                        • keeping one participant's browser-local selection separate from other participants' selections;
                        • generating an external PayPal.me handoff link when the Split Bill creator provides a PayPal.me link; and
                        • protecting the public Split Bill page against misuse, inconsistent selections, unauthorized changes, and automated abuse.

                        Legal basis

                        Article 6(1)(b) GDPR, performance of a contract or steps taken at your request before entering into a contract, and Article 6(1)(f) GDPR, legitimate interests, for security, abuse prevention, and link integrity.

                          Legitimate interests

                          providing a reliable shared receipt item-selection flow, preserving link integrity, preventing misuse, and keeping participants' own selections separate from other participants' selections.

                            7.7 Optional AI Assistance

                            Purpose

                            • generating AI-assisted naming or metadata suggestions only after your active request;
                            • transmitting document context required for the specific request to the named AI provider;
                            • showing AI suggestions as reviewable drafts;
                            • managing your AI consent with versioning and respecting withdrawal for the future; and
                            • keeping technical audit metadata without document content, complete AI request text, OCR text, or complete AI provider response where required for evidence, security, and abuse prevention.

                            Legal basis

                            Article 6(1)(a) GDPR, consent, for transmitting document context to an external AI provider. Article 6(1)(b) GDPR may additionally apply to the local provision of the suggestion function you requested.

                              Withdrawal

                              You may withdraw AI consent at any time for the future. Completed requests cannot be undone retroactively; new external AI requests are not started without the required consent.

                                8. Permissions and On-Device Processing

                                Scan & Store uses the following permissions and device-level functions.

                                Camera

                                The camera is used to scan documents.

                                  System pickers for photos and files

                                  The current V1 uses Apple system pickers to let you choose files or images and does not request general photo-library access where those system pickers are sufficient.

                                    Device authentication

                                    The app may optionally use Face ID, Touch ID, or device passcode authentication for app-lock, depending on your device and configuration. The current V1 does not require app-lock by default. When device authentication is used, the app receives only the result of the authentication check and does not access Face ID data associated with the enrolled face.

                                      On-device OCR

                                      OCR and related suggestion logic are processed on-device using Apple frameworks.

                                        Optional external AI assistance

                                        External AI assistance is not part of normal local OCR. It is used only after an active request and the required consent, and it may transmit document context to an AI provider named in the app.

                                          Motion/CoreMotion

                                          When scanning, the app may use device motion data to improve orientation or capture stability. Motion data is processed locally, is not used for fitness or health tracking, and is not sent to our servers.

                                            Push notifications

                                            The current V1 does not request push-notification or remote-notification permission.

                                              9. Recipients, Third Parties, and Services

                                              We may disclose or make data accessible to the following categories of recipients, depending on how you use the app.

                                              Where service providers act on our behalf, we require appropriate contractual or equivalent safeguards for the protection of personal data, including data processing agreements, standard contractual clauses, or equivalent safeguards where required for the relevant role, data category, and transfer. Before publication, the provider role, purpose, data categories, region, transfer basis, retention logic, and contractual evidence for the final build must be checked and documented internally for each provider.

                                              Apple

                                              • for app distribution through the App Store;
                                              • for in-app purchase billing;
                                              • for subscription management and restore;
                                              • for Apple system services and containers you use;
                                              • for iOS and platform-level security and authentication functions.

                                              RevenueCat

                                              • to load products;
                                              • to resolve entitlements;
                                              • to reflect purchase status; and
                                              • to support purchase restoration.

                                              TelemetryDeck, Firebase Analytics, Firebase Crashlytics, Firebase Performance Monitoring, or comparable analytics and diagnostics services (if enabled in the shipped app version)

                                              • to process privacy-friendly product analytics events and technical diagnostics used for reliability, performance, crash investigation, and product improvement;
                                              • not for advertising tracking;
                                              • not for sale of personal data; and
                                              • not for document-content, OCR-text, filename, receipt-item, participant-name, payment-link, or Split Bill selection analytics.

                                              Supabase

                                              • for limited authentication and connection functions in connection with pCloud;
                                              • for public Split Bill session, item, participant selection, participant display-name, and link-security data;
                                              • for coordinated forwarding of optional AI requests to the named AI provider after your active request and consent;
                                              • not as a general document-storage backend;
                                              • not as a file proxy for user document contents.

                                              Anthropic or another AI provider named in the app

                                              • for optional AI-assisted naming or metadata suggestions when you actively use the AI function and have consented;
                                              • document context required for the specific request may be processed for that purpose;
                                              • AI results remain suggestions and are not automatically adopted as final document data.

                                              Vercel and website hosting infrastructure

                                              • for hosting and routing the public website, legal pages, support pages, and public Split Bill participant pages;
                                              • for technically necessary access handling, security, and access logs.

                                              Google Drive, Dropbox, and pCloud

                                              • if you choose to connect one of these providers, readable PDF files, filenames, folder paths, sync or restore metadata, and related cloud folder information are processed by that provider in accordance with your actions and that provider’s own terms and privacy notice;
                                              • depending on the feature, restore or sync metadata may include document titles, sender information, document types, OCR text, and related local state used for restore or continuity flows; and
                                              • for Google Drive, the current shipped connection flow requests the full Google Drive scope `https://www.googleapis.com/auth/drive` as currently implemented in the app. This may permit broader Drive access than a single app-specific folder.

                                              Website or hosting providers

                                              • if you access our website, support pages, legal pages, or contact routes hosted by us or on our behalf, our hosting provider may process technically necessary access data.

                                              PayPal / PayPal.me

                                              • if a Split Bill creator provides a PayPal.me link and you choose to open it, PayPal is opened externally and processes your interaction under PayPal's own terms and privacy notices;
                                              • Scan & Store does not process payments, hold funds, or receive your payment card details through the Split Bill feature.

                                              Important clarification

                                              If you connect Google Drive, Dropbox, or pCloud, your files are transferred directly between your device and the selected provider. Supabase is used for limited authentication and connection functions in connection with pCloud and for structured Split Bill link data. Supabase is not used as a general document-storage backend or file proxy for your archive documents.

                                              If you use an external AI function, document context required for that function may be transmitted to the AI provider named in the app. We do not advertise general provider-retention or comparable provider commitments unless they are expressly confirmed in the specific provider and consent text.

                                                10. Imports, Extensions, and Direct Network Contacts

                                                Share Extension

                                                The Share Extension can copy files and images into a shared local import zone used by the app as a temporary staging area and subject to app cleanup.

                                                  Direct URL imports

                                                  When you import content from an http or https link via the Share Extension, the extension may contact the third-party server hosting that resource directly in order to retrieve the file.

                                                    Document Picker and File Provider

                                                    The Document Picker Extension and File Provider Extension operate with the same shared import and app-group-based local zone. The current V1 File Provider is import-oriented and is not described as a general browser for the private archive stored inside the app. Imported content is generally copied into the app's private storage rather than exposing the archive through open-in-place access.

                                                      11. Payments and Subscriptions

                                                      Subscriptions are billed by Apple through the App Store. We do not receive your full payment card details.

                                                      RevenueCat is used to

                                                      • load subscription products;
                                                      • resolve entitlements;
                                                      • reflect subscription status; and
                                                      • support purchase restoration.

                                                      Apple handles billing, payment processing, App Store subscription management, and related restore mechanisms.

                                                      Subscription and entitlement data are used to determine whether premium features are unlocked and to support restore flows. Without an active subscription, the current V1 may still provide basic viewing and export of existing locally stored documents, while scanning, importing, editing, organization, and cloud sync functions may be restricted.

                                                      11A. Split Bill and Shared Receipt Links

                                                      Split Bill lets a creator share a private, unlisted link for receipt item selection.

                                                      Anyone who has the link may be able to open the Split Bill page unless the link has expired, been closed, been deleted, or otherwise been deactivated.

                                                      Split Bill processes structured receipt information such as receipt title, merchant name, currency, total amount, recognized item names, item amounts, item quantities, participant names, selected items, selection status, and timestamps.

                                                      The public Split Bill web page does not upload, display, or download the original receipt image or PDF itself. It uses structured receipt item/text data needed to show and select items.

                                                      The Split Bill creator may provide an optional PayPal.me link. PayPal.me opens externally. Scan & Store does not process payments, hold money, settle debts, decide payment obligations, or receive payment card details through Split Bill.

                                                      Active Split Bills remain available until the creator closes or deletes them, or until the configured expiry or deactivation takes effect. After closure, deletion, expiry, or deactivation, shared links are intended to become invalid or inactive.

                                                      Participants' browser-local Split Bill data, such as a participant name, browser-local participant identifier, and draft selection, may remain in the browser's local storage until the participant clears browser storage or the app/page overwrites or removes that local data.

                                                      12. Editing Layers and Exports

                                                      Redactions, annotations, signatures, markups, notes, and similar edits are generally stored as local editing metadata or layers.

                                                      These local editing layers do not automatically overwrite

                                                      • the archived original document; or
                                                      • any cloud copy of the original file.

                                                      A modified version is typically created when you export a new derived file. This means the archived original and a cloud copy of the original file may remain unchanged even if local editing layers exist inside the app.

                                                      When you export or share a file, the resulting file leaves the app's protected local storage area and becomes subject to the destination, recipient, file name, and any service or platform you choose.

                                                      Password protection offered for PDF exports is PDF-based protection for that exported file and is not equivalent to end-to-end encryption or a ciphertext-only storage model.

                                                      An edited export may contain embedded redactions or other applied edits, while an export of the original file may remain the original file without those embedded changes.

                                                      13. International Transfers

                                                      Some recipients may process personal data outside the European Economic Area.

                                                      This may apply in particular depending on

                                                      • the third-party provider you choose to connect;
                                                      • the AI provider you use after active request and consent;
                                                      • Apple service infrastructure;
                                                      • RevenueCat service infrastructure;
                                                      • Supabase service infrastructure; or
                                                      • website and hosting infrastructure, if applicable.

                                                      Where required, we rely on

                                                      • adequacy decisions; or
                                                      • appropriate safeguards such as Standard Contractual Clauses.

                                                      The actual transfer situation depends on the service used and the processing chain triggered by your use of the app. You may contact us for more information about the safeguards used for a specific international transfer.

                                                      14. Retention and Deletion

                                                      We retain or delete data according to the following logic.

                                                      Local archive

                                                      Stored in the app's private local storage area until you delete the relevant document, reset the app, or otherwise remove local data.

                                                        Trash

                                                        Stored until you permanently clear the trash, the app cleans up the trash according to its lifecycle logic, or local reset/removal occurs.

                                                          Shared Import Inbox / app-group import zone

                                                          Stored as temporary staging data until import, deletion, cleanup, or reset, including lifecycle-based cleanup.

                                                            Cloud tokens and provider credentials in Keychain

                                                            Stored until you disconnect the provider, revoke access, or reset the app, subject to technical and legal requirements.

                                                              Subscription and entitlement data

                                                              Stored as long as required for subscription status handling, restore support, legal compliance, dispute handling, and related documentation.

                                                                Cloud copies and related restore or sync metadata at Google Drive, Dropbox, or pCloud

                                                                Stored until deleted at the respective provider or removed by you or by app actions triggered by you, subject to the provider’s own systems and retention logic. This may include readable PDF files, filenames, folder structure, and related restore or sync metadata stored with the connected provider.

                                                                  Website/contact data, if applicable

                                                                  Stored as long as necessary for the relevant request, legal retention obligations, or defense of legal claims.

                                                                    TelemetryDeck analytics data, if enabled

                                                                    Stored according to TelemetryDeck retention settings and as long as needed for aggregate reliability and usage analysis.

                                                                      Split Bill data

                                                                      Active Split Bill sessions, item data, participant names, participant selections, optional PayPal.me link references, and link status are retained until the creator closes or deletes the Split Bill, until the configured expiry or deactivation takes effect, or as long as needed for security, abuse prevention, legal compliance, dispute handling, and operational integrity.

                                                                        AI consent and audit metadata

                                                                        Status, version, timestamps, scope, and technical result state of an AI consent or AI request may be retained as long as required for evidence, withdrawal handling, security, abuse prevention, premium access validation, or legal compliance.

                                                                          AI request contents and provider responses

                                                                          We do not store complete AI request texts, transmitted document contents, PDFs, OCR text, or complete AI provider responses as diagnostics or product analytics logs. AI suggestions that you accept or continue to use as a draft may become part of local document metadata or local editing state. Retention by the external AI provider is governed by that provider's terms, applicable data-processing arrangements, and the consent text shown in the app.

                                                                          Depending on your device settings and Apple backup behavior, local app data may also be included in device backups, including iCloud backups, unless excluded from backup. Deleting content in the app does not automatically delete copies that may already exist in device backups or with third-party cloud providers.

                                                                            15. Your Rights

                                                                            Subject to the applicable legal requirements, you have the following rights under the GDPR

                                                                            • the right of access;
                                                                            • the right to rectification;
                                                                            • the right to erasure;
                                                                            • the right to restriction of processing;
                                                                            • the right to data portability;
                                                                            • the right to object;
                                                                            • the right to withdraw consent at any time, where processing is based on consent; and
                                                                            • the right to lodge a complaint with a supervisory authority.

                                                                            You may lodge a complaint, for example, with a supervisory authority in your place of habitual residence, place of work, or the place of the alleged infringement.

                                                                            Because many content-related data items are stored locally on your device, you can directly control or delete many such data items in the app itself, through app reset functions, by clearing local storage, by clearing the trash, or by disconnecting cloud providers.

                                                                            For data processed by Apple, RevenueCat, a connected cloud provider, or an AI provider you actively used, an additional request to the relevant provider may be necessary depending on the data and the role of the provider.

                                                                            16. Whether Providing Personal Data Is Required

                                                                            Some data and permissions are required to use specific functions.

                                                                            Examples

                                                                            • without camera access, scanning is not available;
                                                                            • without file or image selection through system pickers, import from those sources is not available;
                                                                            • without device authentication, app-lock is not available;
                                                                            • without cloud authentication, cloud connection and cloud sync functions are not available;
                                                                            • without AI consent and an active AI request, external AI suggestions are not available;
                                                                            • without a Split Bill link and the minimum selection data, the public Split Bill page cannot show or save receipt item selections; and
                                                                            • without purchase and entitlement data, premium functions cannot be unlocked.

                                                                            You are not generally required to provide all categories of data, but certain functions will not work without the data strictly necessary for those functions.

                                                                            17. Automated Decision-Making

                                                                            Scan & Store does not use exclusively automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

                                                                            OCR, recognition, date detection, sender suggestions, AI-assisted suggestions, type suggestions, duplicate detection, and similar features are convenience features only and do not constitute such decisions.

                                                                            18. Children

                                                                            Scan & Store is not directed to children. We do not knowingly process personal data from children in a manner prohibited by applicable law.

                                                                            19. Changes to This Privacy Policy

                                                                            We may update this Privacy Policy if our processing activities, technical setup, legal obligations, or services change.

                                                                            If we introduce materially changed processing, we will update this notice before or when the changed processing becomes relevant.

                                                                            Where required, related disclosures in App Store Connect or other platform disclosures will also be updated.

                                                                            20. Contact

                                                                            If you have questions about this Privacy Policy or wish to exercise your rights, please contact

                                                                            • Morten Ottow
                                                                            • Tulpenstrasse 4
                                                                            • 12203 Berlin
                                                                            • Germany
                                                                            • support@scan-and-store.com

                                                                            For abuse reports involving public Split Bill links or shared Split Bill content, contact support@scan-and-store.com and include "Split Bill abuse report" in the subject where possible.

                                                                            Please do not send highly sensitive original documents to support unless strictly necessary. Support is generally provided without routine review of document contents.