Last updated: April 5, 2026
This Privacy Policy explains how Scan & Store processes personal data in connection with the Scan & Store mobile application and its included extensions.
No Data Protection Officer has been appointed unless expressly stated otherwise here.
This Privacy Policy does not automatically cover a separate companion or standalone application unless that product is separately distributed and expressly linked to this notice.
Scan & Store is a local-first document app. We do not operate a general server-side document storage backend for user documents.
Core scanning, local storage, OCR, archive organization, editing layers, and many viewer functions are designed to work primarily on-device.
In the current public V1, archive documents are intended to remain in the app's private local storage area on your device unless you export, share, or enable a cloud connection. If you enable cloud sync or cloud-linked restore, the selected provider may also receive readable PDF files, filenames, folder structure, and technical restore or sync metadata used by the app.
The currently shipped public V1 stores archive documents in a standard local archive within the app's private storage area on your device. Certain imports may temporarily pass through a shared local staging zone used by extensions and handoff flows before being copied into the archive or cleaned up. The public V1 does not expose or require a separate Vault feature.
We process personal data for the following purposes and on the following legal bases under Article 6 GDPR.
Article 6(1)(b) GDPR, performance of a contract or steps taken at your request before entering into a contract.
Article 6(1)(f) GDPR, legitimate interests.
security of our app and systems, prevention of misuse, preservation of service integrity, technical stability, and enforcement or defense of legal claims.
Article 6(1)(c) GDPR, compliance with a legal obligation.
Article 6(1)(b) GDPR where your request relates to the use of the app or a contractual relationship, and otherwise Article 6(1)(f) GDPR, legitimate interests.
providing legally required information, maintaining secure and reliable public pages, responding to contact requests, and protecting our rights.
Scan & Store uses the following permissions and device-level functions.
The camera is used to scan documents.
The current V1 uses Apple system pickers to let you choose files or images and does not request general photo-library access where those system pickers are sufficient.
The app may optionally use Face ID, Touch ID, or device passcode authentication for app-lock, depending on your device and configuration. The current V1 does not require app-lock by default. When device authentication is used, the app receives only the result of the authentication check and does not access Face ID data associated with the enrolled face.
OCR and related suggestion logic are processed on-device using Apple frameworks.
The current V1 does not request push-notification or remote-notification permission.
We may disclose or make data accessible to the following categories of recipients, depending on how you use the app.
Where service providers act on our behalf, we require appropriate contractual or equivalent safeguards for the protection of personal data.
If you connect Google Drive, Dropbox, or pCloud, your files are transferred directly between your device and the selected provider. Supabase is used only for limited authentication and connection functions in connection with pCloud and is not used as a general document-storage backend or file proxy.
The Share Extension can copy files and images into a shared local import zone used by the app as a temporary staging area and subject to app cleanup.
When you import content from an http or https link via the Share Extension, the extension may contact the third-party server hosting that resource directly in order to retrieve the file.
The Document Picker Extension and File Provider Extension operate with the same shared import and app-group-based local zone. The current V1 File Provider is import-oriented and is not described as a general browser for the private archive stored inside the app. Imported content is generally copied into the app's private storage rather than exposing the archive through open-in-place access.
Subscriptions are billed by Apple through the App Store. We do not receive your full payment card details.
Apple handles billing, payment processing, App Store subscription management, and related restore mechanisms.
Subscription and entitlement data are used to determine whether premium features are unlocked and to support restore flows. Without an active subscription, the current V1 may still provide basic viewing and export of existing locally stored documents, while scanning, importing, editing, organization, and cloud sync functions may be restricted.
Redactions, annotations, signatures, markups, notes, and similar edits are generally stored as local editing metadata or layers.
A modified version is typically created when you export a new derived file. This means the archived original and a cloud copy of the original file may remain unchanged even if local editing layers exist inside the app.
When you export or share a file, the resulting file leaves the app's protected local storage area and becomes subject to the destination, recipient, file name, and any service or platform you choose.
Password protection offered for PDF exports is PDF-based protection for that exported file and is not equivalent to end-to-end encryption or a ciphertext-only storage model.
An edited export may contain embedded redactions or other applied edits, while an export of the original file may remain the original file without those embedded changes.
Some recipients may process personal data outside the European Economic Area.
The actual transfer situation depends on the service used and the processing chain triggered by your use of the app. You may contact us for more information about the safeguards used for a specific international transfer.
We retain or delete data according to the following logic.
Stored in the app's private local storage area until you delete the relevant document, reset the app, or otherwise remove local data.
Stored until you permanently clear the trash, the app cleans up the trash according to its lifecycle logic, or local reset/removal occurs.
Stored as temporary staging data until import, deletion, cleanup, or reset, including lifecycle-based cleanup.
Stored until you disconnect the provider, revoke access, or reset the app, subject to technical and legal requirements.
Stored as long as required for subscription status handling, restore support, legal compliance, dispute handling, and related documentation.
Stored until deleted at the respective provider or removed by you or by app actions triggered by you, subject to the provider’s own systems and retention logic. This may include readable PDF files, filenames, folder structure, and related restore or sync metadata stored with the connected provider.
Stored as long as necessary for the relevant request, legal retention obligations, or defense of legal claims.
Depending on your device settings and Apple backup behavior, local app data may also be included in device backups, including iCloud backups, unless excluded from backup. Deleting content in the app does not automatically delete copies that may already exist in device backups or with third-party cloud providers.
You may lodge a complaint, for example, with a supervisory authority in your place of habitual residence, place of work, or the place of the alleged infringement.
Because many content-related data items are stored locally on your device, you can directly control or delete many such data items in the app itself, through app reset functions, by clearing local storage, by clearing the trash, or by disconnecting cloud providers.
For data processed by Apple, RevenueCat, or a connected cloud provider, an additional request to the relevant provider may be necessary depending on the data and the role of the provider.
Some data and permissions are required to use specific functions.
You are not generally required to provide all categories of data, but certain functions will not work without the data strictly necessary for those functions.
Scan & Store does not use exclusively automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.
OCR, recognition, date detection, sender suggestions, type suggestions, duplicate detection, and similar features are convenience features only and do not constitute such decisions.
Scan & Store is not directed to children. We do not knowingly process personal data from children in a manner prohibited by applicable law.
We may update this Privacy Policy if our processing activities, technical setup, legal obligations, or services change.
If we introduce materially changed processing, we will update this notice before or when the changed processing becomes relevant.
Where required, related disclosures in App Store Connect or other platform disclosures will also be updated.
Please do not send highly sensitive original documents to support unless strictly necessary. Support is generally provided without routine review of document contents.
