ScannerFlow

Privacy Policy

Last updated: April 20, 2026

About this Privacy Policy

This policy explains what personal information ScannerFlow collects, how it is used, the reasons for each use, and your controls over data processing. ScannerFlow is managed by Mobile Flow Ltd ("we," "us," or "our").

Table of Contents

  1. Who We Are and Definitions
  2. Personal Data We Collect, How We Use It, and Why
  3. Our Marketing Activities
  4. Sharing the Personal Data We Collect
  5. International Transfers
  6. Security
  7. Your Rights
  8. Data Retention
  9. Cookies and Similar Technologies
  10. Third-Party Services
  11. Children
  12. Changes to This Policy
  13. CCPA Notice (California Residents)

1. Who We Are and Definitions

1.1 Who We Are

ScannerFlow is managed by Mobile Flow Ltd, with offices at Kiryat HaMada St 20, Jerusalem, Israel 9777600 (registration number 517148722). Contact: support@scannerflow.com

1.2 Definitions

"App" refers to the ScannerFlow mobile application for Android. "Services" includes the App and its associated features. "Personal data" means any information that identifies you directly or indirectly. "You" refers to any user of the App.

2. Personal Data We Collect, How We Use It, and Why

2.1 Contact Information

If you contact us via our support email, we collect your name, email address, and the content of your message.

Use: Responding to your inquiries and providing customer support.

2.2 Account and Registration Data

If you create an account (required to enable Cloud Sync), we collect your email address. You may sign in via Google, which may provide your name and profile picture as shared by that service.

Use: App access, saving your preferences, security, fraud prevention, and communicating service-related information (transactional only — no marketing email).

2.3 Activity and Device Data

We automatically collect certain technical data, including: IP address, device model and operating system version, app version, session duration, feature usage events (e.g., "scan started," "PDF exported"), and crash reports.

Use: App analytics, bug fixing, product improvement, and fraud prevention. This data is processed via Firebase Analytics (Google LLC).

2.4 Payment Data

Subscription purchases are processed entirely through Google Play. We do not receive or store your full payment card details. We receive a purchase token and subscription status from Google Play to verify your premium access.

Use: Granting and managing premium subscription access; internal accounting records.

2.5 Scanned Documents (Device-Local by Default)

When you scan a document, the resulting image, any perspective-corrected crop, the applied filter result, and the final PDF or JPEG file are created and stored locally on your device. We do not access, transmit, or process the content of your documents unless you explicitly enable Cloud Sync (see §2.6 below).

Use: Displaying scans in your in-app document library and enabling you to export or share them.

2.6 Cloud-Synced Documents (Premium Subscribers Only — Opt-In)

If you are a premium subscriber and enable Cloud Sync, your scanned documents and generated PDFs are uploaded to Firebase Cloud Storage (Google LLC) and associated with your account. This transfer is encrypted in transit (TLS). Documents include any text visible in the scan (which may include personal information you have chosen to scan, such as names, addresses, or financial details).

Use: Providing cross-device access to your documents and maintaining a secure cloud backup of your library.

Cloud Sync is disabled by default. You can disable it at any time in Settings → Cloud Sync. Disabling Cloud Sync does not automatically delete previously uploaded documents — use the in-app "Delete from cloud" option or contact support@scannerflow.com to request deletion.

2.7 OCR / Extracted Text (On-Device Only)

The "Extract Text" (OCR) feature runs entirely on your device using on-device ML capabilities. The text extracted from your documents is never transmitted to our servers. It is displayed within the app for you to copy and use as you choose.

Use: Enabling you to copy and search text from scanned documents.

2.8 App Usage Quota Data

We track the number of scans you have saved (your free quota usage) in Firebase Firestore, associated with your device or account identifier. We also track subscription status (free/premium) and, for premium subscribers, whether Cloud Sync is enabled.

Use: Enforcing the free-tier scan quota, granting premium access, and personalizing your app experience (e.g., scan streak counter).

2.9 Android App Set ID

On Android devices, we collect the App Set ID — a resettable, non-advertising identifier assigned by the OS to a set of apps from the same developer.

Use: Analytics and fraud prevention only. The App Set ID is not connected to advertising identifiers or used for cross-app advertising, consistent with Google Play policy.

3. Our Marketing Activities

3.1 Email — Transactional Only

We send email only for transactional purposes: subscription purchase confirmations, refund notices, and service announcements that materially affect your use of the App. We do not send marketing newsletters, promotional offers, or "we miss you" re-engagement emails.

To stop receiving transactional emails, contact support@scannerflow.com. Note that certain service communications (e.g., subscription renewal notices) are required under applicable law or our obligations to you and may continue regardless of your preference.

3.2 Android Advertising ID

We collect and use Android Advertising IDs (AAIDs) in accordance with Google Play Ads Policy, primarily for measuring the effectiveness of user acquisition campaigns (i.e., attributing app installs to ad campaigns via Google's install referrer mechanism).

3.3 Push Notifications

With your permission, we send in-app and push notifications for: trial expiry reminders (honest, one-time), seasonal document reminders (e.g., tax season), and scan streak milestones. You can disable notifications at any time in your device Settings.

4. Sharing the Personal Data We Collect

We do not sell your personal data.

4.1 Service Providers

Service ProviderFunctionData Shared
Firebase / Google LLCCloud Storage (documents), Firestore (quota/account data), Analytics (usage events), Cloud Messaging (push notifications)Cloud-synced documents (opt-in), quota data, usage events, device token
Google Play BillingSubscription payment processingPurchase token, subscription status (no card details)
Google Ads / Install ReferrerApp install attributionAAID, install referrer data

All providers are contractually required to maintain confidentiality and use data only for the purposes we specify.

4.2 Change of Ownership

In the event of a company sale, merger, or acquisition, your data may be transferred to the acquiring entity. We will notify you and privacy protections will continue to apply after any such transaction.

4.3 Law Enforcement

We may disclose data to government authorities or legal representatives when required to: (i) protect our rights, property, or safety; (ii) comply with a court order, subpoena, or applicable law; or (iii) fulfill legal or regulatory obligations.

5. International Transfers

Our service providers, including Google (Firebase), are located in the United States and other countries. By using the App, you consent to the transfer of your data to these locations. All transfers are made with appropriate safeguards under applicable law.

6. Security

ScannerFlow applies industry-standard security measures, including encryption in transit (TLS) for all data transferred between the App and our servers. Cloud-synced documents are stored in Firebase Cloud Storage, which applies server-side encryption at rest.

No system is completely secure. You are responsible for the security of your device and credentials. Contact us immediately at support@scannerflow.com if you believe your account has been compromised.

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including: access, rectification, erasure ("right to be forgotten"), data portability, and the right to object to or restrict processing. California residents, see Section 13 for CCPA-specific rights.

To exercise any of these rights, contact us at support@scannerflow.com. We may ask you to verify your identity before processing your request.

Data deletion: You may request deletion of your account and associated data at any time by emailing support@scannerflow.com with the subject line "Data Deletion Request." We will process your request within 30 days. Locally stored documents are under your control — delete them through your device's file manager or within the app.

8. Data Retention

We retain personal data for as long as necessary to provide the Services and comply with legal obligations. Specific retention periods:

  • Device-local scanned documents: Retained on your device until you delete them. We have no access to or control over locally stored files.
  • Cloud-synced documents (premium subscribers): Retained while your subscription is active. Upon cancellation or expiration, cloud-synced documents remain accessible for 90 days, then are permanently deleted. You are solely responsible for exporting any documents you wish to keep before the 90-day window closes.
  • Account data (Firestore): Retained while your account is active. Upon account deletion request, purged within 30 days.
  • Analytics data: Retained per Firebase Analytics' default retention settings (14 months by default for user-level data).
  • Support communications: Retained for up to 3 years for quality assurance and legal compliance.

Contact support@scannerflow.com for details on specific retention periods.

9. Cookies and Similar Technologies

ScannerFlow is a mobile app and does not use browser cookies. We do not use cookies for tracking or advertising on our website or in the app.

The App uses Firebase Analytics, which collects device identifiers (such as the Android App Set ID and Firebase installation ID) to analyze usage patterns and improve the experience. These are analogous to first-party analytics — they are not used for cross-app or cross-site behavioral advertising.

10. Third-Party Services

The App integrates third-party services (listed in §4.1). Your use of those services is subject to their own terms and privacy policies. We assume no responsibility for the privacy practices of third-party services beyond our contractual requirements.

11. Children

ScannerFlow is not directed at children under 13 (or under 16 in EEA jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate parental consent, contact us immediately at support@scannerflow.com and we will delete that data promptly.

12. Changes to This Policy

We update this Privacy Policy periodically to reflect legal requirements and changes in our operations. Updates are posted on this page with a revised "Last updated" date. We encourage you to review this policy regularly. Material changes will be communicated via in-app notice.

13. Annex A: California Consumer Privacy Rights (CCPA/CPRA)

13.1 Overview

California residents may have certain rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The following is general information; consult legal counsel for specific applicability. Identity verification is required for all requests.

13.2 Right to Know

You may request disclosure of: the specific personal data we have collected about you in the preceding 12 months; the categories of personal data collected; the sources of collection; the business or commercial purpose for collection; and the categories of third parties with whom we share data.

13.3 Right to Delete

You may request deletion of personal data we hold about you, subject to certain exceptions (e.g., data needed to complete a transaction, detect fraud, or comply with legal obligations).

13.4 Right to Correct

You may request correction of inaccurate personal data we hold about you.

13.5 Right to Opt Out of Sale or Sharing

We do not sell or share (as defined under CCPA/CPRA) your personal data for cross-context behavioral advertising. No opt-out action is required.

13.6 Right to Limit Sensitive Data Use

You may limit our use of sensitive personal data to what is necessary for service provision and business operations.

13.7 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights — including by denying services, charging different prices, or providing a different level of quality.

13.8 How to Exercise California Rights

Contact us at support@scannerflow.com with subject line "California Privacy Request." Provide sufficient information for us to verify your identity. Authorized agents may submit requests on your behalf with written authorization.

Past 12 months: We have not sold or shared (as defined by CCPA) any personal data. Business-purpose disclosures include: device activity data and identifiers shared with Firebase/Google for analytics and app functionality; purchase tokens shared with Google Play for billing; install referrer data shared with Google Ads for attribution.