ScannerFlow
Get the app

Privacy Policy

Last updated: May 11, 2026

About this Privacy Policy

This policy explains what personal information ScannerFlow collects, how it is used, the legal basis and purpose of each use, the third parties we share it with, and the controls you have over your data. ScannerFlow is operated by Mobile Flow Ltd ("we," "us," or "our"). By installing or using ScannerFlow you acknowledge the practices described below.

Table of Contents

  1. Who We Are and Definitions
  2. Personal Data We Collect, How We Use It, and Why
  3. Device Permissions
  4. Our Marketing Activities
  5. Sharing the Personal Data We Collect
  6. Third-Party Services and SDKs
  7. International Transfers
  8. Security
  9. Your Rights
  10. Data Retention
  11. Cookies and Similar Technologies
  12. Other Sites, Mobile Applications and Services
  13. Children
  14. Changes to This Policy
  15. How to Contact Us
  16. Notice to European Users (GDPR)
  17. Notice to California Residents (CCPA/CPRA)
  18. Notice to Virginia, Colorado, Connecticut, Utah and Other US State Residents
  19. Notice to Brazilian Users (LGPD)

1. Who We Are and Definitions

1.1 Who We Are

ScannerFlow is managed by Mobile Flow Ltd, with offices at Kiryat HaMada St 20, Jerusalem, Israel 9777600 (registration number 517148722). General contact: support@scannerflow.com. Privacy-specific contact: privacy@scannerflow.com.

1.2 Definitions

"App" refers to the ScannerFlow mobile application for Android. "Services" includes the App, the associated cloud backend, and any related website at scannerflow.com. "Personal data" means any information that identifies you directly or indirectly. "You" refers to any user of the App or Services.

2. Personal Data We Collect, How We Use It, and Why

2.1 Contact Information

If you contact us via our support email, we collect your name, email address, and the content of your message, along with any attachments you choose to send.

Use: Responding to your inquiries, providing customer support, and maintaining a record of support interactions for quality assurance and dispute resolution.

2.2 Account and Registration Data

To use the App you create an account. We collect your email address; if you sign in via Google we additionally receive the name, profile picture, and verified email shared by that service. Authentication is handled by Firebase Authentication (Google LLC).

Use: App access, saving your preferences, security, fraud prevention, and sending service-related communications (transactional only — see §4.1).

2.3 Scanned Documents and Generated PDFs (Uploaded to Our Cloud by Default)

When you scan, import, or create a document in the App, the resulting images, any perspective-corrected crops, applied filters, annotations, and the final PDF or JPEG files are uploaded by default to our cloud backend (Firebase Cloud Storage and Cloud Firestore, both provided by Google LLC) and associated with your account. Uploaded documents may contain any text, images, or personal information that appears in the scan (for example names, addresses, financial information, or identification details that you have chosen to capture).

Use: (a) providing cross-device access to your library; (b) maintaining a secure cloud backup so you do not lose documents if your device is lost or replaced; (c) enabling premium server-side features that you explicitly invoke, including AI-assisted scanning, AI chat over your documents, semantic document search, and PDF-to-Word / PDF-to-Excel conversion.

Encryption: All uploads occur over TLS 1.2+ (encrypted in transit), and all stored files are encrypted at rest using AES-256 server-side encryption with Google-managed keys, in accordance with Google Cloud Platform's standard encryption policies. Access to stored files requires authentication as the file's owner; Firebase Security Rules prevent any other user from accessing your documents.

Your control: You can delete any document at any time from within the App, which removes both the original image and the generated PDF from our cloud. You may also request bulk deletion of all your cloud-stored documents by emailing support@scannerflow.com with the subject line "Delete My Documents." Requests are processed within 30 days.

2.4 OCR / Extracted Text (On-Device Only)

The "Extract Text" (OCR) feature runs entirely on your device using Google ML Kit's on-device text recognition. The text extracted from your documents is processed locally and is not transmitted to our servers as part of OCR. It is displayed within the App for you to copy, search, and use as you choose. If you later invoke a server-side AI feature on the same document (see §2.3), the document image is processed in our cloud at that point.

2.5 Payment Data

Subscription purchases are processed entirely through Google Play Billing. We do not receive or store your full payment card details. We receive a purchase token and subscription status from Google Play, which we use to verify and grant your premium access via our Cloud Functions backend.

2.6 Activity, Device and Diagnostic Data

We automatically collect certain technical data, including: IP address, device model and operating system version, App version, session duration, feature usage events (e.g., "scan started," "PDF exported," "AI scan invoked"), and crash reports including stack traces and device state at the time of the crash. This data is processed via Firebase Analytics, Firebase Crashlytics, and Firebase Remote Config (all Google LLC), and via Microsoft Clarity (Microsoft Corporation) for session replays and heatmaps that help us diagnose UX issues.

Use: Product analytics, bug fixing, feature experimentation (A/B testing), product improvement, and fraud prevention.

2.7 App Usage Quota and Subscription State

We track the number of scans you have saved (free-tier quota usage), AI requests consumed today, subscription status (free/premium), and trial-eligibility flags in Firebase Firestore, associated with your account. We also store your in-app preferences (e.g., default filter, scan streak counter).

Use: Enforcing the free-tier scan quota, granting and metering premium access, and personalizing your App experience.

2.8 Android Identifiers

On Android devices we collect:

  • App Set ID — a resettable, non-advertising identifier assigned by the OS to a set of apps from the same developer. Used for analytics and fraud prevention only; not connected to advertising identifiers, consistent with Google Play policy.
  • Android Advertising ID (AAID) — used solely for measuring the effectiveness of user-acquisition campaigns (attributing App installs to specific ads via Google's install referrer mechanism). You can reset or limit the AAID at any time in your device's Google settings.
  • Firebase Installation ID — issued by the Firebase SDK and used to identify the App installation for analytics, Remote Config, and Cloud Messaging.

3. Device Permissions

The App requests the following device permissions, each tied to a specific feature. Permissions are activated only when you engage the corresponding feature, and you may revoke any of them in your device settings — revoking a permission disables the corresponding feature but does not prevent you from using the rest of the App.

  • Camera — capturing document scans, QR/barcode scanning.
  • Photos / Media / Files — importing existing images and PDFs to convert or edit.
  • Internet — uploading scans for cloud backup and invoking server-side features (AI, conversion).
  • Notifications — trial-expiry reminders, scan-streak milestones, optional service announcements.
  • Vibration / Haptics — UI feedback during scan capture and editor interactions.

4. Our Marketing Activities

4.1 Email — Transactional Only

We send email only for transactional purposes: subscription purchase confirmations, refund notices, trial-expiry reminders that are legally required, and service announcements that materially affect your use of the App. We do not send marketing newsletters, promotional offers, or re-engagement ("we miss you") emails.

To stop receiving transactional emails, contact support@scannerflow.com. Certain service communications (e.g., subscription-renewal notices) are required under applicable law or our obligations to you and may continue regardless of your preference.

4.2 Push Notifications

With your permission, we send in-app and push notifications for: trial-expiry reminders, seasonal document reminders (e.g., tax season), and scan-streak milestones. You can disable notifications at any time in your device Settings or in App Settings.

4.3 Install Attribution

We collect and use the Android Advertising ID and Google install-referrer data in accordance with Google Play Ads Policy, solely to measure the effectiveness of our user-acquisition campaigns. We do not engage in cross-app behavioural advertising and we do not sell or share AAID data with third-party advertising networks for their own purposes.

5. Sharing the Personal Data We Collect

We do not sell your personal data.

5.1 Categories of Recipients

Personal data is disclosed to the following categories of recipients:

  • Cloud infrastructure providers who host and process the data on our behalf (Google LLC for Firebase, OpenAI for AI features, Microsoft Corporation for session-replay analytics, Apple Inc. and Google for billing — see §6).
  • Professional advisors (lawyers, accountants, auditors) bound by confidentiality.
  • Government authorities and law-enforcement bodies where required by law, court order, subpoena, or to protect our rights, property, or the safety of users or the public.
  • Successor entities in the event of a merger, acquisition, financing, reorganisation, bankruptcy, or sale of company assets. We will notify you and ensure privacy protections continue to apply.

All recipients are contractually required to maintain confidentiality and to use the data only for the purposes we specify. We do not authorise any recipient to use your personal data for their own independent purposes.

6. Third-Party Services and SDKs

ScannerFlow integrates the following third-party services. Each operates under its own privacy policy, linked below.

ProviderFunctionData SharedProvider Policy
Google LLC — Firebase AuthenticationUser sign-in (email/password, Google Sign-In)Email, hashed password or OAuth identifier, IP, device infoPolicy
Google LLC — Firebase Cloud StorageStorage of scanned documents and generated PDFsDocument images, generated PDFs, file metadata, user UIDPolicy
Google LLC — Cloud FirestoreAccount state, scan metadata, subscription state, quota countersUser UID, scan filenames and timestamps, premium flag, countersPolicy
Google LLC — Cloud FunctionsServer-side processing for AI features, PDF conversion, subscription verificationAuthenticated function arguments, including image storage paths for AI featuresPolicy
Google LLC — Firebase App CheckAbuse and bot prevention for our backendDevice-attestation tokens (Play Integrity)Policy
Google LLC — Firebase AnalyticsApp usage and feature analyticsEvent names, App Set ID, Firebase Installation ID, device infoPolicy
Google LLC — Firebase CrashlyticsCrash and error reportingStack traces, device state at crash, App version, anonymised installation IDPolicy
Google LLC — Firebase Remote ConfigServer-driven configuration, A/B testing of paywalls and UIInstallation ID, assigned experiment variantPolicy
Google LLC — Firebase Cloud MessagingPush notificationsFCM device token, notification payload metadataPolicy
Google LLC — Google ML Kit (on-device)OCR / text recognition. Runs entirely on-device — no data leaves your device for this feature.None transmittedPolicy
Google LLC — Google Sign-InOAuth sign-in optionEmail, name, profile picture (only if you choose Google sign-in)Policy
Google LLC — Google Play BillingSubscription payment processingPurchase token, subscription status (no card details)Policy
Google LLC — Google Ads / Install ReferrerApp-install attributionAAID, install referrer dataPolicy
OpenAI, L.L.C.Premium-only AI features: AI scan modes (calorie, plant, skin, fashion, decor, math), Ask-AI document chat, semantic document search. Only invoked when you explicitly tap an AI feature. Under our OpenAI API agreement, your inputs and outputs are not used to train OpenAI's models.Document image or text excerpt and the prompt for the invoked featurePolicy
Microsoft Corporation — Microsoft ClaritySession replay and heatmaps for UX diagnosticsAnonymised session recordings, tap and scroll events, device info. Document content is masked.Policy
Apple Inc.iOS platform services (if the App is distributed via iOS in the future) and App Store BillingAnonymised purchase receiptsPolicy

Embedded development SDKs that do not collect data on their own behalf (e.g., the PDF rendering library, OpenCV, the signature pad) are not listed above as they do not act as independent data controllers or processors of personal data.

7. International Transfers

Our service providers, including Google (Firebase), OpenAI, and Microsoft (Clarity), are located in the United States and other countries. By using the App you consent to the transfer of your data to these locations. Where data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK and Swiss mechanisms with our processors.

8. Security

ScannerFlow applies industry-standard security measures, including:

  • TLS 1.2+ encryption in transit for all data transferred between the App and our servers, and between our servers and our processors.
  • AES-256 server-side encryption at rest with Google-managed keys for all documents stored in Firebase Cloud Storage and all records stored in Cloud Firestore, in line with Google Cloud Platform's standard encryption policies.
  • Firebase Security Rules and Firebase App Check to enforce that only the authenticated owner of a document can read or modify it, and to block requests from unverified app builds.
  • Principle of least privilege for engineering access to production systems, with audit logging.

No system is completely secure. You are responsible for the security of your device and your account credentials. Contact support@scannerflow.com immediately if you believe your account has been compromised.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including: access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, objection to processing, and withdrawal of consent. Jurisdiction-specific rights are listed in §16–§19 below.

To exercise any of these rights, contact us at privacy@scannerflow.com or support@scannerflow.com. We may ask you to verify your identity before processing your request, and we will respond within the timeframe required by applicable law (typically 30 days, extendable once where allowed).

Account deletion: You may request deletion of your account and all associated cloud-stored data at any time by emailing support@scannerflow.com with the subject line "Data Deletion Request" from the email address registered to your account. Upon verification, we permanently delete your account record and all your cloud-stored documents within 30 days. After deletion, recovery is no longer possible.

Per-document deletion: Within the App you can delete any individual document, which removes its image and generated PDF from our cloud storage. You can also email support@scannerflow.com at any time to request deletion of specific documents without closing your account.

10. Data Retention

We retain personal data for as long as necessary to provide the Services and to comply with our legal obligations. Specific retention periods:

  • Scanned documents and generated PDFs (cloud-stored): retained while your account is active. Documents deleted from within the App are removed from cloud storage at the time of deletion. Upon account deletion request, all remaining documents are permanently deleted within 30 days.
  • Account data (Firestore): retained while your account is active; purged within 30 days of a verified account-deletion request.
  • Subscription records: retained for the duration of the subscription and for an additional period required for accounting, tax, and dispute purposes (typically up to 7 years), even after account deletion, as permitted by law.
  • Analytics data (Firebase Analytics, Microsoft Clarity): retained per each provider's default settings — typically 14 months for user-level event data in Firebase Analytics and up to 13 months for session recordings in Microsoft Clarity. Aggregated and anonymised analytics may be retained indefinitely.
  • AI request logs: minimal metadata (timestamp, mode, latency, token count, cost) is retained for up to 90 days for abuse monitoring and quota enforcement. Document content sent to OpenAI is not retained by us beyond the immediate request and is not used by OpenAI to train its models under our API agreement.
  • Crash reports (Crashlytics): retained for up to 90 days.
  • Support communications: retained for up to 3 years for quality assurance and legal compliance.

For specific retention questions, contact privacy@scannerflow.com.

11. Cookies and Similar Technologies

ScannerFlow is a mobile App and does not use browser cookies. We do not use cookies for tracking or advertising on our website or in the App.

The App uses device-level identifiers as described in §2.8 (App Set ID, Firebase Installation ID, AAID for install attribution). These are analogous to first-party analytics identifiers — they are not used for cross-app or cross-site behavioural advertising.

12. Other Sites, Mobile Applications and Services

The App and our website may link to third-party websites or services that operate under their own privacy policies. We are not responsible for the privacy practices of those third parties and encourage you to review their policies before sharing information with them.

13. Children

ScannerFlow is not directed at children under 13 (or under 16 in EEA jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate parental consent, contact us immediately at privacy@scannerflow.com and we will delete that data promptly.

14. Changes to This Policy

We update this Privacy Policy periodically to reflect legal requirements and changes in our operations. Updates are posted on this page with a revised "Last updated" date. Material changes will be communicated via in-app notice. Your continued use of the App after an update constitutes acceptance of the revised policy.

15. How to Contact Us

Email — general: support@scannerflow.com
Email — privacy and data-rights requests: privacy@scannerflow.com
Post: Mobile Flow Ltd., Kiryat HaMada St 20, Jerusalem, Israel 9777600, Attn: Legal — Privacy.

16. Notice to European Users (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws grant you the following rights with respect to your personal data:

  • Right of access to your data and to receive a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten").
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing based on our legitimate interests.
  • Right to withdraw consent at any time, where consent is the legal basis.
  • Right to lodge a complaint with your national data-protection authority.

Legal bases for processing: contract performance (e.g., providing the App and processing your subscriptions); legitimate interests (e.g., product analytics, fraud prevention, security); legal compliance; and consent (where required, e.g., for push notifications and certain optional features). Submit requests to privacy@scannerflow.com.

17. Notice to California Residents (CCPA/CPRA)

17.1 Overview

California residents may have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). The following is general information; consult legal counsel for specific applicability. Identity verification is required for all requests.

17.2 Right to Know

You may request disclosure of: the specific personal data we have collected about you in the preceding 12 months; the categories of personal data collected; the sources of collection; the business or commercial purpose for collection; and the categories of third parties with whom we share data.

17.3 Right to Delete

You may request deletion of personal data we hold about you, subject to certain exceptions (e.g., data needed to complete a transaction, detect fraud, or comply with legal obligations).

17.4 Right to Correct

You may request correction of inaccurate personal data we hold about you.

17.5 Right to Opt Out of Sale or Sharing

We do not sell or share (as defined under CCPA/CPRA) your personal data for cross-context behavioural advertising. No opt-out action is required.

17.6 Right to Limit Sensitive Data Use

You may limit our use of sensitive personal data to what is necessary for service provision and business operations.

17.7 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights — including by denying services, charging different prices, or providing a different level of quality.

17.8 How to Exercise California Rights

Contact us at privacy@scannerflow.com with subject line "California Privacy Request." Provide sufficient information for us to verify your identity. Authorised agents may submit requests on your behalf with signed written authorisation.

Past 12 months: we have not sold or shared (as defined by CCPA) any personal data. Business-purpose disclosures include: device-activity data and identifiers shared with Firebase/Google for analytics and App functionality; document content shared with OpenAI when you invoke AI features; session diagnostics shared with Microsoft Clarity; purchase tokens shared with Google Play for billing; install referrer data shared with Google Ads for attribution.

18. Notice to Virginia, Colorado, Connecticut, Utah and Other US State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other US states with comparable comprehensive privacy laws may have rights to: confirm processing, access their personal data, correct inaccuracies, delete data, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and profiling that produces significant effects. We do not sell personal data and we do not conduct targeted advertising or profiling with significant effects. To exercise these rights, contact privacy@scannerflow.com.

19. Notice to Brazilian Users (LGPD)

If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you the right to: confirm the existence of processing, access your data, correct it, anonymise, block, or delete unnecessary data, obtain portability, understand with whom we share data, and revoke consent. Submit requests to privacy@scannerflow.com.