This Privacy Policy describes how ScanAndSave ("we", "us", or "our") collects, uses, and shares information about you when you use our mobile application and related services. By using ScanAndSave, you agree to the practices described in this policy.
02 How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Provide, maintain, and improve the ScanAndSave service
- Process subscription payments and verify purchases through Google Play and App Store
- Store and sync your documents in cloud backup (Premium subscribers only)
- Send account-related emails such as password resets and security alerts
- Respond to your support requests and communications
- Detect, investigate, and prevent fraudulent or illegal activity
- Comply with legal obligations
We do not use your documents or their contents for advertising, training AI models, or any purpose other than providing the backup service to you.
03 How We Share Your Information
We do not sell your personal information. We may share your information only in these limited circumstances:
- Service providers: third-party vendors who help us operate the service (e.g., email delivery via SendGrid, cloud infrastructure). These parties are bound by data processing agreements and may only use your data to provide services to us.
- Google Play & Apple App Store: subscription purchase verification is performed against their APIs to validate your Premium status.
- Legal requirements: we may disclose your information if required by law, court order, or governmental authority.
- Business transfers: if ScanAndSave is acquired or merged, your information may be transferred as part of that transaction with prior notice to you.
- With your consent: in any other case, only with your explicit permission.
04 Cloud Backup & Document Storage
Cloud backup is a Premium feature. When enabled:
- Your scanned documents (PDF and image files) are encrypted in transit using TLS and stored on our secured servers.
- Documents are stored on servers located in the European Union.
- Only you can access your documents via your authenticated account.
- Free-tier users' documents are stored locally on-device only and are never transmitted to our servers.
All file transfers use HTTPS/TLS encryption. Your JWT access tokens expire regularly to limit exposure in case of compromise.
05 Data Retention
We retain your data for as long as your account is active or as needed to provide the service:
- Account data is retained while your account exists and for 30 days after deletion to allow recovery.
- Cloud-backed documents are retained until you delete them from within the app or delete your account.
- Subscription records are retained for 7 years for tax and accounting compliance.
- Server logs are retained for 90 days and then automatically purged.
06 Security
We implement technical and organisational measures to protect your information:
- All API communications are protected by TLS 1.2+
- Passwords are hashed using bcrypt with a strong cost factor — we never store plaintext passwords
- Authentication uses short-lived JWT access tokens and rotating refresh tokens
- Rate limiting is applied to all authentication endpoints to prevent brute-force attacks
- Server infrastructure is access-controlled and regularly patched
No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately at security@scanandsave.com.
07 Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): request deletion of your personal data
- Right to restrict processing: ask us to limit how we use your data
- Right to data portability: receive your data in a machine-readable format
- Right to object: object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent
To exercise any of these rights, contact us at privacy@scanandsave.com. We will respond within 30 days.
08 Data Deletion
You can delete your account and all associated data at any time:
- In-app: Go to Profile → Settings → Delete Account
- By email: send a deletion request to privacy@scanandsave.com from your registered email address
Upon deletion:
- Your account will be permanently deactivated within 24 hours
- All cloud-backed documents will be permanently deleted within 30 days
- Anonymised usage statistics may be retained
- Financial records required by law will be retained for the legally required period
Cancelling your Premium subscription does not delete your account or documents. To fully remove your data, you must explicitly request account deletion.
09 Children's Privacy
ScanAndSave is not directed to children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@scanandsave.com.
10 Third-Party Services
ScanAndSave integrates with the following third-party services, each governed by their own privacy policies:
11 Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:
- Posting the updated policy on this page with a new effective date
- Sending an email to your registered email address for significant changes
- Displaying a notice within the app
Your continued use of ScanAndSave after changes become effective constitutes your acceptance of the updated policy.