Privacy Policy

Introduction

This Privacy Policy describes how PDFAI Scan ("we," "our," or "us") collects, uses, and protects your information when you use our mobile application and website. We are committed to protecting your privacy and ensuring the security of your personal information.

Information We Collect

Information You Provide

• Anonymous Authentication: We use anonymous authentication through Firebase - no email address or personal identification is required or collected
• Documents and Images: Photos and documents you scan using the app are processed locally on your device
• User Preferences: Settings and preferences you configure within the app
• Support Communications: Information you provide when contacting our support team

Information Automatically Collected

• Usage Analytics: App usage patterns, feature utilization, and performance metrics
• Device Information: Device type, operating system version, app version, and device identifiers
• Crash Reports: Technical information about app crashes to help us improve stability
• Location Data: Approximate location (only if granted permission) for document organization features

How We Use Your Information

We use the collected information for the following purposes:

• Core Functionality: To provide document scanning, OCR, and export features
• Cloud Synchronization: To sync your documents across your devices using iCloud
• App Improvement: To analyze usage patterns and improve app performance
• Customer Support: To respond to your inquiries and provide technical assistance
• Security: To detect and prevent fraud, abuse, and security issues
• Legal Compliance: To comply with applicable laws and regulations

Data Processing and Storage

Local Processing

All document scanning, AI edge detection, and OCR processing occurs locally on your device. Your documents are not transmitted to our servers for processing.

Cloud Storage

If you enable iCloud sync, your documents are stored in your personal iCloud account using Apple's CloudKit service. We do not have access to your iCloud data.

AI Content Processing (Optional)

When you explicitly enable AI features and consent to AI content processing, document content may be sent to our trusted AI partners (Google Gemini, OpenAI, xAI, Zapply) for:

• Document summarization and key insights extraction
• Interactive chat with your PDF documents
• AI-powered smart document naming
• Quiz generation and interactive learning
• Flashcard creation for study purposes
• Fun Mode humor-enhanced content (optional)

Analytics Data

Anonymous usage analytics are collected through Firebase Analytics and are used solely for app improvement purposes. This data cannot be used to identify you personally.

Third-Party Services

We integrate with the following third-party services:

Firebase (Google)

• Analytics for usage tracking and app improvement
• Anonymous Authentication for app functionality (no personal data collected)
• Crashlytics for crash reporting and stability monitoring
• Remote Config for feature management

RevenueCat

• Subscription management and purchase validation
• Anonymous user analytics for subscription optimization

Superwall

• Paywall presentation and subscription conversion optimization
• A/B testing for premium feature discovery

Airbridge

• Attribution tracking for marketing campaign effectiveness
• Anonymous user journey analytics

Apple Services

• iCloud for document synchronization across your devices
• App Store for subscription billing and management

AI Content Processing Partners

When you choose to use AI-powered features (with your explicit consent), we may send your document content to trusted AI service providers for processing. This section describes our AI partners and how they handle your data.

Google Gemini (Google AI)

• Purpose: Document summarization, Chat with PDF, AI-powered smart document naming
• Model: Gemini 2.0 Flash
• Data Sent: Document text content (when you use AI Summary or Chat features)
• Data Retention: Not stored on Google servers - processed ephemerally
• Privacy Policy: Google Privacy Policy
• Data Processing: Encrypted in transit via Firebase Cloud Functions

OpenAI (GPT-4)

• Purpose: Alternative AI summarization backend (configurable via Remote Config)
• Models: GPT-4o, GPT-4o-mini
• Data Sent: Document text content (when Gemini is unavailable or when configured)
• Data Retention: OpenAI retains data for 30 days for abuse monitoring, then deletes
• Privacy Policy: OpenAI Privacy Policy
• Data Processing: Encrypted in transit, processed via API

xAI (Grok)

• Purpose: Fun Mode content generation (humor-enhanced summaries, flashcards, quizzes)
• Model: Grok
• Data Sent: Document text content (only when Fun Mode is enabled)
• Data Retention: Not stored - processed ephemerally
• Privacy Policy: xAI Privacy Policy
• Note: Fun Mode is disabled by default and requires explicit user activation

Zapply (Quiz Platform)

• Purpose: AI-powered quiz generation and interactive quiz playing
• Data Sent: Document content and quiz metadata (when you generate or play quizzes)
• Data Retention: Quiz data stored for leaderboard and progress tracking
• Privacy Policy: Zapply Privacy Policy
• Features: Quiz generation, leaderboard, progress tracking, social sharing

Your Control Over AI Processing

You have complete control over AI content processing:

• Explicit Consent: AI features prompt for consent before first use
• Granular Control: Enable/disable AI processing in Settings → AI Content Processing
• Per-Feature Control: Choose which AI features to use (Summary, Chat, Smart Naming, Fun Mode, Quizzes)
• Encryption: All data sent to AI providers is encrypted in transit using TLS 1.3
• No Storage: We do not store your documents on external AI provider servers
• Transparency: Clear disclosure of which AI provider processes each feature

Data Security with AI Partners

All AI partners we work with maintain enterprise-grade security standards:

• SOC 2 Type II certified data centers
• GDPR and CCPA compliant data processing
• Encryption at rest and in transit
• Regular security audits and compliance reviews
• No training on your data without explicit consent

Data Sharing and Disclosure

We do not sell, trade, or transfer your personal information to third parties except in the following circumstances:

• Service Providers: With trusted third-party services that assist in app operation (as listed above)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfer: In the event of a merger, acquisition, or sale of assets
• Consent: With your explicit consent for specific purposes

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data transmission is encrypted using TLS/SSL protocols
• Local Processing: Documents are processed locally to minimize data exposure
• Secure Authentication: Firebase Authentication with secure token management
• Regular Updates: Continuous security monitoring and updates
• Access Controls: Strict internal access controls to protect user data

Your Rights and Choices

You have the following rights regarding your personal information:

Data Access and Control

• Anonymous Data: Since we use anonymous authentication, no personal identification data is collected or stored
• Local Documents: All your documents remain under your control on your device and iCloud
• Data Portability: Export your documents and data directly from the app
• Account Deletion: Simply delete the app to remove all local data

Privacy Controls

• Analytics Opt-Out: Disable analytics tracking in app settings
• Location Services: Control location access through iOS settings
• iCloud Sync: Enable or disable cloud synchronization
• Marketing Communications: Opt out of promotional communications

Children's Privacy

Our app is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries outside of your residence, including the United States. We ensure appropriate safeguards are in place to protect your information during international transfers, in compliance with applicable data protection laws.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Anonymous Authentication: No personal identification data is retained
• Documents: Stored locally on your device and in your iCloud (if enabled)
• Analytics Data: Aggregated and anonymized data retained for up to 2 years
• Support Communications: Retained for up to 3 years for quality assurance

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an in-app notification
• Emailing registered users (when applicable)

Your continued use of the app after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Regional Privacy Rights

European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to object to processing based on legitimate interests
• Right to data portability
• Right to file a complaint with your local data protection authority

California (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights