Last Updated: January 7, 2026
ScribbleScan ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.
IMPORTANT: ScribbleScan is designed as a local-first application. Your documents and scanned images are stored locally on your device and are not uploaded to our servers except temporarily during OCR (text extraction) processing.
Collected: Document images, extracted text, document names, and metadata (creation dates, page counts)
How: When you capture documents using your device's camera and perform OCR
Storage: Stored locally on your device in a SQLite database and app data directory
Transmitted: Images are sent to our OCR service only during text extraction, then immediately discarded. We do not retain copies of your documents on our servers.
Collected:
- Unique device identifier (Machine UID)
- Operating system platform (iOS or Android)
- App version
How: Automatically collected when you use the App
Purpose:
- Track your monthly OCR usage quota
- Validate subscription status
- Associate quota limits with your device
Note: We do not collect any personal identifiers such as your name, email address, or phone number.
Collected:
- In-app purchase tokens from Google Play or Apple App Store
- Subscription status (active, canceled, grace period)
- Product IDs and plan information
How: Collected when you purchase a subscription
Purpose: Validate your subscription and manage your increased OCR quota for active subscribers
Third-party validation: Purchase tokens are validated through Google Play Billing API or Apple App Store Server API
Collected:
- Application events (errors, query operations)
- Error messages and stack traces
- Anonymous session identifiers (randomly generated UUID)
- App version, environment (development/production)
Service: PostHog analytics platform (hosted in the United States)
Purpose:
- Identify and fix application bugs
- Improve app performance and user experience
- Monitor app stability
Opt-out: Analytics are currently not optional but do not include personally identifiable information
We use the collected information to:
- Provide OCR Services: Process your document images to extract text using our machine learning service
- Manage Quotas: Track your monthly OCR usage limits (limited quota for free users, increased quota for subscribers)
- Validate Subscriptions: Verify your subscription status with Apple or Google
- Improve the App: Analyze usage patterns and errors to fix bugs and enhance features
- Customer Support: Respond to support requests and troubleshoot issues
- Documents: Stored locally on your device in encrypted app storage (iOS) or private app directory (Android)
- Database: SQLite database stored in your device's app data directory
- Access: Only accessible by the ScribbleScan app; not accessible to other apps
- Quota Data: We store quota usage information (associated with your device ID) in a PostgreSQL database hosted on Google Cloud Platform
- No Document Storage: We do NOT store your documents, images, or extracted text on our servers
- Temporary Processing: Images sent for OCR are processed in memory and immediately discarded
We implement reasonable security measures including:
- HTTPS/TLS encryption for all data transmission
- Secure API authentication
- Regular security updates
- Access controls on backend systems
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
We use the following third-party services:
- Purpose: Application analytics and error tracking
- Data Shared: Anonymous usage events, error logs, device metadata
- Location: United States
- Privacy Policy: https://posthog.com/privacy
- Purpose: Optical character recognition (text extraction from images)
- Data Shared: Document images
- Retention: Images are processed in real-time and immediately discarded
- Location: United States (us-central1)
- Purpose: Process and validate subscription purchases
- Data Shared: Purchase tokens
- Privacy Policy: https://policies.google.com/privacy
- Purpose: Process and validate subscription purchases
- Data Shared: Purchase tokens
- Privacy Policy: https://www.apple.com/legal/privacy/
- Local Documents: Retained on your device until you delete them
- Quota Data: Retained indefinitely while you use the App; automatically reset monthly
- Analytics Data: Retained according to PostHog's retention policy (typically 7 years)
- OCR Images: Immediately discarded after processing; not retained
You have the right to:
- Delete Local Data: Uninstall the App to remove all locally stored documents and data
- Stop Data Collection: Discontinue use of the App at any time
- Cancel Subscription: Cancel your subscription through Google Play or the Apple App Store
To request deletion of quota data associated with your device:
- Contact us at the email below with your device identifier
- We will delete your quota records within 30 days
If you are a California resident, you have additional rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal information)
If you are in the European Union, you have additional rights:
- Right to access your personal data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
To exercise these rights, contact us at the email below.
Our services are hosted in the United States. If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.
Our App is not intended for children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.
ScribbleScan does not require you to create a user account. We do not collect:
- Email addresses
- Phone numbers
- Names or usernames
- Passwords
- Profile information
All identification is based on your device's unique identifier.
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Last Updated" date at the top of this policy
- Providing an in-app notification for material changes
Your continued use of the App after changes constitutes acceptance of the updated policy.
The App requires the following permissions:
- Camera: Required to capture document images for scanning
- Photo Library (optional): If you choose to import existing images
- Camera: Required to capture document images for scanning
- Storage: Required to save document data locally
- Network: Required to communicate with OCR service and validate subscriptions
If you have questions or concerns about this Privacy Policy, please contact us:
Email: support@scribblescan.com
Mailing Address:
Papier Labs LLC
2108 N St #12107 Sacramento, CA 95816
This privacy policy is designed to comply with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Apple App Store Guidelines
- Google Play Store Guidelines
DISCLAIMER: This privacy policy is provided as-is and should be reviewed by legal counsel before publication. Privacy laws vary by jurisdiction and we recommend consulting with an attorney to ensure full compliance with applicable laws.
For quick reference, here's what data we collect:
Data Linked to You: None (we don't use traditional user accounts)
Data Not Linked to You:
- Device identifier (for quota tracking)
- Usage data (analytics)
- Diagnostics (crash reports, error logs)
Data Used to Track You: None
Data You Provide:
- Document images (processed locally and during OCR only)
- Document text (stored locally only)