Section 1: Data collection & security
- Does your app collect or share user data? — Yes
- Is data encrypted in transit? — Yes (HTTPS to Cloudflare Worker)
- Can users request data deletion? — Yes (uninstalling the app deletes all local data; backup export/delete is in Settings)
Section 2: Data types to declare
Photos — Collected, not shared with third parties
- User scans document photos via camera/gallery
- ML Kit runs OCR on-device — raw image never leaves the device
- Only extracted text is sent to the Cloudflare Worker
Files & Docs — Collected, processed by third party
- PDFs uploaded for scanning
- Text extracted by Cloudflare Worker (Anthropic Claude)
- Raw PDF never reaches Claude
Messages (in-app) — Shared with third party (Anthropic)
- Chat messages sent to Cloudflare Worker → Claude API for AI responses
- No conversation content is logged or stored on servers
Calendar — Accessed on device only
- App creates/reads/deletes calendar events for document expiry reminders
- Never shared externally
App activity / Purchase history — Collected, not shared
- Purchase transaction ID stored locally for tier verification only
What you do NOT collect (answer No to these):
- Name, email, phone, address, DOB
- Precise or approximate location
- Contacts
- Device/advertising ID
- Crash logs / analytics
- Any data used for advertising or tracking