PERSONAL INFORMATION WE COLLECT

When you use the App, we may collect information about you, including:

• Photographs and/or documents you provide when you use the App, via your camera or camera roll (if you have granted us permission to access your camera or camera roll), the in-App internet search functionality, or your social media account (if you choose to connect your social media account). We obtain only the specific images you chose to modify using the App; we do not collect your photo albums even if you grant us your access to them. We encrypt each photograph that you upload using the App. The encryption key is stored locally on your device. This means that the only device that can view the photo is the device from which the photograph was uploaded using the App – the user’s device. Please note that while we do not require or request any metadata attached to the photographs you upload, metadata (including, for example, geotags) may be associated with your photographs by default. We take steps to delete any metadata that may be associated with a photograph you provide when you use the App.
• Other Files and Media (including Music Files, Other Audio Files, Videos, Voice or Sound Recordings): In addition to photos and documents, features within the app might require access to other media types *if you explicitly choose to use such features*. For example, if a feature allows importing audio or video, or recording voice notes, we will only access the specific files or use the microphone when you initiate these actions. As stated previously, video editing is currently processed locally.
• Smart Auto Naming: Our Smart Auto Naming feature may process text from your scanned documents to automatically generate relevant document file names. This uses on-device OCR to extract the first few words from your document, which may then be temporarily sent to our servers for AI-based name generation. This data is used solely for suggesting document names and is deleted immediately after processing. You can disable this feature in the app settings at any time.
• App usage information, such as information about how you use the App and interact with us, including your preferred language, the date and time when you first installed the App and the date and time you last used the App, crash logs, diagnostics, and other performance data.
• Purchase history, if you choose to purchase an App subscription, such as confirmation that you are a paid subscriber to the App.
• Social media information, if you choose to login to the App via a third-party platform or social media network (for example, Facebook), or otherwise connect your account on the third-party platform or network to the App. We may collect information from that platform or network, such as your social media alias, first and last name, number of “friends” on the social media platform and, if depending on your Facebook or other network settings, a list of your friends or connections (though we do not use or store this information). Our collection and processing of the information we obtain from social media platforms is governed by the requirements these social media platforms impose on us in their relevant terms and conditions.
• Device data and Identifiers, such as your computer and mobile device operating system type and version number, manufacturer and model, device ID, push tokens, Google Advertising ID (AdID) (used for personalized advertising and analytics), Apple ID for Advertising (IDFA) (used for personalized advertising and analytics), browser type, screen resolution, IP address (and the associated country/approximate location in which you are located), network connection state (WiFi/cellular), the website you visited before visiting our Site; and other information about the device you are using to visit the App. This also includes identifiers collected via SDKs for analytics, advertising, and app functionality.
• Online activity data, such as information about your use of and actions on the App and the Sites, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and certain third parties (e.g., online advertising networks and their clients) also may collect this type of information over time and across third-party websites and mobile applications. This information may be collected on our Site using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies. We may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our App. This information may be collected directly by us or through third-party Software Development Kits (“SDKs”) for purposes such as analytics and advertising.

Device permissions for Personal Data access

Depending on the User’s specific device, this Application may request certain permissions that allow it to access the User’s device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document. The exact procedure for controlling app permissions may be dependent on the User’s device and software. Please note that the revoking of such permissions might impact the proper functioning of this Application.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.

• Camera permission (android.permission.CAMERA): Used for accessing the camera or capturing images and video from the device for scanning or other features.
• Storage Permissions (android.permission.READ_EXTERNAL_STORAGE, android.permission.WRITE_EXTERNAL_STORAGE, android.permission.READ_MEDIA_IMAGES, android.permission.READ_MEDIA_VISUAL_USER_SELECTED): Allows access to read, write, or select files (photos, documents, media) from the User’s device storage or Photo Library, as initiated by the user for importing, editing, or saving content. The specific permission depends on the Android version and the type of media being accessed.
• Internet & Network State Permissions (android.permission.INTERNET, android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE, android.permission.CHANGE_WIFI_STATE): Required to access the internet for app functionality, downloading/uploading content, communicating with our servers and third-party services (like analytics, ads, cloud processing), and optimizing performance based on network connectivity.
• Advertising ID & AdServices Permissions (com.google.android.gms.permission.AD_ID, android.permission.ACCESS_ADSERVICES_AD_ID, android.permission.ACCESS_ADSERVICES_ATTRIBUTION, android.permission.ACCESS_ADSERVICES_TOPICS): Used by the app and third-party advertising and analytics partners to provide personalized advertising (in the free version), measure ad effectiveness, perform attribution analysis, and comply with platform requirements for advertising functionalities. User controls for ad personalization are available in device settings.
• Billing Permission (com.android.vending.BILLING): Necessary to handle in-app purchases and subscriptions through the Google Play Store.
• Foreground Service & Background Execution Permissions (android.permission.FOREGROUND_SERVICE, android.permission.RECEIVE_BOOT_COMPLETED, android.permission.WAKE_LOCK): Allows the app to perform essential tasks reliably, such as processing large files, managing uploads/downloads, or handling critical operations, sometimes continuing briefly after the user leaves the app or after the device restarts, to ensure tasks complete successfully. WAKE_LOCK helps prevent the device from sleeping during critical operations.
• Notifications Permission (android.permission.POST_NOTIFICATIONS): Allows the app to send push notifications for updates, alerts, or marketing messages, if the user opts-in (on supported Android versions).
• Vibrate Permission (android.permission.VIBRATE): Used to provide haptic feedback for user actions within the app.
• Install Referrer Permission (com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE): Used primarily for analytics and marketing attribution to understand how users discovered and installed the app via the Google Play Store.
• Basic Phone State Permission (android.permission.READ_BASIC_PHONE_STATE): Some third-party SDKs (e.g., analytics, ad networks) may require this permission to access non-sensitive device state information for compatibility, identification, or fraud prevention purposes.
• Other Permissions (e.g., pdf.tap.scanner.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION, com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA, com.samsung.android.mapsagent.permission.READ_APP_INFO, com.google.android.c2dm.permission.RECEIVE): These permissions are typically required for internal app functions, compatibility with specific device manufacturer services (like Huawei, Samsung), receiving system messages (like push notifications via Google Cloud Messaging), ensuring security practices, or are dependencies of integrated SDKs.

Face recognition technologies
We use face recognition technologies In order to provide our Services, we use this technology to recognize people in images and camera experiences. We may detect and use facial marks to provide face recognition contents and facial manipulation features.

The information we collect cannot be used for identifying a specific person, and is used to provide the mentioned features only. When the content inference is done or upon the closing of the application, the facial mapping information is discarded, We will neither use the results for other purposes. This data and information is not shared with any third party and no one but you have access to it.

Managing Device Permissions

TapScanner only uses permissions you explicitly grant. To revoke permissions:

• Android: Settings → Apps → TapScanner → Permissions → disable the specific permission (e.g., Camera, Storage, Notifications).

• iOS: Settings → Privacy & Security → [Permission Type e.g., Camera or Photos] → toggle off TapScanner.

Revoking permissions may limit or disable related App features.

HOW WE USE YOUR PERSONAL INFORMATION

We do not use the photographs or documents you provide when you use the App for any reason other than to provide you with the scanning, editing, and related functionality of the App (like Smart Auto Naming). We may use information other than photographs/documents for the following purposes:

To operate and improve the App:

• Enable you to use the App’s features;
• Establish and maintain your account, if you choose to login to the App using your social media account;
• Communicate with you about the App, including by sending you announcements, updates, and security alerts, which we may send through a push notification, and responding to your requests, questions and feedback;
• Provide technical support and maintenance for the App; and
• Perform statistical analysis about use of the App (including through the use of third-party analytics providers like Google Analytics, Firebase Analytics, AppsFlyer, Mixpanel, Amplitude, as detailed below), which may involve the use of device identifiers and usage data to understand user behavior, fix crashes (using services like Firebase Crashlytics), and improve features (using services like GrowthBook for A/B testing).

To send you marketing and promotional communications. We may send you marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing section below.

To display advertisements to you. If you use the free version of the App, we work with advertising partners (like Google AdMob/DoubleClick) to display advertisements within the App. These advertisements are delivered by our advertising partners and may be targeted based on your use of the App, your activity elsewhere online, and your device’s advertising ID (AdID/IDFA) and potentially information derived from AdServices APIs. We may use tools like Google’s User Messaging Platform (UMP) via `fundingchoicesmessages.google.com` to manage consent for advertising. To learn more about your choices in connection with advertisements, please see the section below titled “Targeted online advertising.”

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or Appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. This may involve using device identifiers and network information.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information like photos you process, in order to improve our AI models and features in the app and in other photo-related apps provided by us, and offer a better service for editing and enhancing your images (for example, by using your images to train and validate our AI algorithms in the app and in other similar mobile and web apps provided by us, and by examining and labelling your images to improve the performance of our enhancement features). The legal basis for the processing is your consent (art. 6(1)(a) of the GDPR). If you have an account and upon your consent, we will receive images, videos and audio-recordings uploaded by you.

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

HOW WE SHARE YOUR PERSONAL INFORMATION

We do not disclose user photographs or documents to third parties except as necessary to provide the app’s features (e.g., uploading encrypted data to our cloud providers Google Cloud Platform, Amazon Web Services, and Cloudflare for processing and temporary storage as described). We may share your non-photograph/non-document information in the following circumstances:

Affiliates. We may share App usage information with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information (excluding raw photos/documents unless needed for a specific service you request and consent to, like cloud OCR) with service providers that perform services on our behalf or help us operate the App (such as customer support, hosting, analytics, crash reporting, A/B testing, email delivery, marketing, database management, and payment processing). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose. This includes providers listed in the table below and others necessary for app operation. These providers may access data via SDKs integrated into the app and communicate with their respective endpoints (e.g., `appsflyersdk.com`, `mixpanel.com`, `growthbook.io`, various `googleapis.com` subdomains for Firebase and Google services).

Advertising partners. When we use third-party cookies, SDKs, and other tracking tools (e.g., Google AdMob/DoubleClick, potentially others), our advertising partners may collect information from your device (such as AdID/IDFA, IP address, app usage data, AdServices API data) to help us analyze use of the Site and the App, display advertisements on the App (in the free version), measure ad performance, conduct attribution, and advertise the Site and App (and related content) elsewhere online. These partners operate under their own privacy policies. Data may be sent to endpoints like `googleads.g.doubleclick.net`.

Third-party platforms and social media networks. If you have enabled features or functionality that connect the App to a third-party platform or social media network (such as by logging into the app using your account with the third-party, providing your API key or similar access token for the App to a third-party, or otherwise linking your account with the App to a third-party’s services), we may disclose the personal information that you authorized us to share (such as when you elect to upload a photograph or document to your social media account). We do not control the third-party platforms’ use of your personal information, which is governed by that third party’s privacy policy and terms and conditions.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

THIRD-PARTY SERVICES & SDKs

We utilize various third-party services and Software Development Kits (SDKs) to provide and improve the App, enable functionality, perform analytics, display advertising (in the free version), and ensure stability. These third parties may collect data directly from your device via their SDKs and interact with their own servers (endpoints). Below is a list of key third-party services we use, along with links to their privacy policies. Please note that data collected by these third parties is governed by their respective privacy policies.

In addition to the services listed above, our app incorporates numerous other SDKs that are essential for core application development, functionality, user interface, and performance. These include libraries from AndroidX (part of Android Jetpack for fundamental app components like activities, UI elements, camera handling, lifecycle management, navigation, etc.), networking libraries (like OkHttp, Retrofit), image loading libraries (like Glide), utility libraries (like Gson, RxJava, Kotlin Coroutines), and UI component libraries (like Material Components, Lottie for animations). While these SDKs are integral to the app’s operation, they generally do not collect personal data for their own independent purposes but facilitate the app’s interaction with your device and our services.

The endpoint `::1` detected relates to localhost communication, which is standard for internal device processes.

COMPLIANCE WITH LAW

We may be required to use and share your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

YOUR CHOICES

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
• Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
• Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Third-party platforms or social media networks. If you choose to connect to the App via a third-party platform or social media network, such as by using Facebook login, you may have the ability to limit the information that we may obtain from the third-party at the time you login to the App using the third-party’s authentication service or otherwise connect your account. Subsequently, you may be able to control your settings through the third-party’s platform or service. For example, you may access and change your settings through the Facebook settings page for Apps and Websites. If you withdraw our ability to access certain information from a third-party platform or social media network, that choice will not apply to information that we have already received from that third party.

OTHER SITES, MOBILE APPLICATIONS AND SERVICES

The App may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

SECURITY PRACTICES

We use commercially reasonable security practices to help keep the information collected through the App secure and take reasonable steps to verify your identity before granting you access to your account (if you have an account with us). However, the app cannot ensure the security of any information you transmit to Tap or guarantee that information on the App may not be accessed, disclosed, altered, or destroyed.

Please do your part to help us. You are responsible for maintaining the confidentiality of your login information and device identifiers, and for controlling access to communications between you and the app, at all times. Your privacy settings may also be affected by changes the social media services you connect to the app make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.

Opt‑Out of Targeted Advertising, Sale and Profiling

TapScanner does not sell or share your Personal Data (as defined under relevant laws like CCPA/VCDPA). Under applicable laws like VCDPA and CCPA, you may have the right to opt out of:

• Targeted advertising (profiling for advertising purposes)
• Sale of your Personal Data (Note: We state we do not sell personal data)
• Profiling that produces legal or similarly significant effects

To exercise these rights where applicable, or manage your advertising preferences, choose one of the following:

1. In‑App: Check for relevant privacy settings under Settings → Privacy.
2. Device controls (for limiting Ad ID use):

   • iOS: Settings → Privacy & Security → Apple Advertising → disable “Personalized Ads”

   • Android: Settings → Privacy → Ads → select “Delete advertising ID” or “Opt out of Ads Personalization” (options may vary by device/OS version)

3. Email [email protected] with subject line “Opt‑Out of Targeted Advertising/Profiling Request” (if applicable under your jurisdiction).

Requests will be handled in accordance with applicable law. No user will be discriminated against for exercising their privacy rights.

RETENTION

We configure our cloud service providers (like Cloudflare, Amazon Web Services, Google Cloud Platform) to delete photographs/documents and associated processing data within 24 hours after they were last edited using the App. This allows you to revisit the content for additional modifications during that time.

With respect to other non-photograph/document information that we may collect (like analytics data, account information), we will retain such information in a personally identifiable format only for as long as necessary to fulfill the purposes we have set out in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. You may also ask that we delete your information subject to legal limitations by contacting us.

CROSS-BORDER DATA TRANSFERS

We store the information we collect in connection with the App primarily on servers provided by Amazon Web Services, Google Cloud Platform, and potentially Cloudflare. We may specify data storage locations (e.g., US, or closest available region). Your personal information may be accessed by our personnel or service providers in locations outside of your state, province, or country, including the United States, where data protection laws may differ. We take steps to ensure that transfers of personal information are subject to appropriate safeguards, such as Standard Contractual Clauses where required by laws like GDPR.

CHILDREN

The App is not directed at children under the age of 13 (or a higher age threshold where applicable by local law), and our Terms of Use do not allow children under the relevant age threshold to use the App. If we learn that we have collected personal information of a child under the applicable age without required parental consent, we will delete it. We encourage parents with concerns to contact us.

CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the App and/or Site. We may, and if required by law, will, provide notification of changes in another way that we believe is reasonably likely to reach you, such as through the App or via email (if we have your address).

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of the App after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

HOW TO CONTACT US

Please direct any questions or comments about this Policy or privacy practices to [email protected] You may also write to us via postal mail at:

NOTICE TO EUROPEAN USERS

The information provided in this “Notice to European Users” section applies only to individuals whose processing of personal data is subject to the GDPR (e.g., residents of the European Economic Area, UK, Switzerland).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

NOTICE TO CALIFORNIA RESIDENTS

We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information.

We do not “sell” personal information or “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. As we explain in this Privacy Policy, we use cookies and other tracking technologies (including those from third-party partners) to analyze Site and App traffic and use, and to facilitate advertising (in the free version). If you would like to opt out of the use of cookies and other tracking technologies for targeted advertising purposes, please review the instructions provided in the Opt‑Out of Targeted Advertising, Sale and Profiling section.

The following chart further describes our privacy practices by referencing the categories of personal information enumerated by the CCPA. For details on the sources, purposes, and disclosures, please refer to the main sections of this Privacy Policy (“Personal Information We Collect”, “How We Use Your Personal Information”, “How We Share Your Personal Information”).