Privacy Policy

Last updated [April 22, 2025]

This Privacy Policy describes the privacy practices of our app in connection with the app mobile application (the “App”) and tap.pm website (the “Site”).

If you decide not to read this entire Privacy Policy, we want you to walk away with a few key points about Tap’s privacy practices:

  • We use third-party cloud providers – specifically, Cloudflare and Amazon Web Services – to process and edit photographs (Neural networks based editing) and extract text from documents (OCR).
  • The App only uploads to the cloud the images that you specifically select for processing.
  • Photos are temporarily cached on the cloud servers during the editing process, and encrypted using a key stored locally on your mobile device.
  • Photos remain in the cloud for a limited period of 24 hours after you have last edited the photograph, so that you can return to the image and make additional changes if you so choose.
  • We do not use the photographs you provide when you use the App for any reason other than to provide you with the portrait editing functionality of the App.
  • Videos are edited locally on your device, so you don’t provide us with videos when you use the App, and we don’t collect, use and share your video information.

If you have any questions about our privacy practices, please email [email protected]

Here’s more on our privacy practices. Individuals located in the European Economic Area should also read our Notice to European Users below.

PERSONAL INFORMATION WE COLLECT

When you use the App, we may collect information about you, including:

  • Photographs and/or documents you provide when you use the App, via your camera or camera roll (if you have granted us permission to access your camera or camera roll), the in-App internet search functionality, or your social media account (if you choose to connect your social media account). We obtain only the specific images you chose to modify using the App; we do not collect your photo albums even if you grant us your access to them. We encrypt each photograph that you upload using the App. The encryption key is stored locally on your device. This means that the only device that can view the photo is the device from which the photograph was uploaded using the App – the user’s device. Please note that while we do not require or request any metadata attached to the photographs you upload, metadata (including, for example, geotags) may be associated with your photographs by default. We take steps to delete any metadata that may be associated with a photograph you provide when you use the App.
  • Other Files and Media (including Music Files, Other Audio Files, Videos, Voice or Sound Recordings): In addition to photos and documents, features within the app might require access to other media types *if you explicitly choose to use such features*. For example, if a feature allows importing audio or video, or recording voice notes, we will only access the specific files or use the microphone when you initiate these actions. As stated previously, video editing is currently processed locally.
  • Smart Auto Naming: Our Smart Auto Naming feature may process text from your scanned documents to automatically generate relevant document file names. This uses on-device OCR to extract the first few words from your document, which may then be temporarily sent to our servers for AI-based name generation. This data is used solely for suggesting document names and is deleted immediately after processing. You can disable this feature in the app settings at any time.
  • App usage information, such as information about how you use the App and interact with us, including your preferred language, the date and time when you first installed the App and the date and time you last used the App, crash logs, diagnostics, and other performance data.
  • Purchase history, if you choose to purchase an App subscription, such as confirmation that you are a paid subscriber to the App.
  • Social media information, if you choose to login to the App via a third-party platform or social media network (for example, Facebook), or otherwise connect your account on the third-party platform or network to the App. We may collect information from that platform or network, such as your social media alias, first and last name, number of “friends” on the social media platform and, if depending on your Facebook or other network settings, a list of your friends or connections (though we do not use or store this information). Our collection and processing of the information we obtain from social media platforms is governed by the requirements these social media platforms impose on us in their relevant terms and conditions.
  • Device data and Identifiers, such as your computer and mobile device operating system type and version number, manufacturer and model, device ID, push tokens, Google Advertising ID (AdID) (used for personalized advertising and analytics), Apple ID for Advertising (IDFA) (used for personalized advertising and analytics), browser type, screen resolution, IP address (and the associated country/approximate location in which you are located), network connection state (WiFi/cellular), the website you visited before visiting our Site; and other information about the device you are using to visit the App. This also includes identifiers collected via SDKs for analytics, advertising, and app functionality.
  • Online activity data, such as information about your use of and actions on the App and the Sites, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and certain third parties (e.g., online advertising networks and their clients) also may collect this type of information over time and across third-party websites and mobile applications. This information may be collected on our Site using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies. We may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our App. This information may be collected directly by us or through third-party Software Development Kits (“SDKs”) for purposes such as analytics and advertising.

Device permissions for Personal Data access

Depending on the User’s specific device, this Application may request certain permissions that allow it to access the User’s device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document. The exact procedure for controlling app permissions may be dependent on the User’s device and software. Please note that the revoking of such permissions might impact the proper functioning of this Application.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.

  • Camera permission (android.permission.CAMERA): Used for accessing the camera or capturing images and video from the device for scanning or other features.
  • Storage Permissions (android.permission.READ_EXTERNAL_STORAGE, android.permission.WRITE_EXTERNAL_STORAGE, android.permission.READ_MEDIA_IMAGES, android.permission.READ_MEDIA_VISUAL_USER_SELECTED): Allows access to read, write, or select files (photos, documents, media) from the User’s device storage or Photo Library, as initiated by the user for importing, editing, or saving content. The specific permission depends on the Android version and the type of media being accessed.
  • Internet & Network State Permissions (android.permission.INTERNET, android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE, android.permission.CHANGE_WIFI_STATE): Required to access the internet for app functionality, downloading/uploading content, communicating with our servers and third-party services (like analytics, ads, cloud processing), and optimizing performance based on network connectivity.
  • Advertising ID & AdServices Permissions (com.google.android.gms.permission.AD_ID, android.permission.ACCESS_ADSERVICES_AD_ID, android.permission.ACCESS_ADSERVICES_ATTRIBUTION, android.permission.ACCESS_ADSERVICES_TOPICS): Used by the app and third-party advertising and analytics partners to provide personalized advertising (in the free version), measure ad effectiveness, perform attribution analysis, and comply with platform requirements for advertising functionalities. User controls for ad personalization are available in device settings.
  • Billing Permission (com.android.vending.BILLING): Necessary to handle in-app purchases and subscriptions through the Google Play Store.
  • Foreground Service & Background Execution Permissions (android.permission.FOREGROUND_SERVICE, android.permission.RECEIVE_BOOT_COMPLETED, android.permission.WAKE_LOCK): Allows the app to perform essential tasks reliably, such as processing large files, managing uploads/downloads, or handling critical operations, sometimes continuing briefly after the user leaves the app or after the device restarts, to ensure tasks complete successfully. WAKE_LOCK helps prevent the device from sleeping during critical operations.
  • Notifications Permission (android.permission.POST_NOTIFICATIONS): Allows the app to send push notifications for updates, alerts, or marketing messages, if the user opts-in (on supported Android versions).
  • Vibrate Permission (android.permission.VIBRATE): Used to provide haptic feedback for user actions within the app.
  • Install Referrer Permission (com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE): Used primarily for analytics and marketing attribution to understand how users discovered and installed the app via the Google Play Store.
  • Basic Phone State Permission (android.permission.READ_BASIC_PHONE_STATE): Some third-party SDKs (e.g., analytics, ad networks) may require this permission to access non-sensitive device state information for compatibility, identification, or fraud prevention purposes.
  • Other Permissions (e.g., pdf.tap.scanner.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION, com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA, com.samsung.android.mapsagent.permission.READ_APP_INFO, com.google.android.c2dm.permission.RECEIVE): These permissions are typically required for internal app functions, compatibility with specific device manufacturer services (like Huawei, Samsung), receiving system messages (like push notifications via Google Cloud Messaging), ensuring security practices, or are dependencies of integrated SDKs.

Face recognition technologies
We use face recognition technologies In order to provide our Services, we use this technology to recognize people in images and camera experiences. We may detect and use facial marks to provide face recognition contents and facial manipulation features.

The information we collect cannot be used for identifying a specific person, and is used to provide the mentioned features only. When the content inference is done or upon the closing of the application, the facial mapping information is discarded, We will neither use the results for other purposes. This data and information is not shared with any third party and no one but you have access to it.

Managing Device Permissions

TapScanner only uses permissions you explicitly grant. To revoke permissions:

  • Android: Settings → Apps → TapScanner → Permissions → disable the specific permission (e.g., Camera, Storage, Notifications).

  • iOS: Settings → Privacy & Security → [Permission Type e.g., Camera or Photos] → toggle off TapScanner.

Revoking permissions may limit or disable related App features.

HOW WE USE YOUR PERSONAL INFORMATION

We do not use the photographs or documents you provide when you use the App for any reason other than to provide you with the scanning, editing, and related functionality of the App (like Smart Auto Naming). We may use information other than photographs/documents for the following purposes:

To operate and improve the App:

  • Enable you to use the App’s features;
  • Establish and maintain your account, if you choose to login to the App using your social media account;
  • Communicate with you about the App, including by sending you announcements, updates, and security alerts, which we may send through a push notification, and responding to your requests, questions and feedback;
  • Provide technical support and maintenance for the App; and
  • Perform statistical analysis about use of the App (including through the use of third-party analytics providers like Google Analytics, Firebase Analytics, AppsFlyer, Mixpanel, Amplitude, as detailed below), which may involve the use of device identifiers and usage data to understand user behavior, fix crashes (using services like Firebase Crashlytics), and improve features (using services like GrowthBook for A/B testing).

To send you marketing and promotional communications. We may send you marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing section below.

To display advertisements to you. If you use the free version of the App, we work with advertising partners (like Google AdMob/DoubleClick) to display advertisements within the App. These advertisements are delivered by our advertising partners and may be targeted based on your use of the App, your activity elsewhere online, and your device’s advertising ID (AdID/IDFA) and potentially information derived from AdServices APIs. We may use tools like Google’s User Messaging Platform (UMP) via `fundingchoicesmessages.google.com` to manage consent for advertising. To learn more about your choices in connection with advertisements, please see the section below titled “Targeted online advertising.”

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or Appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. This may involve using device identifiers and network information.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information like photos you process, in order to improve our AI models and features in the app and in other photo-related apps provided by us, and offer a better service for editing and enhancing your images (for example, by using your images to train and validate our AI algorithms in the app and in other similar mobile and web apps provided by us, and by examining and labelling your images to improve the performance of our enhancement features). The legal basis for the processing is your consent (art. 6(1)(a) of the GDPR). If you have an account and upon your consent, we will receive images, videos and audio-recordings uploaded by you.

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

HOW WE SHARE YOUR PERSONAL INFORMATION

We do not disclose user photographs or documents to third parties except as necessary to provide the app’s features (e.g., uploading encrypted data to our cloud providers Google Cloud Platform, Amazon Web Services, and Cloudflare for processing and temporary storage as described). We may share your non-photograph/non-document information in the following circumstances:

Affiliates. We may share App usage information with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information (excluding raw photos/documents unless needed for a specific service you request and consent to, like cloud OCR) with service providers that perform services on our behalf or help us operate the App (such as customer support, hosting, analytics, crash reporting, A/B testing, email delivery, marketing, database management, and payment processing). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose. This includes providers listed in the table below and others necessary for app operation. These providers may access data via SDKs integrated into the app and communicate with their respective endpoints (e.g., `appsflyersdk.com`, `mixpanel.com`, `growthbook.io`, various `googleapis.com` subdomains for Firebase and Google services).

Advertising partners. When we use third-party cookies, SDKs, and other tracking tools (e.g., Google AdMob/DoubleClick, potentially others), our advertising partners may collect information from your device (such as AdID/IDFA, IP address, app usage data, AdServices API data) to help us analyze use of the Site and the App, display advertisements on the App (in the free version), measure ad performance, conduct attribution, and advertise the Site and App (and related content) elsewhere online. These partners operate under their own privacy policies. Data may be sent to endpoints like `googleads.g.doubleclick.net`.

Third-party platforms and social media networks. If you have enabled features or functionality that connect the App to a third-party platform or social media network (such as by logging into the app using your account with the third-party, providing your API key or similar access token for the App to a third-party, or otherwise linking your account with the App to a third-party’s services), we may disclose the personal information that you authorized us to share (such as when you elect to upload a photograph or document to your social media account). We do not control the third-party platforms’ use of your personal information, which is governed by that third party’s privacy policy and terms and conditions.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

THIRD-PARTY SERVICES & SDKs

We utilize various third-party services and Software Development Kits (SDKs) to provide and improve the App, enable functionality, perform analytics, display advertising (in the free version), and ensure stability. These third parties may collect data directly from your device via their SDKs and interact with their own servers (endpoints). Below is a list of key third-party services we use, along with links to their privacy policies. Please note that data collected by these third parties is governed by their respective privacy policies.

Entity name / Service Services performed Entity location Link to Privacy Policy Associated Endpoints (Examples)
Google LLC (incl. Firebase, Google Play Services, AdMob/DoubleClick, Google Cloud, UMP) Cloud storage, Analytics (Firebase Analytics, Google Analytics), Crash reporting (Firebase Crashlytics), Remote Configuration, Cloud Messaging, Advertising (AdMob/DoubleClick), Ad Consent Management (UMP), Billing, Authentication, App Updates, Integrity Checks, ML Kit, Device ID/AdServices Access U.S.A. https://policies.google.com/privacy?hl=en
https://firebase.google.com/support/privacy
https://policies.google.com/technologies/ads
`firebase-settings.crashlytics.com`, `googleads.g.doubleclick.net`, `firebaseinstallations.googleapis.com`, `firebaselogging-pa.googleapis.com`, `firebaselogging.googleapis.com`, `firebaseremoteconfig.googleapis.com`, `fundingchoicesmessages.google.com`
AppsFlyer Inc. Marketing analytics & attribution service provider U.S.A. https://www.appsflyer.com/legal/privacy-policy/
https://www.appsflyer.com/legal/services-privacy-policy/
`*.appsflyersdk.com` (e.g., `kxfegf-launches.appsflyersdk.com`, `kxfegf-conversions.appsflyersdk.com`)
Mixpanel, Inc. Product analytics to understand user behavior U.S.A. https://mixpanel.com/legal/privacy-policy/ `api.mixpanel.com`
GrowthBook, Inc. A/B testing & feature flagging U.S.A. https://docs.growthbook.io/docs/privacy `cdn.growthbook.io`
Amazon Web Services (AWS) Cloud infrastructure provider (potentially for image/data processing or storage) U.S.A. (Region Specified) https://aws.amazon.com/privacy/ AWS Endpoints (various)
Cloudflare Cloud infrastructure provider (potentially for image/data processing or CDN) U.S.A. https://www.cloudflare.com/privacypolicy/ Cloudflare Endpoints (various)
Amplitude Analytics service provider U.S.A. https://amplitude.com/privacy/ Amplitude Endpoints
Apple Inc. Cloud storage provider (for iOS devices), App Store services U.S.A. https://www.apple.com/legal/privacy/en-ww/ Apple Endpoints
Facebook Inc. (Meta) Analytics / ad management / social login provider U.S.A. https://www.facebook.com/privacy/policy/ Facebook/Meta Endpoints

In addition to the services listed above, our app incorporates numerous other SDKs that are essential for core application development, functionality, user interface, and performance. These include libraries from AndroidX (part of Android Jetpack for fundamental app components like activities, UI elements, camera handling, lifecycle management, navigation, etc.), networking libraries (like OkHttp, Retrofit), image loading libraries (like Glide), utility libraries (like Gson, RxJava, Kotlin Coroutines), and UI component libraries (like Material Components, Lottie for animations). While these SDKs are integral to the app’s operation, they generally do not collect personal data for their own independent purposes but facilitate the app’s interaction with your device and our services.

The endpoint `::1` detected relates to localhost communication, which is standard for internal device processes.

COMPLIANCE WITH LAW

We may be required to use and share your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

YOUR CHOICES


Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Third-party platforms or social media networks. If you choose to connect to the App via a third-party platform or social media network, such as by using Facebook login, you may have the ability to limit the information that we may obtain from the third-party at the time you login to the App using the third-party’s authentication service or otherwise connect your account. Subsequently, you may be able to control your settings through the third-party’s platform or service. For example, you may access and change your settings through the Facebook settings page for Apps and Websites. If you withdraw our ability to access certain information from a third-party platform or social media network, that choice will not apply to information that we have already received from that third party.


OTHER SITES, MOBILE APPLICATIONS AND SERVICES

The App may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

SECURITY PRACTICES

We use commercially reasonable security practices to help keep the information collected through the App secure and take reasonable steps to verify your identity before granting you access to your account (if you have an account with us). However, the app cannot ensure the security of any information you transmit to Tap or guarantee that information on the App may not be accessed, disclosed, altered, or destroyed.

Please do your part to help us. You are responsible for maintaining the confidentiality of your login information and device identifiers, and for controlling access to communications between you and the app, at all times. Your privacy settings may also be affected by changes the social media services you connect to the app make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.

Opt‑Out of Targeted Advertising, Sale and Profiling

TapScanner does not sell or share your Personal Data (as defined under relevant laws like CCPA/VCDPA). Under applicable laws like VCDPA and CCPA, you may have the right to opt out of:

  • Targeted advertising (profiling for advertising purposes)
  • Sale of your Personal Data (Note: We state we do not sell personal data)
  • Profiling that produces legal or similarly significant effects

To exercise these rights where applicable, or manage your advertising preferences, choose one of the following:

  1. In‑App: Check for relevant privacy settings under Settings → Privacy.
  2. Device controls (for limiting Ad ID use):

    • iOS: Settings → Privacy & Security → Apple Advertising → disable “Personalized Ads”

    • Android: Settings → Privacy → Ads → select “Delete advertising ID” or “Opt out of Ads Personalization” (options may vary by device/OS version)

  3. Email [email protected] with subject line “Opt‑Out of Targeted Advertising/Profiling Request” (if applicable under your jurisdiction).

Requests will be handled in accordance with applicable law. No user will be discriminated against for exercising their privacy rights.

RETENTION

We configure our cloud service providers (like Cloudflare, Amazon Web Services, Google Cloud Platform) to delete photographs/documents and associated processing data within 24 hours after they were last edited using the App. This allows you to revisit the content for additional modifications during that time.

With respect to other non-photograph/document information that we may collect (like analytics data, account information), we will retain such information in a personally identifiable format only for as long as necessary to fulfill the purposes we have set out in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. You may also ask that we delete your information subject to legal limitations by contacting us.

CROSS-BORDER DATA TRANSFERS

We store the information we collect in connection with the App primarily on servers provided by Amazon Web Services, Google Cloud Platform, and potentially Cloudflare. We may specify data storage locations (e.g., US, or closest available region). Your personal information may be accessed by our personnel or service providers in locations outside of your state, province, or country, including the United States, where data protection laws may differ. We take steps to ensure that transfers of personal information are subject to appropriate safeguards, such as Standard Contractual Clauses where required by laws like GDPR.

CHILDREN

The App is not directed at children under the age of 13 (or a higher age threshold where applicable by local law), and our Terms of Use do not allow children under the relevant age threshold to use the App. If we learn that we have collected personal information of a child under the applicable age without required parental consent, we will delete it. We encourage parents with concerns to contact us.

CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the App and/or Site. We may, and if required by law, will, provide notification of changes in another way that we believe is reasonably likely to reach you, such as through the App or via email (if we have your address).

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of the App after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

HOW TO CONTACT US

Please direct any questions or comments about this Policy or privacy practices to [email protected] You may also write to us via postal mail at:

Smart media internet marketing ltd.
Attn: Legal – Privacy
Sderot Hayahasut 11, Beer Sheva, Israel

NOTICE TO EUROPEAN USERS

The information provided in this “Notice to European Users” section applies only to individuals whose processing of personal data is subject to the GDPR (e.g., residents of the European Economic Area, UK, Switzerland).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose

Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.

Legal basis (GDPR)
To operate and improve the App (including core functionality, support, account management) Processing is necessary to perform the contract governing our provision of services (Art. 6(1)(b) GDPR). If no contract, based on our legitimate interest in providing the requested services (Art. 6(1)(f) GDPR).
To send you marketing and promotional communications
To display advertisements to you (using non-sensitive data)
For analytics and app improvement (e.g., crash reporting, usage analysis, A/B testing)
For compliance (non-legal obligation), fraud prevention and safety
To create anonymous, aggregated or de-identified data
These activities constitute our legitimate interests (Art. 6(1)(f) GDPR). We do not rely on legitimate interests where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). For advertising/marketing cookies/trackers or marketing communications, we may rely on consent where required (Art. 6(1)(a) GDPR).
Compliance with Law (Legal Obligations) Processing is necessary to comply with our legal obligations (Art. 6(1)(c) GDPR).
With your consent (e.g., for specific data uses you agree to, like optional AI training, certain marketing, accessing sensitive data via permissions) Processing is based on your consent (Art. 6(1)(a) GDPR). Where we rely on your consent you have the right to withdraw it any time.

YOUR RIGHTS

European data protection laws give you certain rights regarding your personal information. If you are located within the scope of GDPR, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice (data portability).
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to [email protected] or our postal address provided above. We will respond to your request in accordance with applicable law.

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

NOTICE TO CALIFORNIA RESIDENTS

We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information.

We do not “sell” personal information or “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. As we explain in this Privacy Policy, we use cookies and other tracking technologies (including those from third-party partners) to analyze Site and App traffic and use, and to facilitate advertising (in the free version). If you would like to opt out of the use of cookies and other tracking technologies for targeted advertising purposes, please review the instructions provided in the Opt‑Out of Targeted Advertising, Sale and Profiling section.

The following chart further describes our privacy practices by referencing the categories of personal information enumerated by the CCPA. For details on the sources, purposes, and disclosures, please refer to the main sections of this Privacy Policy (“Personal Information We Collect”, “How We Use Your Personal Information”, “How We Share Your Personal Information”).

Category of Personal Information (CCPA) Examples (Refer to “Personal Information We Collect” for details) Disclosed to Third Parties for a Business Purpose?
Identifiers Device ID, Ad ID, IP Address, User ID (if applicable), Social Media Alias (if connected) Yes (Service Providers, Analytics Partners, Ad Partners, Affiliates, Compliance/Legal, Business Transfers)
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Name (if provided via social login), Address (if provided for support/billing), Phone number (if provided) Yes (Service Providers, Affiliates, Compliance/Legal, Business Transfers)
Characteristics of protected classifications under California or federal law Age (inferred for Children’s privacy compliance), Gender (potentially inferred by Ad Partners) Yes (Ad Partners – inferred data; Not directly collected by us for this purpose)
Commercial information Purchase history (subscription status) Yes (Service Providers – e.g., payment processors indirectly via App Stores, Analytics Partners, Affiliates, Compliance/Legal, Business Transfers)
Biometric information Face geometry/landmarks (used transiently on-device for features, not stored or shared) No (Processed locally, not disclosed)
Internet or other similar network activity App usage information, online activity data, interactions with ads, crash logs, diagnostic data Yes (Service Providers, Analytics Partners, Ad Partners, Affiliates, Compliance/Legal, Business Transfers)
Geolocation data Approximate location derived from IP address Yes (Service Providers, Analytics Partners, Ad Partners, Affiliates, Compliance/Legal, Business Transfers)
Sensory data Photographs, Documents, Videos, Audio Files, Voice Recordings (if user initiates feature requiring access) Yes (Cloud Service Providers for processing/storage; Social Media if user shares; Not otherwise disclosed)
Professional or employment-related information Not intentionally collected No
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Not intentionally collected No
Inferences drawn from other personal information User preferences, interests (inferred by analytics/ad partners based on usage/device data) Yes (Analytics Partners, Ad Partners)
Sensitive Personal Information Account log-in (if applicable), Precise Geolocation (not typically collected, potentially inferred by partners), Biometric Information (processed transiently on-device), Contents of communications (support requests), Race/Ethnicity/Religion/Union Membership/Sexual Orientation (not intentionally collected) Yes (Biometric – transient on-device only; Account Login – for authentication; Communications – for support; Other categories not intentionally collected/disclosed) Note: Use/disclosure limited to permitted purposes under CCPA.

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. See the “Retention” section for more details.

CALIFORNIA RESIDENTS’ PRIVACY RIGHTS

The CCPA grants California residents the following rights. We will not discriminate against you for exercising your rights.

  • Information/Know. You can request information about how we have collected, used and shared your personal information during the past 12 months, including the categories of personal information collected, sources, purposes for collection, categories of third parties to whom we disclosed information, and categories of information disclosed for a business purpose.
  • Access. You can request a copy of the specific pieces of personal information that we maintain about you.
  • Deletion. You can ask us to delete the personal information that we collected or maintain about you, subject to certain exceptions.
  • Correction. You can ask us to correct inaccurate personal information that we maintain about you.
  • Opt-out of Sale/Sharing. As noted, we do not “sell” or “share” personal information as defined by CCPA.
  • Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of sensitive personal information to certain purposes permitted by the CCPA. As described above, our use is generally limited to these permitted purposes (e.g., providing services, security, compliance).

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you as required by law.

How to Submit a Request

Submit your CCPA request by emailing [email protected] with the subject line “CCPA Request” or via tap.pm/contact‑us. We will acknowledge within 10 business days and fulfill within 45 calendar days (extendable once by 45 days with notice). We need to verify your identity before processing your request, which may require you to provide additional information matching our records.

Authorized agents may submit requests on your behalf, but we require written permission signed by you and may verify your identity directly.

Device Permissions Summary

TapScanner requests permissions only as needed for features. You control these via device settings.

  • Camera: Capture photos/scans.

  • Photo Library/Storage: Access/save images/docs you select.

  • Internet/Network: Connect to services for functionality, ads, analytics.

  • Advertising ID/AdServices: For ads and analytics (free version).

  • Other permissions: As listed earlier, for core functions, background tasks, billing, notifications, etc.

  • Face Recognition (on‑device): For facial features; processed transiently, not stored.


Opt‑Out of Sharing or Sale of Personal Information / Targeted Advertising

As stated, TapScanner does not “sell” or “share” your Personal Data as defined by CCPA. All photos and documents you upload are encrypted, processed, and deleted from our servers within 24 hours of your last edit. To limit the use of your Advertising ID for targeted advertising by third-party partners, please use the device controls mentioned in the “Opt‑Out of Targeted Advertising, Sale and Profiling” section above.


Data Controller & Data Protection Officer

For privacy questions:

Data Controller

Smart Media Internet Marketing Ltd.

Sderot Hayahasut 11, Beer Sheva, Israel

Contact: [email protected]

Data Protection Officer (DPO)

Yoav Tzori, DPO

[email protected]


Notice to Brazilian Users (LGPD)

Under Brazil’s General Data Protection Law (LGPD), you have rights including confirmation of processing, access, correction, anonymization, blocking or deletion of unnecessary data, portability, deletion of data processed with consent, information about sharing, information about the possibility of denying consent, and revocation of consent.

Note: Because TapScanner automatically deletes user‑uploaded images and extracted text within 24 hours, PII related to that content is not retained long-term. If you have questions or wish to exercise your LGPD rights regarding other data we may hold (e.g., analytics, account info), contact [email protected]; we will respond in accordance with the law.


Notice to Virginia Residents (VCDPA)

Virginia Consumer Data Protection Act (VCDPA) Rights

If you are a Virginia resident, you have the right to: Confirm processing and access your data; Correct inaccuracies; Delete your data; Obtain a copy (portability); Opt out of targeted advertising, sale of personal data, and profiling with legal or similarly significant effects.

Submit your VCDPA request by emailing [email protected]. We will respond according to VCDPA timelines.

Note: TapScanner does not “sell” data as defined by VCDPA and does not retain uploaded image/document PII beyond 24 hours. To opt-out of targeted advertising using your Ad ID, use the device controls described earlier. For other requests or questions, email [email protected].