Privacy Policy

1. Scope and controller

This Privacy Policy describes how Scan2Summary processes personal data when users visit the website, use the mobile app, create or link an account, analyze documents, manage billing, or contact support.

The service operator identified in the app store listing, website, or other published legal notice is the data controller for this service.

Privacy and data-rights requests may be sent to support@scan2summary.com unless a dedicated privacy contact, representative, or data protection officer contact is published for your region.

2. Data we may process

Based on the current mobile project, the service may process the following categories of data:

• Account and identity data, such as user ID, linked email identity, device ID, locale, and account status.
• Document analysis data, such as OCR text, detected language, summary, simplified explanation, action items, deadlines, amounts, warnings, and reference numbers.
• Image metadata included by the current frontend, such as file size, dimensions, mime type, source type, page count, and URI strings used inside the app.
• Billing and entitlement data, such as credit balance, credit ledger entries, subscriptions, purchase restore status, and plan entitlements.
• Support and deletion request data you send by email or through a local mailto helper on the website.

3. Local processing and server-side processing

Text recognition can run locally on supported iPhone builds through an on-device OCR module before the AI analysis request is sent. This means some text extraction may happen on the device itself.

The core explanation feature is server-side. Scan2Summary sends extracted text, page count, locale, app language, and relevant image metadata to the server so the service can generate analysis results and make them available in history.

We use third-party AI services to analyze document text. Other service providers may support hosting, billing, transactional email, crash reporting, or app distribution.

4. Why we process data and legal bases

• To provide the requested service: analyze documents, return summaries, show history, and manage reminders and billing. GDPR basis: contract or pre-contractual steps.
• To maintain account security, prevent abuse, and verify ownership for sensitive actions such as history access or deletion. GDPR basis: legitimate interests.
• To maintain support records, respond to user requests, and handle disputes, refunds, and compliance obligations. GDPR basis: legitimate interests and legal obligations.
• To retain minimal accounting and transaction records where required by law. GDPR basis: legal obligation.

5. Storage, retention, and deletion

Analyses may be stored on the server to support history access and persistent product behavior. Billing state, entitlements, and account records may also be retained while the account remains active and for a reasonable period afterward to handle disputes, fraud prevention, and legal obligations.

Users can delete their account directly in the app. Users may also delete individual analyses where the app exposes that action. If a user cannot access the app, support can help verify ownership and assist with deletion.

Some records may be retained for billing, fraud prevention, backups, or legal compliance for as long as reasonably necessary.

6. Sharing, processors, and international transfers

Scan2Summary uses third-party service providers that may support hosting, billing, transactional email, crash reporting, app distribution, customer support, or AI analysis.

If personal data is transferred outside the EEA or UK, the service relies on an appropriate transfer mechanism such as adequacy decisions or Standard Contractual Clauses where required.

7. GDPR rights

• Right to access your personal data.
• Right to rectify inaccurate or incomplete data.
• Right to erase data where applicable.
• Right to restrict certain processing.
• Right to object where processing relies on legitimate interests.
• Right to data portability where applicable.
• Right to lodge a complaint with a supervisory authority.
• You can exercise privacy requests by contacting support@scan2summary.com unless a different privacy contact is published.

8. Children, security, and updates

The service is not intended for children under 16 without parental or guardian involvement. If you believe a child provided personal data inappropriately, contact support for removal review.

We use reasonable technical and organizational safeguards, but no system can promise absolute security. We may update this policy when the service or legal requirements change.