Privacy Policy
Provider (Impressum)
Oberstr. 3, 47829 Krefeld, Germany
Handelsregister: HRB 21178 (Amtsgericht Krefeld)
USt-IdNr: DE456304266
Managing Director: Holger Köther
Contact: [email protected]
Data We Collect
Images
Images you submit for extraction are transmitted to an AI provider for processing. When using our backend service, images are sent to Anthropic (Claude AI). When using your own API key, images are sent directly to your configured provider.
When using our backend service, we temporarily retain extraction logs (including images) for up to 14 days to debug issues and improve service quality. After 14 days, image data is automatically deleted while anonymized metadata may be retained for analytics.
Apple Sign In
We receive an anonymous user identifier from Apple. If you choose to share your email, we receive that as well. This is used for account management and purchase tracking.
iCloud Integration
We use Apple's CloudKit framework to enable cross-device credit synchronization. Here's how it works:
- We obtain an anonymous identifier linked to your iCloud account
- This identifier is a one-way hash (SHA256) of your iCloud record ID — we cannot reverse it to identify you
- We do NOT access your iCloud email, name, photos, or any other personal iCloud data
- This identifier is used solely to sync your credit balance across devices signed into the same iCloud account
Data Storage
Your credit balance and purchase history are stored on our servers. This data is linked to your anonymous iCloud identifier (if signed into iCloud) or your device identifier (if not). Purchase transactions are verified with Apple's App Store Server API.
Purchases
In-app purchases are processed by Apple. We store transaction IDs to prevent duplicate credits.
API Keys
API keys you configure are stored locally on your device in the iOS Keychain. We do not receive your API keys.
Service Usage Data
When using our backend service, we collect:
- Extraction requests (timestamp, success/failure, provider used)
- Credit purchases and usage
- Error logs for debugging
- Device locale and timezone (for accurate date parsing)
This data helps us improve the service and troubleshoot issues.
Data We Do Not Collect
We do not collect:
- Device fingerprints or hardware identifiers
- Advertising identifiers
- Precise location data
- Calendar content (events are saved directly to your device)
- Data when using your own API keys (requests go directly to your provider)
Extraction history is stored locally on your device.
Third Parties
| Provider | Purpose | Location |
|---|---|---|
| Anthropic | AI extraction (backend) | United States |
| OpenAI | AI extraction (your key) | United States |
| Google (Gemini) | AI extraction (your key) | United States |
| Mistral | AI extraction (your key) | France |
| xAI (Grok) | AI extraction (your key) | United States |
| Apple | Auth and payments | United States |
| Cloudflare | Backend hosting | Global |
When you use third-party services with your own API key, their privacy policies govern data handling.
Data Retention
Extraction logs: Images and extraction data are automatically deleted after 14 days. Anonymized metadata (success rates, error types) may be retained longer for service improvement.
Account data: User ID, credit balance, and transaction history are retained until you delete your account.
Delete your account: Use the "Delete Account" option in Settings within the app, or email [email protected].
International Transfers
Data may be transferred to the United States via Anthropic and Cloudflare, protected by Standard Contractual Clauses.
Your Rights (GDPR)
Under GDPR, you may request access, correction, or deletion of your data by contacting [email protected]. Given our minimal data collection, there is limited data to act upon.
Supervisory Authority
Postfach 20 04 44, 40102 Düsseldorf, Germany
https://www.ldi.nrw.de
Changes
We may update this policy. Continued use constitutes acceptance.
Contact
For privacy inquiries: [email protected]