Privacy Policy

This Privacy Policy explains how 1001474709 Ontario Inc. operating as SMRTscan ("we," "us," or "our") collects, uses, and shares information when you use the SMRTscan mobile application and related services (the "Service").

If you do not agree with this policy, do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account information: Email address, phone number (optional), and display name.
• Receipt and document data: Images, PDFs, and extracted data including merchant names, dates, totals, line items, categories, tags, notes, job names, and reference numbers.
• Mileage data: Trip details including start/end locations, distances, purposes, and odometer readings (if you use mileage tracking).
• Settings and preferences: Custom categories, tags, saved locations, and export options.
• Support requests: Communications when you contact us for help.

1.2 Information Collected Automatically

• Usage data: Features used, scan counts, and interaction patterns within the app.
• Device data: Device type, operating system version, app version, and unique device identifiers.
• Diagnostic data: Crash reports and error logs to improve app stability.

1.3 Payments and Subscriptions

Payments are processed by Apple App Store or Google Play (or their payment providers).We do not collect or store your payment card details. We receive only subscription status and entitlement data from our subscription management provider (RevenueCat).

1.4 Cloud Backups (Optional)

If you enable cloud backup, receipt images and data may be uploaded to your connected cloud provider (iCloud or Google Drive). You control whether this is enabled, and backups are stored in your personal cloud account—not on our servers.

1.5 AI Processing

When you scan receipts, images are sent to Anthropic's Claude API for text extraction.Images are processed in real-time and are not stored by Anthropic beyond the processing request.

2. How We Use Information

We use collected information to:

• Provide the Service: Scan, extract, store, categorize, and export your receipts and mileage data.
• Process subscriptions: Manage your subscription status and enforce plan limits.
• Sync and backup: Store your data when you enable cloud backup features.
• Improve the Service: Analyze usage patterns to enhance features, fix bugs, and improve reliability.
• Provide support: Respond to your inquiries and troubleshoot issues.
• Send notifications: Warranty reminders, return window alerts, and price drop notifications (with your permission).
• Comply with law: Meet legal obligations and respond to lawful requests.

3. How We Share Information

We do not sell your personal information by default.

3.1 Optional Data Sharing Program

You may choose to participate in our optional Data Sharing Program through the app settings. This is entirely voluntary and does not affect your use of the Service.

If you opt in, we may share anonymized and aggregated data with third parties for:

• Market research: Anonymized spending trends and patterns (e.g., "X% of users in Ontario shop at grocery stores on weekends")
• Product improvement: Understanding how receipt formats vary to improve our AI extraction
• Industry analytics: Aggregated insights about retail and consumer behavior

What we DO NOT share even if you opt in:

• Your name, email, phone number, or any personally identifiable information
• Individual receipt images
• Your specific purchase history linked to you
• Your location beyond general region (e.g., province/state level only)

You can opt out at any time through Settings → Privacy → Data Sharing. Opting out will stop future data sharing immediately.

3.2 Other Sharing

We may also share information in these circumstances:

• Service providers: Third parties who process data on our behalf to operate the Service (see Section 4).
• Cloud storage providers: Your chosen backup provider (iCloud or Google Drive) when you enable backups.
• Legal requirements: Law enforcement or government authorities if required by law, court order, or to protect rights, safety, or security.
• Business transfers: If we merge with or are acquired by another company, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Service Providers

We use the following third-party services to operate the Service:

These providers process data as needed to provide their services and are governed by their own privacy policies.

5. Data Storage and Security

5.1 Local Storage

• All receipt data, images, and personal information are stored locally on your device by default.
• Data is stored using encrypted databases and secure storage mechanisms.
• Biometric authentication (Face ID/Touch ID) is available to protect app access.

5.2 Cloud Storage (Optional)

• If you enable cloud backup, data is encrypted before upload to your personal cloud account.
• We do not have access to your cloud storage credentials or backup data.

5.3 Security Measures

• All network communications use HTTPS/TLS encryption.
• Sensitive data (API keys, credentials) is stored in device secure storage.
• We use reasonable administrative, technical, and organizational measures to protect data.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take data protection seriously.

6. Data Retention

• Active use: We retain data for as long as you keep it in the app.
• Deleted items: Moved to "Recently Deleted" for 30 days, then permanently removed.
• Cloud backups: Remain in your cloud account until you manually delete them.
• Account deletion: All data is permanently deleted within 30 days of account deletion request.

7. Your Rights and Choices

You can:

• Access your data: View all stored data within the app.
• Export your data: Export receipts to CSV, PDF, or ZIP at any time.
• Update or delete data: Edit or delete individual receipts, trips, or reminders.
• Disable cloud backups: Turn off backups to keep all data local-only.
• Disable notifications: Manage push notifications in your device settings.
• Request account deletion: Contact us to delete your account and all associated data.

For Canadian Residents (PIPEDA)

You have the right to access, correct, and request deletion of your personal information. Contact us to exercise these rights.

For California Residents (CCPA)

You have the right to:

• Know what personal information is collected.
• Request deletion of personal information.
• Opt-out of the sale of personal information (we only share anonymized data if you opt in).
• Non-discrimination for exercising privacy rights.

For European Residents (GDPR)

You have additional rights including:

• Right to access, rectification, and erasure.
• Right to restrict or object to processing.
• Right to data portability.
• Right to withdraw consent.
• Right to lodge a complaint with a supervisory authority.

8. Children's Privacy

The Service is not directed to children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately and we will delete it.

9. International Data Transfers

If you use the Service outside Canada, your data may be processed in other jurisdictions where our service providers operate (including the United States). By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top.
• Provide notice within the app.
• For significant changes, request your acknowledgment.

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, contact us at:

1001474709 Ontario Inc. operating as SMRTscan
Email: privacy@smrtscan.app
Location: Guelph, Ontario, Canada

Summary

Your data stays on your device unless you choose cloud backup. We only share anonymized data if you explicitly opt in.