Privacy Policy

1. Introduction

Welcome to AI Doc Scanner, a product of WiscAI, LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the AI Doc Scanner mobile application ("App"). By using AI Doc Scanner, you agree to the practices described in this policy.

We are committed to protecting your privacy and being transparent about how your data is handled. AI Doc Scanner is designed with a privacy-first approach — optical character recognition (OCR) happens entirely on your device, and we only process the minimum data necessary to deliver our AI-powered extraction features.

2. Information We Collect

(a) Account Information

When you create an account, we collect your email address and a securely hashed password. Authentication is handled by Supabase Auth. We never store your password in plain text.

(b) Document Data

Scanned images. When you scan a document, the image is uploaded to our cloud storage (Supabase Storage) and associated with your account.

OCR text. Your device performs optical character recognition on scanned images using Apple's on-device Vision framework. The recognized text is stored alongside the scan in our database. OCR processing happens entirely on your device — no images are sent to any external service for text recognition.

AI-extracted data. If you use the AI extraction feature, the OCR text (never the original image) is sent to OpenAI's API (GPT-4o Mini) via our secure edge function to produce structured data such as receipt line items, business card contact fields, insurance card details, or form entries. The structured result is stored in our database.

(c) Subscription Information

If you subscribe to Premium, RevenueCat processes the transaction through Apple's App Store. We receive subscription status, product identifier, and expiration date. We do not receive or store your payment card details.

(d) Usage Information

We track your AI extraction count to enforce free-tier limits. We do not use third-party analytics SDKs, advertising identifiers, or location tracking.

3. How We Use Your Information

• To provide, maintain, and improve the App's scanning and extraction features.
• To perform AI-powered document extraction when you request it.
• To process natural language document searches when you use the search feature.
• To manage your subscription and enforce usage limits.
• To communicate with you about your account or the service (e.g., password resets, verification emails).
• To prevent abuse and ensure service security.

We do NOT use your information for targeted advertising. We do NOT sell, rent, or trade your personal information to any third party.

4. On-Device Processing

AI Doc Scanner uses Apple's Vision framework (VNRecognizeTextRequest) for optical character recognition. This processing happens entirely on your device — your document images are never transmitted to any third-party service for text recognition. The Vision framework supports 18 languages and works offline.

Camera and photo library access require your explicit permission, which you can revoke at any time in your device's Settings app.

5. AI Processing

Your documents are NOT used to train AI models.

When you request AI extraction or use natural language search, we send the OCR-extracted text (only) to OpenAI's API via our secure Supabase edge function, along with a system prompt that instructs the AI how to extract structured data for the specific document type.

What we send to OpenAI: OCR-extracted text and a system prompt.

What we do NOT send: Your original document images, email address, account ID, authentication tokens, or any other personal identifiers.

OpenAI's API data usage policy states that data sent via the API is not used to train their models. OpenAI retains API inputs and outputs for up to 30 days for abuse and misuse monitoring, after which it is deleted. For more information, see OpenAI's API Data Usage Policies.

AI-generated extraction results may contain errors. Always verify extracted data before relying on it for financial, legal, medical, or professional purposes.

6. Data Sharing and Third-Party Services

We share the minimum data necessary with the following services:

• Supabase (supabase.com) — Authentication, database, cloud storage, and serverless edge functions. Your account data, scan images, OCR text, and extracted data are stored on Supabase infrastructure.
• OpenAI (openai.com) — AI extraction and natural language search. Only OCR-extracted text is sent to OpenAI; your original images are never shared. OpenAI's API data usage policy states that data sent via the API is not used to train their models.
• RevenueCat (revenuecat.com) — Subscription management. RevenueCat receives your anonymous user ID and purchase receipt from Apple to manage subscription status.
• Apple — App Store in-app purchase processing. Apple handles all payment transactions.

We may also disclose information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

7. Data Storage and Security

Your data is stored on Supabase's cloud infrastructure. All data is transmitted over HTTPS/TLS. Database access is restricted by Row Level Security (RLS) policies, ensuring you can only access your own data. Passwords are hashed and never stored in plain text.

While we implement industry-standard security measures, no method of electronic storage is 100% secure. We will notify affected users without unreasonable delay in the event of a data breach.

8. Data Retention and Deletion

We retain your data for as long as your account is active. You may delete individual scans at any time from within the App, which permanently removes the scan image, OCR text, and any associated AI extractions.

You may delete your entire account and all associated data (scans, images, extractions, and usage records) from the Settings screen. Account deletion is permanent and cannot be undone. Upon account deletion, all data is removed from our servers promptly.

Server-side operational logs (which may include anonymized usage metrics) are retained for up to 90 days for security and debugging purposes, then automatically deleted.

9. Device Permissions

• Camera: Used to scan documents. Required for core app functionality.
• Photo Library: Used to import existing photos for scanning. Optional.
• Contacts: Used to save extracted business card information to your device's address book. Optional. Note: once saved, contact data is managed by your device and may sync to iCloud or other cloud contacts services per your device settings.

All permissions can be revoked at any time in your device's Settings > AI Doc Scanner.

10. Your Rights

All Users

You have the right to access, view, export (as PDF or CSV), and delete your data at any time through the App. You may delete your account from the Settings screen.

California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, request its deletion, request its correction, and opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise any of these rights, contact us at support@wiscai.com. We will respond within 45 days.

European Residents (GDPR)

You have the right to access, correct, delete, restrict processing of, and port your data. Our lawful basis for processing is contract performance (providing the service you signed up for) and legitimate interest (preventing abuse and improving the App). Data is processed in the United States. To exercise any of these rights, contact us at support@wiscai.com. We will respond within 30 days.

11. Children's Privacy

AI Doc Scanner is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@wiscai.com.

12. Sensitive Documents Advisory

AI Doc Scanner processes documents that may contain personally identifiable information (PII), financial data, and health-plan-related information. Please be aware:

• Insurance cards may contain member IDs, group numbers, and prescription benefit details. This data is stored in our cloud database and processed by our AI provider.
• Receipts may contain partial payment card numbers or other financial information.
• Business cards extracted via AI and saved to your Contacts may contain errors. Verify all contact data before relying on it.

AI Doc Scanner is not a HIPAA-covered service. It is not a substitute for professional record-keeping. We recommend against scanning documents containing Social Security numbers, full credit card numbers, or other highly sensitive identifiers unless you accept the inherent risks of cloud storage.

13. Subscriptions and Auto-Renewal

AI Doc Scanner offers auto-renewing subscriptions at $4.99/month or $29.99/year, each with a 7-day free trial. Payment is charged to your Apple ID account at confirmation of purchase (or at the end of the free trial if not canceled). Your subscription automatically renews unless you turn off auto-renewal at least 24 hours before the end of the current period. You can manage or cancel your subscription in your iPhone's Settings > Apple ID > Subscriptions. No refunds are provided for the unused portion of a subscription period, except as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance by updating the "Last updated" date at the top of this page and, where practicable, by email or in-app notification. Your continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or your data, contact us at:

WiscAI, LLC
support@wiscai.com