Legal Information

Privacy Policy

Privacy Policy for ContactScanner AI according to GDPR

Sections of the ContactScanner AI privacy policy

Effective from: August 16, 2025

Data Controller:

Baudis Plus UG (haftungsbeschränkt)
Paul-Zobel-Straße 8d, 10367 Berlin, Germany

Email: info@contactscanner.ai

Product: "ContactScanner AI" iOS App

1. What Data Does the App Process?

1.1 Content You Actively Process

  • Images/photos (e.g., cards, email signatures, badges, posters, screens, whiteboards) that you use in the app to extract contact data.
  • Recognized/extracted contact data according to schema (e.g., first/last name, company, job title, phone/fax/mobile, email, website, street, postal code, city, country).

1.2 App Technology & Pseudonymous Identifiers

  • Device ID (provided by the device) and Client ID (locally generated, persistent key in the keychain).
  • These are sent as headers to the proxy to prevent abuse (rate limiting/quotas).
  • Subscription status (as "X-Sub" flag) for enforcing free quotas.

1.3 No Additional Systems

No analytics/tracking SDK, no crash backend, no push notifications.

1.4 Support Contact Form

  • When you use the support form on our website, we process the information you enter: name, email address (optional), category, subject, and issue description.
  • Required fields for handling your request are name, subject, and description. The email address is optional, but required if you want to receive a reply by email.

2. Where Are Data Stored/Processed?

2.1 On Your Device (Local)

  • Pending Scans: JPEG + thumbnail, Base64 in JSON are stored locally when no internet is available.
  • History: Fully processed images (original + edited version) are stored locally in the documents area.
  • Protection: iOS NSFileProtection is enabled (files are device-dependently protected).
  • Local Deletion: There is a setting in the app to delete the scan history.

2.2 Processing via Our Infrastructure

(without permanent server storage of your images)

  • The app sends image data to our edge proxy (Vercel), which forwards the request directly to the OpenAI API and streams the response.
  • We do not permanently store images or result JSONs on the proxy.
  • For abuse protection/quotas, we use Upstash KV (see retention periods).

2.3 External Recipients/Data Processing

  • OpenAI (API, Vision Model): receives the image data you send exclusively for the purpose of extracting contact data. API calls are made with parameter store: false (no training use commissioned by us).
  • Vercel (Edge Proxy): forwards the request/response stream.
  • Upstash (KV): stores only counters/keys for rate limiting/quotas (see 4.).

Note on Data Transfers to Third Countries:
Depending on the location of the respective providers/regions, a transfer to countries outside the EEA (e.g., USA) may take place. Please refer to the respective providers for details on their own data processing.

3. What Do We Use the Data For? (Purposes)

  • Providing Core Functionality: Reading contact data from your images and displaying the result in the app; optional saving to Apple Contacts.
  • Abuse/Fraud Protection & Quotas: Enforcing rate limiting/quotas (IP-minute, device-month, daily/monthly caps, free quota per client ID).
  • Offline Usage: Temporary local buffering (pending queue) until internet is available again.
  • Support Handling: Processing submitted support requests and (if provided) replying by email.

(No use for marketing/tracking purposes.)

4. Retention Periods

4.1 Locally on Device

  • History: remains on your device until you delete it in the app (or uninstall the app).
  • Pending Queue: remains local until upload is successful (no automatic expiration time).

4.2 Upstash KV (Counters/Keys Only)

  • rl:<ip>:<minute>: 60 seconds
  • cap:<YYYY-MM> (month): 40 days
  • cap:<YYYY-MM-DD> (day): 2 days
  • dev:<device>:<YYYY-MM>: 40 days
  • free:<client>: no automatic deletion (unlimited), until we delete on request.

No images/result JSONs are permanently stored on the proxy itself.

4.3 Support Requests (Website)

  • Data from the contact form are transmitted to our team as support emails and stored there for request handling.
  • If you provide a valid email address, you will additionally receive an automatic confirmation of receipt.
  • The retention period depends on the processing purpose and, where applicable, statutory retention obligations.

5. Recipients/Categories

  • OpenAI – API processing of images you send for text recognition/extraction.
  • Vercel – Edge proxy that forwards the request to OpenAI and returns the response to the app.
  • Upstash – Key-value store for rate limiting/quota counters.
  • Resend – Email delivery service for support messages from the contact form (forwarding to info@contactscanner.ai and optional confirmation emails).

6. Security

  • Transport encryption (TLS) for all connections.
  • NSFileProtection for locally stored files.
  • Minimization: No image/result data is persisted server-side; only technical counters/keys are maintained.

7. Apple Contacts

  • You can save recognized contact data to Apple Contacts.
  • We do not read your entire address book; when opening a saved contact, it is specifically loaded from the CNContactStore.

8. Your Rights (GDPR, where applicable)

  • Access, rectification, erasure, restriction, data portability, objection.
  • You have the right to complain to a supervisory authority.
  • For deletion/access requests (including deletion of Upstash keys for your client/device ID) contact us: info@contactscanner.ai.

9. Minors

  • The app has no age verification and is aimed at general users. Please observe local legal requirements for minors.
  • Parents/guardians can contact us at any time with questions.

10. Changes

We may update this privacy policy from time to time when features, legal situation, or providers change. The validity stated above is decisive. Material changes will be announced within the app.

11. Contact

Baudis Plus UG (haftungsbeschränkt)

Paul-Zobel-Straße 8d, 10367 Berlin, Germany

Email: info@contactscanner.ai