Privacy Policy

1. Data Controller and Contact

This Privacy Policy ("Policy") explains how personal data of individuals ("you") who use the ScanEx mobile application ("App") is collected, for what purposes it is processed, and how it is protected. By downloading or using the App, you acknowledge that you have read and accepted this Policy.

2. Personal Data Processed and Purposes

The App processes the data categories listed below solely for the purpose of delivering the relevant functions and on the legal basis of explicit consent or legitimate interest.

* When AI OCR or AI Assistant is enabled, the relevant image is forwarded to the Anthropic API for processing. See Section 4.

2.1 Biometric Data

Biometric authentication is performed exclusively through the device's secure OS layer (iOS Secure Enclave / Android TEE). The App cannot read, store, or transfer raw biometric data under any circumstances.

3. Automatically Collected Data

The App may collect anonymous crash reports and performance metrics to improve product quality. This data:

• May include device model, OS version, and app version information,
• Cannot under any circumstances be linked to your identity or device,
• Is used solely for debugging and technical improvement,
• Is not transferred to third parties for marketing purposes.

4. AI Features and Third-Party Data Transfers

4.1 Anthropic PBC

When you activate AI features, the following conditions apply:

• Transfer occurs only at the moment you actively use the relevant feature.
• The transferred data consists solely of the image or audio content required for the operation; no identity information, location data, or device identifiers are sent.
• After processing is complete, data is deleted or anonymised in accordance with Anthropic's API usage policy.
• All API communications are protected with TLS 1.2 or higher encryption.
• Anthropic Privacy Policy: anthropic.com/privacy

If you do not wish to use AI features, you may disable those functions; all other features (scanning, PDF, export) continue to work offline without requiring an internet connection.

5. Advertising — Google AdMob

Advertisements may be displayed via Google AdMob in the free app plan. In this context:

• Google may use the Advertising Identifier (IDFA / GAID) for ad personalisation.
• These identifiers can be disabled in device settings (iOS: Privacy → Tracking; Android: Google Settings → Ads).
• Data processed by AdMob is subject to Google's Privacy Policy: policies.google.com/privacy
• Users with a paid subscription are not shown ads.

6. Subscription and Payment Data

Paid subscription transactions are conducted exclusively through Apple App Store or Google Play Store. We do not have access to your payment card details in any form; such data is processed by the relevant store operator.

RevenueCat is used to manage subscription status and renewal information. An anonymous user identifier and subscription status are transmitted to the RevenueCat system. RevenueCat Privacy Policy: revenuecat.com/privacy

7. Data Retention and Deletion

Documents created on your device are automatically deleted when you uninstall the App or reset your device. Since no document data is stored on our servers, there is no content to be deleted server-side.

To request deletion of data held for subscription management and anonymous analytics, please contact info@scanex.online; your request will be fulfilled within 30 (thirty) calendar days. adresine iletebilirsiniz; talebiniz 30 (otuz) takvim günü içinde sonuçlandırılır.

8. Data Security

ScanEx implements the following technical and administrative measures to ensure the security of processed data:

• API communications are protected with TLS/SSL encryption.
• Local storage is protected by the device's OS security mechanisms (iOS Keychain / Android Keystore).
• Biometric data is held in a hardware-isolated secure enclave (Secure Enclave / TEE) and is never provided to the App in plaintext.
• App code is regularly reviewed for security vulnerabilities.

However, no electronic communication or storage method can guarantee absolute security. If you suspect a security breach, please notify us immediately at info@scanex.online. adresine bildirim yapabilirsiniz.

9. Children's Privacy

ScanEx is not designed for individuals under the age of 13 and we do not knowingly collect personal data from this age group. If we learn that data belonging to a user under 13 has entered our system, we will delete such data immediately. To report this, please write to info@scanex.online. adresine yazınız.

10. Your Rights under KVKK (Turkey)

Pursuant to Article 11 of the Law on Protection of Personal Data No. 6698, you have the following rights:

• To learn whether your personal data is being processed,
• If processed, to request information in this regard,
• To learn the purpose of processing and whether it is used in accordance with that purpose,
• To know third parties to whom data is transferred domestically or abroad,
• To request correction if it is incomplete or incorrectly processed,
• To request deletion or destruction under the conditions stipulated in Article 7 of the Law,
• To request that correction and deletion be notified to third parties,
• To object to a result arising against you through analysis by exclusively automated systems,
• To demand compensation for damages if you suffer loss due to unlawful processing.

To exercise these rights, you may submit a written application with identity-verifying information to info@scanex.online. Applications will be responded to within 30 (thirty) days as required by Article 13 of KVKK. adresine yazılı başvuru yapabilirsiniz. Başvurular, KVKK'nın 13. maddesi gereğince en geç 30 (otuz) gün içinde yanıtlanır.

11. Your Rights under GDPR (European Union)

Your rights under the EU General Data Protection Regulation (GDPR — Regulation 2016/679) are listed below:

• Right of Access (Article 15): You have the right to request a copy of the personal data we process about you. Hakkınızda işlediğimiz kişisel verilerin bir kopyasını talep etme hakkınız vardır.
• Right to Rectification (Article 16): You may request that inaccurate or incomplete personal data be corrected without undue delay. Yanlış veya eksik kişisel verilerinizin gecikmeksizin düzeltilmesini talep edebilirsiniz.
• Right to Erasure (Article 17): Where certain conditions exist, you may request the deletion of your personal data (right to be forgotten). Belirli koşulların varlığı halinde kişisel verilerinizin silinmesini (unutulma hakkı) talep edebilirsiniz.
• Right to Restriction of Processing (Article 18): Under certain conditions, you may request the suspension of data processing. Belirli koşullar altında veri işlemenin askıya alınmasını talep edebilirsiniz.
• Right to Data Portability (Article 20): You have the right to receive your data in a structured, machine-readable format. Verilerinizi yapılandırılmış, makine tarafından okunabilir bir formatta alma hakkınız vardır.
• Right to Object (Article 21): You may object at any time to processing based on legitimate interest. Meşru menfaate dayalı işlemeye her zaman itiraz edebilirsiniz.
• Right to Lodge a Complaint: You may lodge a complaint with the data protection authority (supervisory authority) in the relevant EU member state. İlgili AB üyesi ülkedeki veri koruma otoritesine (supervisory authority) şikayette bulunabilirsiniz.

For data subjects residing in the EU: info@scanex.online

12. Third-Party Links

The App or our website may contain links to third-party sites. When you follow those links, the privacy policies of the respective sites apply. We have no control or responsibility over the data processing practices of such third-party sites.

13. Policy Changes

We reserve the right to update this Policy in line with legal obligations, technological developments, or product changes. In the event of significant changes, we will announce the update via in-app notification. The current version of the Policy is always published at scanex.online/privacy; we recommend reviewing this page regularly. adresinde yayımlanır; bu sayfayı düzenli olarak incelemenizi tavsiye ederiz.

14. Contact

For questions, requests, or complaints regarding the processing of your personal data, you may use the following channels: