Privacy

The short version

LumenScan turns your phone’s camera into a document scanner. Every scan, every line of recognised text, and every signature you draw stays on your device unless you explicitly share it.

• No cloud upload of documents.OCR runs locally using Apple’s Vision framework (iOS) or Google’s ML Kit (Android). Your scans never reach our servers.
• No analytics on document content.We don’t inspect what you scan, what your OCR text says, or what you sign.
• No third-party trackers in the app. No ad SDKs, no behavioural analytics SDKs, no session replay.
• Subscriptions go through Apple / Google.If you upgrade to Pro, the App Store or Play Store handles the transaction. We see only the entitlement (“is Pro?”), not your card or address.

What lives on your device

• Scanned images and PDFs.Stored in LumenScan’s app sandbox on your iPhone, iPad, or Android device. Removed when you delete the scan or uninstall the app.
• Recognised text (OCR output). Embedded into the PDF as a searchable text layer, and indexed locally so you can search across your scans. Never sent to us.
• Signatures and annotations. Saved with the document on-device. Re-usable across scans if you choose.
• Preferences and history.Standard app settings (filter defaults, page size, last-used vaults) live in the platform’s standard preferences store.

If you opt into Apple iCloud backup (iOS) or Google Drive backup (Android), those copies live in your own iCloud or Drive account. We have no access to them.

What leaves your device — and only when you choose

• Share to other apps.When you hit Share, the document goes to whichever target you pick — Mail, Files, Drive, AirDrop, Messages, any installed share-extension. That’s a normal OS share intent; LumenScan hands the file off and steps aside.
• iCloud / Drive sync (optional).If enabled, the OS replicates the scan to your personal cloud storage. The replication happens via Apple/Google’s own infrastructure — LumenScan never sees the upload.
• Crash reports (Apple/Google). If LumenScan crashes, the OS may ask if you want to send the crash report to Apple or Google so we can fix the bug. These reports contain stack traces and device model — never document content. They are opt-in via your device settings.

Subscriptions and billing

LumenScan Pro is a subscription handled through the App Store (iOS) or Google Play (Android). When you subscribe:

• Apple or Google processes the payment, manages the renewal, and tells the app whether you currently have an active entitlement.
• We use RevenueCatto resolve the entitlement (“is this user on Pro?”) across devices. RevenueCat receives an anonymous installation identifier, your subscription product ID, and the entitlement status. They do not receive your name, email, card, or document content. See RevenueCat’s privacy notice.
• We do not receive, see, or store your payment card, billing address, or Apple/Google ID.

What we do not collect

• No account, login, or password — LumenScan works without one.
• No phone number, email, or contact list.
• No location data.
• No advertising identifier (IDFA / GAID).
• No microphone or call data.
• No browsing history or other apps’ data.

Permissions LumenScan asks for

• Camera — required to capture scans. Used only while the scanner view is on screen.
• Photo Library— optional, only if you choose “Import from Photos.” We read the image you pick; we do not browse or upload the rest of your library.
• Face ID / Touch ID / Biometric— optional, used to lock your vault. The biometric check happens on the device’s secure enclave; we never see the biometric data.

Your rights

Because LumenScan keeps your documents on your device, you control them directly — delete them from inside the app, or uninstall the app to wipe everything LumenScan stored locally. There is no server-side account to delete.

If you have legal questions about data we process incidentally (subscription entitlement, crash reports), contact us at [email protected] from the device’s subscription email and we will respond within 30 days. This covers requests under the EU GDPR, UK GDPR, California CCPA, and India’s DPDP Act, 2023.

LumenScan is operated by NOVA-LUMEN LABS LLP. For the Lumen Labs company-wide privacy policy (registered office, data-protection contact, complaint procedure), see the Lumen Labs privacy policy.

Children

LumenScan is not designed for, marketed to, or targeted at children under 13. We do not knowingly collect data from children. If you believe a child has used LumenScan and you want any incidental data (e.g. a subscription record) removed, contact us at the email above.

Changes to this policy

If we materially change what LumenScan does with data, we will update this page, bump the “Last updated” date, and call out the change in the next release notes.

Contact

Questions about LumenScan or this policy: [email protected].