1. Information created in ScanAtlas
ScanAtlas may process scan content, created QR or barcode content, scan history, folders, notes, custom fields, OCR results, duplicate tracking, workflow settings, webhook settings, analytics summaries, queued sync items, print queue items, backup snapshots, and other content that a user chooses to create, import, or store in the app.
ScanAtlas may also process device-generated metadata related to app use, such as timestamps, scan type, destination settings, and feature preferences needed to make scanning, routing, restore, and automation features work.
2. Device permissions and hardware access
If a user grants permission, ScanAtlas may access the camera for live scanning, the photo library or files for import and export, media library access for saving generated images, NFC hardware for reading or writing supported tags, location for scan metadata and Wi-Fi-related features, contacts to save scanned contact details, calendar or reminder-related capabilities where enabled, local network or Wi-Fi access for supported network join or printer workflows, and biometric hardware for on-device protection features.
Device permission names and platform prompts may differ between iOS, Android, and web.
3. How ScanAtlas uses information
ScanAtlas uses information to provide the app’s core features, including scanning, saving history, organizing records, creating labels, restoring data, exporting files, sharing content, printing, queueing offline actions, and running the automation or integration steps the user configures.
Information may also be used to maintain subscriptions, restore purchases, support ads on plans where ads are shown, cache optional product lookup results, troubleshoot feature issues, and protect the integrity of backup, sync, and restore operations.
URL safety analysis in ScanAtlas is performed locally using on-device heuristics.
4. Google user data
If a user connects Google Drive backup, ScanAtlas uses the Google account access the user authorizes to create, update, download, and restore the user’s backup snapshot in the user’s Google Drive appDataFolder. That access is used for the backup feature only and is not used to browse unrelated Drive files.
If a user connects Google Sheets sync, ScanAtlas uses Google account access to identify the signed-in user, including basic profile information such as name and email address returned by Google, and to read, update, and append data to the spreadsheet resources the user selects for sync. ScanAtlas may also store spreadsheet IDs, sheet names, column mappings, queue state, and related Google OAuth tokens locally on the device so the feature can continue working.
The Google permissions requested by ScanAtlas may include basic sign-in scopes (openid, profile, and email), the Google Sheets scope (https://www.googleapis.com/auth/spreadsheets) for spreadsheet sync, and the Google Drive app data scope (https://www.googleapis.com/auth/drive.appdata) for backup and restore, depending on the feature the user enables.
ScanAtlas currently processes Google user data on the user’s device and through Google APIs on the user’s behalf. ScanAtlas does not maintain a separate server-side copy of the user’s Google Sheets content or Google Drive appData backups except where the user stores that information in the user’s own Google account or exports it to another destination the user chooses.
ScanAtlas uses Google user data only to provide the Google-powered feature the user explicitly requests. ScanAtlas does not sell Google user data, does not use Google user data for advertising, does not use Google user data for unrelated profiling, and does not use Google user data to train generalized artificial intelligence or machine learning models. Use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Third-party services and user-directed sharing
ScanAtlas may share data with third parties only as needed to provide features the user enables or actions the user requests. Examples include Google APIs for Sheets sync and Drive backup, RevenueCat and app store billing providers for purchases, Google Mobile Ads when ads are shown, optional product lookup providers such as Open Food Facts and Barcode Lookup, and webhook endpoints configured by the user. Where supported by the ad provider configuration, ScanAtlas requests non-personalized ads.
If a user configures a webhook, external sync, export destination, printer, share target, browser action, map action, email action, SMS action, Wi-Fi action, or other third-party handoff, the information sent is determined by that feature and the use of that third-party destination is governed by that destination’s own policies and terms.
Information may also be disclosed if required by law, regulation, legal process, or to protect the rights, safety, and security of users, the app, or others.
6. Storage and retention
Much of ScanAtlas data is stored locally on the user’s device using on-device app storage and files. Depending on the features a user enables, data may also be stored in a user-selected folder, in the user’s Google Drive app data area, in user-selected spreadsheets, in user-directed share targets, or in other destinations the user explicitly chooses.
OAuth tokens, integration settings, webhook logs, queued sync items, product lookup cache entries, and other operational data may be stored locally until the feature is disconnected, the cache expires, the user clears app data, or the app is removed. Product lookup cache entries may be retained on-device for up to 24 hours.
7. User choices and deletion
Users can disconnect Google services, disable auto backup, remove webhook endpoints, revoke device permissions, delete history and app data from the device, remove exported files, delete connected backup files from their chosen destinations, and revoke Google account access through their Google account permissions settings.
Because many ScanAtlas features are local-first or user-directed, deleting data from a third-party destination such as Google Drive, Google Sheets, a webhook receiver, or another app may also require action inside that destination.
8. Security, children, and updates
ScanAtlas uses reasonable measures to protect information handled by the app, and the app includes optional on-device security features such as biometric protection where available. Google API traffic is sent over encrypted HTTPS/TLS connections, and operational tokens are stored locally within app-controlled device storage. No method of storage, transmission, or device security is perfect, and users remain responsible for protecting their devices and third-party accounts.
ScanAtlas is not directed to children under 13. This Privacy Policy may be updated as features or data practices change. The latest version will be published at this URL with an updated effective date. Questions about privacy can be directed to support@scanatlas.app.
