Privacy Policy

Privacy Policy for Bureaucracy Buddy

Last Updated: 09.12.2025

1. Introduction

Welcome to Bureaucracy Buddy ("we," "our," or "us"). We are committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

We built this app specifically to help with sensitive bureaucratic documents, so we designed our technical architecture with privacy-first principles.

2. Who is Responsible for Your Data?

The Data Controller responsible for your information is:

[Karim Oumari]
[Your Address]
Austria Vienna
mooumari2@gmail.com

3. The Core Privacy Concept: How We Handle Your Documents

To provide our service, we process documents you scan. We distinguish strictly between Images and Text:

3.1. Images (On-Device Processing)

We do not upload your photos to our cloud servers.

  • When you scan a document, the image capture and Optical Character Recognition (OCR) happen locally on your device.

  • The actual image files are stored in your device's local storage (sandbox).

  • If you use "Incognito Mode," images are deleted immediately after processing.

3.2. Text (Cloud Processing)

Once the text is extracted from the image on your device, we encrypt this text and send it to our secure backend to perform the AI analysis (summarization, data extraction).

4. What Data We Collect

We collect and process the following types of data:

A. Information You Provide

  • Account Information: Your email address and password (stored securely via Supabase Auth).

  • Document Data: The extracted text from documents you save, and the resulting AI summaries/metadata (e.g., extracted IBANs, due dates).

  • Preferences: Settings such as your target language (e.g., English) and region mode (Austria/Germany).

B. Automated Information

  • Usage Data: Anonymous analytics about how you use the app (e.g., "Scan button tapped") to help us improve stability.

  • Device Information: OS version and device model (for crash reporting and support).

5. Third-Party Services & Data Processing

We use trusted third-party service providers to operate our app. We have Data Processing Agreements (DPAs) in place with these providers.

5.1. Database & Authentication: Supabase

  • Purpose: To store your user account and your saved text summaries/history.

  • Location: Frankfurt, Germany (EU).

  • Privacy: All data in the database is encrypted at rest and in transit.

  • Provider: Supabase, Inc.

5.2. AI Analysis: OpenAI

  • Purpose: To analyze the text extracted from your documents, generate summaries, and extract variables (IBAN, dates).

  • Data Shared: Only the raw text of the document. No images are sent to OpenAI.

  • Privacy: We use the OpenAI API. According to OpenAI's Enterprise/API privacy policy, they do not use data submitted via the API to train their models. Data is retained only briefly for abuse monitoring.

  • Location: United States (Standard Contractual Clauses apply for data transfer).

5.3. Subscriptions: RevenueCat

  • Purpose: To manage your Pro subscription status and process payments.

  • Data Shared: An anonymous App User ID. We do not process your credit card information directly; this is handled by Apple (App Store) or Google (Play Store).

6. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contractual Necessity (Art. 6(1)(b) GDPR): To provide the scanning and summarization service you requested.

  • Legitimate Interests (Art. 6(1)(f) GDPR): To improve our app's security and functionality.

  • Consent (Art. 6(1)(a) GDPR): Where specifically asked (e.g., for optional analytics).

7. Data Retention and "Incognito Mode"

  • Standard Scans: We retain the text and summaries of your documents in our database until you delete them or delete your account.

  • Incognito Scans: If you use Incognito Mode, the extracted text is sent to the AI for immediate analysis and displayed to you, but it is never saved to our database. Once you close the screen, the data is gone.

  • Images: Images remain on your device's local storage until you delete the scan or uninstall the app.

8. Your Rights

Under the GDPR, you have the right to:

  1. Access: Request a copy of the data we hold about you.

  2. Rectification: Correct inaccurate data.

  3. Erasure ("Right to be Forgotten"): Request that we delete all your data. You can do this directly within the app settings ("Delete Account" or "Delete All History").

To exercise these rights, please contact us at [Contact Email Address].

9. Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256) in our Frankfurt database.

  • Row Level Security (RLS): Our database is configured so that users can only access their own data. It is technically impossible for one user to read another user's documents.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes through the app.


Agreement with Apple EULA
This Privacy Policy is in addition to, and does not replace, the Apple End User License Agreement (EULA). By using this app, you agree to both this Privacy Policy and the Apple EULA.

Contact Us

If you have questions about this Privacy Policy:

Email: mooumari2@gmail.com

Last updated: 2025

Create a free website with Framer, the website builder loved by startups, designers and agencies.