Privacy Policy – ScanHub

1. Introduction

Welcome to ScanHub - Web Scanner ("App", "we", "our", or "us"), developed by ScanHub. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application available on Android and iOS.

By using the App, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.

2. Information We Collect

2.1 Data Stored Locally on Your Device

The following data is stored only on your device and is never transmitted to our servers:

QR Code & Barcode History: Content, type, barcode format, and timestamp of codes you scan or create — stored in a local SQLite database.
Created QR Codes: Category, label, value, colors, and optional logo of QR codes you generate — stored locally.
App Lock PIN: If you enable the App Lock feature, your 4-digit PIN is stored in your device's secure keychain (iOS Keychain / Android Keystore via SecureStore). It is never transmitted externally.
Scheduled Messages: Phone number, message content, and scheduled time for message reminders — stored locally and used only to trigger a local notification.
User Preferences: Theme, beep/vibrate on scan, and other settings — stored locally via AsyncStorage.

2.2 Information Collected Automatically

The following data is automatically collected through third-party SDKs (see Section 6 for full details):

Device Information: Device model, operating system version, and unique device identifiers.
Usage Events: Screens viewed, features opened, QR codes scanned/created — sent to Firebase Analytics without any personally identifiable information.
Ad Interaction Data: Impressions and clicks — collected by Google AdMob, subject to your consent choice.
Purchase Status: Pseudonymous app user ID and purchase receipt — managed by RevenueCat to verify the Remove Ads entitlement.

2.3 Data Sent to External Services During Normal Use

Country Detection (Direct Chat): When you open the "Direct Chat" feature, the App makes a request to ipinfo.io to automatically detect your country and pre-fill the dialling code. Your IP address is sent to ipinfo.io for this purpose. No other data is sent. See ipinfo.io/privacy-policy.
Web Scanner: Opens web.whatsapp.com inside an in-app browser. All session data is handled by the respective web service's servers and governed by their privacy policy.
ChatGPT (AI Assistant): Opens chat.openai.com inside an in-app browser. Any conversations you have are sent directly to OpenAI's servers and are governed by OpenAI's privacy policy. We do not intercept, read, or store your conversations.

2.4 Device Permissions Used

Permission	Purpose	Shared Externally?
Camera	Scanning QR codes, barcodes, and documents. Processed on-device only.	No
Microphone	Speech-to-text feature — captures voice input via the Web Speech API running in an in-app WebView.	Processed by device OS (Google / Apple)
Photo Library / Media Storage	Saving generated QR codes to your gallery; reading status files (Android only) for the Status Saver feature.	No
Internet	Required for ads, Web Scanner, ChatGPT browser, country detection, and other online features.	Via third-party SDKs only
Vibration	Haptic feedback when a QR code is successfully scanned.	No
Notifications	Local reminders for scheduled messages (set explicitly by you).	No

You can manage all permissions through your device settings at any time.

3. App Features & Data Practices

QR Code Scanner & Generator

Camera data is processed entirely on-device. Scanned content and created QR codes are saved locally in a SQLite database. No QR data is sent to our servers.

Status Saver (Android Only)

This feature reads status media files from specific folders on your Android device's storage. Files are only copied to your gallery when you explicitly tap "Save". No status media is uploaded or transmitted externally.

Direct Chat

Lets you open a conversation with any number without saving it as a contact. The App makes a one-time request to ipinfo.io to detect your country. No message content is stored by us — the conversation happens entirely in the messaging app.

Web Scanner

Opens the web messaging interface inside an in-app browser. Your session, messages, and media are handled solely by the respective web service. We do not access or intercept any of this data.

Speech to Text

Uses the Web Speech API inside an in-app WebView. Voice is processed by your device's OS speech engine (Google on Android, Apple on iOS). The resulting text is returned to the App and shown on-screen. We do not record or store your voice.

AI Assistant (ChatGPT)

Opens OpenAI's ChatGPT website (chat.openai.com) inside an in-app browser. This is a browser wrapper — we do not integrate OpenAI's API directly and have no access to your conversations. All data is governed by OpenAI's Privacy Policy.

Schedule Message

Allows you to schedule a message for a future time. The phone number, message, and scheduled time are stored locally on your device and used only to trigger a local notification. At the scheduled time, a notification prompts you to open your messaging app — the App does not send the message automatically.

App Lock

Protects the App with a 4-digit PIN stored in your device's secure keychain (iOS Keychain / Android Keystore). The PIN is never transmitted outside your device.

Document Scanner

Uses the camera to scan and digitize documents. Processed entirely on-device. No document images are uploaded or stored externally.

Games, News & Quiz

These features open third-party websites (GameZop, Newszop, Quizzop) inside an in-app browser. We do not collect any data from these sessions. Data practices are governed by the respective third-party sites.

4. How We Use Your Information

The information collected is used to:

Enable core features: QR scanning, generation, status saving, messaging tools, and more
Display advertisements through third-party ad networks
Analyze anonymous usage patterns to improve App performance and features
Process in-app purchases (Remove Ads upgrade)
Send local scheduled message reminders you have explicitly set up
Ensure App security via the App Lock feature
Comply with legal obligations

We do not sell your personal data to any third party.

5. Data Storage & Retention

SQLite Database: QR history stored locally; deletable from within the App at any time.
AsyncStorage: App preferences stored locally; cleared on uninstall.
SecureStore (Keychain/Keystore): App Lock PIN stored in device's secure enclave; not accessible to other apps.

All locally stored data is permanently deleted when you uninstall the App.

Analytics data retained by Firebase follows Google's standard retention periods (up to 14 months). You can request deletion by contacting us.

6. Third-Party Services & SDKs

6.1 Google AdMob (Advertising)

Displays banner, interstitial, app-open, and native ads. May collect advertising ID and usage data.

EEA/UK users: a UMP consent form is shown before ads load. Personalized ads only with your consent.
Ad content rated General Audience (G).
Privacy policy: policies.google.com/privacy

6.2 GameZop, Newszop & Quizzop (Web Content)

The App provides access to Games (GameZop), News (Newszop), and Quiz (Quizzop) features by opening their respective websites inside an in-app browser — similar to how ChatGPT is accessed. We do not integrate their SDKs directly. Any data collected while you use these services is governed by their own privacy policies, not ours.

GameZop privacy policy: gamezop.com/privacy-policy

6.3 Firebase Analytics (Google)

Collects anonymous usage events (screens viewed, features opened, QR counts). No personally identifiable information is included.

6.4 RevenueCat (In-App Purchases)

Manages the Remove Ads in-app purchase. Collects a pseudonymous app user ID and purchase receipt. All payment processing is handled by the App Store / Google Play.

6.5 OpenAI / ChatGPT (AI Assistant)

The AI Assistant feature opens chat.openai.com in an in-app browser. We do not use OpenAI's API — your interactions go directly to OpenAI's website and are governed entirely by OpenAI's policies.

6.6 ipinfo.io (Country Detection)

Used once when you open the Direct Chat feature to auto-detect your country from your IP address. Only your IP is sent; no other data.

6.7 Third-Party Messaging Services

Web Scanner and Direct Chat features interact with third-party messaging services. We do not access, read, or store your messages or contacts.

7. Data Sharing & Disclosure

We do not sell your personal information. Data may be shared only in the following situations:

Advertising Partners: Google AdMob and GameZop may receive device/usage data to serve ads based on your consent choice.
Analytics: Firebase receives anonymous usage events to help us improve the App.
Purchase Processing: RevenueCat receives purchase receipt data to verify entitlements.
Legal Obligations: We may disclose data if required by law or legal process.
Business Transfers: In a merger, acquisition, or asset sale, user information may transfer as part of the transaction. We will notify you before such a transfer takes effect.

8. Children's Privacy

The App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided information through the App, contact us immediately and we will delete it promptly.

Ad content is restricted to General Audience (G) rating with child-directed treatment disabled.

9. Your Rights & Choices

All Users

Delete individual QR entries or all history within the App settings
Disable or change the App Lock PIN from the App settings
Revoke any device permission at any time via device settings (some features will be limited)

Opt Out of Personalized Ads

Android: Settings → Google → Ads → Opt out of Ads Personalization
iOS: Settings → Privacy → Apple Advertising → Limit Ad Tracking
You may also withdraw ad consent at any time through the consent settings in the App.

EEA / UK Users (GDPR)

Access, correct, or request deletion of your personal data
Object to or restrict processing
Withdraw consent for personalized ads at any time
Lodge a complaint with your local data protection authority

California Residents (CCPA)

You have the right to know what personal information is collected, request deletion, and opt out of its sale. We do not sell personal information. Contact us at the address below to exercise your rights.

10. Security

We apply reasonable technical and organizational security measures. The App Lock PIN is stored in the device's hardware-backed secure enclave. Most user data never leaves your device.

No electronic storage or transmission method is completely secure. We cannot guarantee absolute security but will notify users of any breaches as required by applicable law.

11. International Data Transfers

Data processed by third-party services (Google, RevenueCat, GameZop, OpenAI, ipinfo.io) may be transferred to and stored in countries outside your country of residence, where data protection laws may differ. We ensure all third-party partners we use maintain adequate data protection standards.

12. Changes to This Policy

This Privacy Policy may be updated periodically. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the App after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or data requests regarding this Privacy Policy, contact us:

Developer: ScanHub
Email: vaghani98@gmail.com
Address: 217, Valamnagar Society, Near Akar Sports Club, Simada Gam, Surat, Gujarat, India – 395006

We aim to respond to all privacy-related inquiries within 30 days.