Privacy Policy

Scanly: QR Code Scanner · Last updated: 2026-05-16 · Effective: 2026-05-16

This Privacy Policy describes how the Scanly: QR Code Scanner mobile application ("the App", "we", "us") handles information when you use it. The App is an offline-first QR & barcode scanner and generator that runs primarily on your device.

1. Summary

Your scan history, generated codes, favorites, and preferences are stored locally on your device. We do not operate a server, do not have a user database, and do not collect personally identifiable information.
Camera frames are processed on-device only — never recorded, uploaded, or shared.
We display ads via Google AdMob, which uses an advertising identifier.
You can permanently remove ads via a one-time in-app purchase, or watch a rewarded video for 24 hours ad-free.
We never sell your data.

2. Information We Collect

2.1 Information stored on your device

The following stays on your device and is not transmitted to us:

Scan history (decoded contents of QR/barcodes you scan, timestamp, type).
Codes you create with the generator (text, URL, Wi-Fi, contact, etc.).
Favorites and items you mark to keep.
App preferences (theme, language, auto-open-after-scan toggle, sounds, vibration, ask-before-scan, continuous-scan, manual-scan mode).
Files you import from the gallery for decoding (read locally; not uploaded).

This data is stored using the operating system's standard local storage (MMKV key-value store) and a local SQLite database with full-text search. Uninstalling the App removes it. Scan history is capped at 500 non-favorited entries and can be cleared from Settings → Clear history at any time.

2.2 Permissions the App may request

Permission	Why
Camera	Capture and decode QR/barcodes in real time. Frames are processed on-device and are not recorded or transmitted.
Photo library / Gallery (read)	Let you import an existing image so the App can decode a code embedded in it. The image is read locally and not uploaded.
Storage / files (Android, scoped)	Save a generated code as an image, or export scan history as a CSV file to a location you choose.
Vibration	Provide a short haptic confirmation when a scan succeeds (if enabled).
App Tracking Transparency (iOS)	Prompt for permission to use the advertising identifier so AdMob can show personalized ads. Declining limits ads to non-personalized.

The App does not request location, microphone, contacts, calendar, or background-location permissions.

2.3 Information collected automatically

To support advertising, the App integrates the following Google service:

Google AdMob — AdMob is a third-party SDK operated by Google LLC. To deliver and measure ads (banner, interstitial, native, rewarded) it may collect:
- Advertising identifiers — IDFA on iOS and AAID on Android. These are resettable identifiers used for ad delivery and frequency capping.
- Usage data — coarse interactions with ad creatives (impression, click, view duration).
- Diagnostic data — crash logs, performance metrics, and SDK error events from the AdMob SDK.
- Coarse, approximate data — e.g. country / locale derived from your IP, used to serve and measure ads.

Personalized ads only run when you grant consent through the Google User Messaging Platform (UMP) prompt that appears on first launch in jurisdictions where consent is required (GDPR for the EU/UK and equivalent regimes worldwide). On iOS, the App Tracking Transparency (ATT) prompt is presented as part of the same UMP flow. If you decline, AdMob serves only non-personalized ads.

The App does not use Firebase Analytics, Firebase Crashlytics, or any other first-party analytics SDK. We do not receive scan contents, generated-code contents, search queries, or any custom event payloads.

3. In-App Purchases & Rewarded Video

Remove Ads Forever — a one-time non-consumable in-app purchase ($3.99 USD or local equivalent). The purchase is processed by Apple StoreKit on iOS and Google Play Billing on Android. Receipts are validated locally on your device — no purchase data is ever sent to a server operated by us.
Rewarded video — you may optionally watch an ad to unlock 24 hours of ad-free use, or to unlock one of three feature toggles (Continuous scanning, Duplicate merge in history, CSV history export). Watching a rewarded video uses the same AdMob mechanisms described in Section 2.3.

4. How We Use Information

To scan and decode QR/barcodes you capture or import.
To save and search your scan history and generated codes locally.
To remember your settings and feature toggles across launches.
To display ads and measure their performance (via AdMob).
To process in-app purchases via the platform store.
To comply with legal obligations.

5. Third-Party Services

The App relies on services from Google LLC, Apple Inc., and Google Play. Their privacy practices are governed by their own policies:

Google AdMob — policies.google.com/technologies/ads
Google Privacy Policy — policies.google.com/privacy
Apple StoreKit / App Store — apple.com/legal/privacy
Google Play Billing — policies.google.com/privacy

We do not control and are not responsible for the practices of these third parties.

6. Data Sharing

We do not sell your personal information as defined by the CCPA or any equivalent regime. The App has no backend, so we have nothing to share with anyone — the only data flow off the device is the AdMob SDK acting on Google's behalf, as described in Section 2.3. We may disclose information if required by law, legal process, or to protect rights and safety.

7. Data Retention

Local data (scan history, generated codes, favorites, settings) persists on your device until you delete it or uninstall the App. Non-favorited history is auto-capped at 500 entries.
AdMob retains advertising data per Google's AdMob retention policies.

8. Your Rights

Depending on where you live (e.g. EEA, UK, California), you may have the right to:

Access / delete — All app data is on-device. Tap Settings → Clear history to wipe scan history; favorites and generated codes can be deleted individually from their list views. Uninstalling the App removes all stored data.
Withdraw consent — Re-open the UMP consent form via Settings → Privacy Choices, or reset the advertising identifier in your device settings.
Opt-out of "sale" — We do not sell personal information. AdMob's data sharing with Google is disclosed in the Data Safety section on Google Play and the App Privacy section on the App Store.
Object to or restrict certain processing.
Lodge a complaint with your local data protection authority.

You can reset your advertising identifier at any time from your device settings (Android: Settings → Google → Ads; iOS: Settings → Privacy & Security → Tracking).

9. Children's Privacy

The App is rated 13+ general audience. We do not knowingly collect personal information from children under 13 (US COPPA) or under 16 (some EU member states under GDPR). The App is not configured for "Tag for Child-Directed Treatment" or "Tag for Users under the Age of Consent in Europe." If you believe a child has provided information, contact us and we will assist.

10. Security

App data lives on your device; protection is governed by your device's OS-level encryption and lock-screen security. The AdMob SDK transmits data to Google over HTTPS/TLS. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. International Transfers

AdMob may process data in countries outside your own, including the United States. By using the App, you understand that information used for advertising may be transferred to and processed in those countries.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Continued use of the App after changes means you accept the updated policy.

13. Contact

Questions or requests about this policy or your data:

Bilgehan Coskun
appfactory.acc@gmail.com