ScanVault

Privacy Policy for ScanVault

Effective date: March 15, 2026

ScanVault is designed from the ground up to keep your documents private. This policy explains what data we collect (none), how your documents are stored, and how the app works.

Summary

ScanVault collects no personal data. Your documents never leave your device. There is no server, no account, and no cloud sync.

Data Collection

ScanVault does not collect:

Documents, photos, or scanned content
OCR text or extracted document data
Personal information of any kind
Device identifiers or advertising IDs
Usage analytics or crash reports
Location data
Biometric data (Face ID / Touch ID is handled entirely by Apple)

On-Device Document Storage

All documents scanned or imported into ScanVault are:

Encrypted with AES-256-GCM before being written to disk
Stored locally on your device only
Never transmitted to any server or third-party service
Excluded from iCloud backup by default

The encryption key is stored in Apple’s Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly — meaning it is accessible only on your device and only when unlocked.

Biometric Authentication

ScanVault offers Face ID and Touch ID lock through Apple’s LocalAuthentication framework.

No biometric data is collected, stored, or transmitted by ScanVault
Authentication is performed entirely by iOS
ScanVault only receives a success or failure result

Backup Files

When you create a backup using ScanVault’s backup feature, a .svbackup file is generated on your device. This file is:

Encrypted with AES-256-GCM using a key derived from your chosen password (PBKDF2, 600,000 iterations)
Only decryptable with your password — ScanVault has no copy of your password
Shared or stored only by your own actions (AirDrop, Files app, etc.)

Purchases and Subscriptions

ScanVault Pro subscriptions are processed by Apple through StoreKit. ScanVault does not receive your payment information. Subscription state is verified locally using Apple’s StoreKit 2 framework.

Third-Party Services

ScanVault does not use:

Analytics SDKs (no Firebase, Mixpanel, Amplitude, etc.)
Advertising SDKs
Crash reporting services
Any third-party network service

The only external interaction is Apple’s StoreKit for subscription management, handled entirely by Apple’s infrastructure.

Children’s Privacy

ScanVault does not knowingly collect personal information from children under the age of 13.

Changes to This Policy

This privacy policy may be updated in the future. Any changes will be posted on this page with an updated effective date.

Contact

For privacy questions or concerns:

Open an issue on GitHub

Back to Support · Terms of Use