scanni Privacy Policy
Effective Date: April 9, 2026
Last Updated: April 9, 2026
1. Who We Are
Welcome to Scanni ("we," "our," or "us"). We believe in absolute clarity about how we handle your data. This Privacy Policy applies to our mobile application available on Android and iOS ("the App").
Data Controller: Scanni
Contact: privacy@scanni.help
If you are located in the European Economic Area (EEA) or United Kingdom (UK), you may also contact us at the above address regarding your GDPR / UK GDPR rights, or reach our designated representative for EU/UK matters at the same email marked "EEA/UK Privacy".
2. Data We Collect & Why
We collect only what is necessary to provide and improve Scanni. The table below summarises each category, its purpose, and the legal basis we rely on.
| Data Category |
Purpose |
| Email address |
Account access, testing communications |
| Camera / scanned images |
Core scanning & product analysis feature |
| Approximate location |
Auto-detect country & currency on onboarding |
| Firebase Analytics data |
Usage insights, feature improvement |
| Firebase Crashlytics data |
Bug fixing, reliability, performance monitoring |
2a. Firebase Analytics
We use Firebase Analytics (provided by Google LLC / Firebase) to understand how users interact with the App. Firebase Analytics may collect:
- App interaction events and feature usage patterns
- Session data (duration, frequency, screen flow)
- Device and app identifiers (e.g. Firebase installation ID)
- Approximate location inferred from IP address or region settings
- Technical metadata (device model, OS version, app version, language)
2b. Firebase Crashlytics
We use Firebase Crashlytics (provided by Google LLC / Firebase) to detect and diagnose crashes and errors. Crashlytics may collect:
- Crash logs and stack traces
- App state and breadcrumb events at crash time
- Device model, OS version, and app version
- Install UUID and session identifiers
- Diagnostics metadata (memory, CPU state, thread information)
EEA & UK Users — Consent Required: Neither Firebase Analytics nor Crashlytics will initialise or collect any data until you have explicitly opted in via the consent prompt shown at first launch. You may also adjust your choices at any time in the App's Settings screen.
2c. Strictly Necessary Telemetry
We do not collect any analytics or crash telemetry outside of the Firebase services described above. There is no background telemetry that operates prior to or independent of your consent choice.
2d. Special Category & Sensitive Data
We do not intentionally collect special category data (such as health, biometric, or financial data) through Firebase Analytics or Crashlytics. Our scanning features process images locally or on secure servers solely to extract the product content(s); we do not analyse or store biometric information from these images.
3. Your Choices & Consent Controls
You remain in full control of your data at all times:
- First-Launch Consent Modal: Before any Firebase SDK initialises, EEA/UK users are presented with a clear prompt explaining what each toggle covers.
- Granular Toggles: Analytics and Crash Reporting are separate opt-ins — you may enable one without the other.
- Consent Logging: Your choice, the timestamp, the notice version, and your region basis are recorded for auditability.
- Withdraw Anytime: Open Settings → Privacy in the App to change or withdraw your consent. Withdrawal stops all future collection immediately and is propagated to the Firebase SDK settings within the same session.
- No Core Feature Loss: Declining or withdrawing telemetry consent does not affect your ability to use Scanni's scanning, currency, or any other core features.
- Device Permissions: Camera, photo library, and location access can be revoked at any time in your device's system settings.
- Manual Overrides: Location-based currency detection can be set manually in App settings if you decline location permission.
To exercise rights over your account email or other data we hold directly, contact us at: privacy@scanni.help.
4. Purpose of Use
We use the data we collect for the following purposes:
- Providing and operating the Scanni App and its features
- Monitoring app performance and fixing crashes and bugs
- Understanding usage patterns to guide feature development
- Managing testing access and sending essential service communications
- Complying with applicable laws and regulations
- Detecting and preventing fraudulent or unauthorised activity
The Zero Spam Rule: We do not use your email for marketing, newsletters, or third-party advertising. Ever.
5. Data Recipients & Third-Party Services
We do not sell, rent, or trade your personal data. We share data only in the following circumstances:
- Firebase / Google LLC: As described above, Firebase Analytics and Crashlytics are operated by Google LLC. Google acts as a data processor on our behalf. For details of Google's data handling, see the Firebase Privacy Documentation and Google Privacy Policy.
- Platform Providers: Google Play and Apple App Store facilitate app distribution and may process data per their own policies.
- Legal Requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of Scanni, our users, or the public.
- Business Transfers: In the event of a merger or acquisition, your data may transfer to a successor entity. We will notify you before your data becomes subject to a different privacy policy.
6. International Transfers
Firebase and Google services may process data on servers located outside the EEA and UK. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), as applicable. You may request a copy of the relevant transfer mechanism by contacting us at privacy@scanni.help.
7. Data Retention
- Firebase Analytics: Event-level data is retained for up to 14 months by default in our Firebase project settings, after which it is automatically deleted. Aggregated, anonymised insights may be retained indefinitely.
- Firebase Crashlytics: Crash reports are retained for 90 days in the Firebase console before automatic deletion.
- Account / Email Data: Retained for the duration of app usage. Deleted within 30 days of account closure or upon verified erasure request.
- Scanned Images: Processed transiently and not stored beyond the time required to complete your scan, unless you explicitly save a result to your account.
8. Security
We apply industry-standard technical and organisational safeguards to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Least-privilege access controls for internal systems
- Regular security reviews of our infrastructure and third-party integrations
- Incident response procedures with commitment to timely notification where required by law
No method of electronic transmission or storage is 100% secure. We will, however, notify affected users and relevant authorities of any confirmed data breach as required under applicable law.
9. Your Rights (EEA & UK Users)
If you are in the EEA or UK, you have the following rights under GDPR / UK GDPR:
- Access: Request a copy of personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we limit processing of your data in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing.
- Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your EU national DPA).
To submit a rights request, email privacy@scanni.help with the subject line "Privacy Rights Request". We will acknowledge your request within 72 hours and respond within 30 days (extendable by a further 2 months for complex requests, with notice).
10. Children & All-Ages Use
Scanni is available to users of all ages. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA) beyond what is strictly necessary to provide the App's core features. If a parent or guardian believes their child has provided data beyond this scope, please contact us at privacy@scanni.help and we will delete it promptly.
For users under the applicable age of majority in their jurisdiction, we encourage use under parental or guardian supervision. Telemetry consent for users under 16 in the EEA must be provided or confirmed by a parent or guardian.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes — such as new data collection practices, new third-party processors, or changes to your rights — we will notify you via an in-app notice or email at least 14 days before the change takes effect. The "Last Updated" date at the top of this page always reflects the most recent revision. Continued use of the App after the effective date constitutes acceptance of the updated policy.
12. App Store Alignment
This policy is designed to align with Google Play Data Safety and Apple App Privacy disclosures. The data types declared in those store listings reflect the collection described in this policy. If you notice a discrepancy, please contact us so we can correct it promptly.