ScanKeeper Privacy Policy

Last updated: 19 April 2026

1. Introduction

This Privacy Policy explains how Nomadix Apps ("Nomadix Apps", "we", "our", or "us") handles personal information in connection with the ScanKeeper mobile application for iOS and Android (the "Application" or "ScanKeeper") and the marketing website at https://scankeeper.nomadixapps.org/ (the "Site").

ScanKeeper is a barcode and QR code scanner. It lets you scan, create, store, organize, and display codes on your device. The Application is offered in a free version supported by ads and in a paid "Pro" version that removes ads.

Nomadix Apps is the data controller for personal information processed through the Application and the Site, except where this Policy says otherwise (for example, Apple is the controller for content stored in your iCloud, and Apple and Google are independent controllers for app distribution and payment processing).

You can reach us at info@nomadixapps.org. We have not appointed a Data Protection Officer; please send any privacy-related question to the same address and a member of our team will respond.

By using the Application, you confirm that you have read this Policy. If you do not agree with it, please do not install or use ScanKeeper.

2. Summary at a Glance

A short, plain-English overview. The rest of this Policy gives the details.

• Your scans stay on your device. Barcode and QR data, names, folders, and images are stored in a local database on your phone. Nothing is uploaded to our servers.
• No account, no email, no login. You do not create an account to use ScanKeeper.
• Optional iCloud sync (iOS only). If you turn it on in Settings, your data syncs through your own Apple iCloud. We cannot read it.
• Free version shows ads. Ads are served by Google AdMob. In regions that require consent, we ask you through Google's consent form before personalised ads run.
• Pro version: no ads, no ad tracking. If you buy Pro, the AdMob and ATT prompts are not shown and the ads SDK is not initialised.
• Anonymous diagnostics. We use TelemetryDeck for anonymous usage signals and Sentry for crash reporting (with input fields masked in session replays).
• No sale of personal information. Some advertising activity may count as "sharing" under California law; you can opt out as described below.
• You have rights. Depending on where you live, you can request access, deletion, correction, opt-out, and more. See Section 11.

3. Information We Collect

3.1 Barcode and Application Data (stays on your device)

When you scan or create a code, ScanKeeper stores the following locally inside the application sandbox on your device, in a local Hive database:

• The contents of the barcode or QR code
• Any name, label, note, or folder you assign
• Cached images and adaptive thumbnails of barcodes
• Application settings, theme, and preferences

This data is not transmitted to Nomadix Apps. It does not leave your device unless you turn on iCloud Sync (see Section 3.1.1) or you choose to share an item yourself (for example, by exporting an image).

3.1.1 Optional iCloud Sync (iOS only)

On iOS you can enable an "iCloud Sync" toggle in Settings. When it is on, ScanKeeper saves your barcode data and images into your personal iCloud Drive container, so your codes are available across your Apple devices.

• Apple, not Nomadix Apps, controls and stores the content of your iCloud container. We cannot read it.
• iCloud uses Apple's transport and at-rest encryption per Apple's terms.
• You can disable iCloud Sync at any time from Settings. Disabling it stops new uploads; you can also remove the existing container from your iCloud storage in iOS Settings if you wish.

3.2 Device and Diagnostic Data

Our analytics and crash-reporting providers automatically receive a small set of technical attributes so that we can understand how the Application performs across devices. These typically include:

• Device model and manufacturer
• Operating system and version
• Application version and build
• Language and region settings
• A non-reversible, hashed device identifier generated by the analytics SDK

We do not link this data to your name, email, or phone number, because we do not collect those.

3.3 Camera and Photo Library

ScanKeeper requests the following operating-system permissions only when you use a feature that needs them:

• Camera (NSCameraUsageDescription on iOS / CAMERA on Android) — to scan barcodes and QR codes in real time. Camera frames are processed locally; we do not record video and we do not transmit camera input.
• Photo Library — read (NSPhotoLibraryUsageDescription on iOS / READ_MEDIA_IMAGES on Android) — to import a barcode image you already have.
• Photo Library — add (NSPhotoLibraryAddUsageDescription on iOS) — to save a barcode image you generate to your photos.
• Brightness (NSBrightnessUsageDescription on iOS) — to temporarily brighten the screen so a scanner can read your displayed code.
• Motion (NSMotionUsageDescription on iOS) — for screen-orientation handling.

You can change or revoke these permissions in your device's system Settings at any time.

3.4 Advertising Identifiers (free version only)

If you use the free version of ScanKeeper, Google AdMob may access your device's advertising identifier (IDFA on iOS, GAID on Android) to deliver and measure ads.

• On iOS, IDFA is only made available to AdMob if you allow tracking in the Apple App Tracking Transparency (ATT) prompt that the Application shows the first time it initialises ads. If you decline, AdMob serves non-personalised ads using contextual signals only.
• In the EEA, the United Kingdom, Switzerland, and certain US states, a Google User Messaging Platform (UMP) consent form is shown before ads are initialised. Personalised ads run only with your consent.
• Pro users are not shown the ATT prompt and AdMob is not initialised at all on their devices, so no IDFA/GAID is read by the ad SDK.

You can reset or remove your advertising identifier at any time:

• iOS: Settings → Privacy & Security → Tracking, and Settings → Privacy & Security → Apple Advertising.
• Android: Settings → Google → Ads, where you can reset or delete the advertising ID.

3.5 Analytics Signals (TelemetryDeck)

We use TelemetryDeck for privacy-focused product analytics. TelemetryDeck receives anonymous, aggregated event signals from the Application, such as:

• Screen views and feature interactions (for example, "scanner opened", "barcode created")
• Recoverable, expected error states (for example, "camera permission denied")
• Technical attributes listed in Section 3.2

TelemetryDeck does not receive your email address, name, file paths, barcode contents, or any advertising identifier. The device identifier sent to TelemetryDeck is hashed and cannot be reversed by us.

TelemetryDeck's privacy notice: https://telemetrydeck.com/privacy

3.6 Crash and Performance Data (Sentry)

We use Sentry to detect crashes, unhandled exceptions, and performance problems so that we can fix them. We have configured Sentry as follows:

• sendDefaultPii is set to false, so Sentry does not automatically attach your IP address or user identifiers to events.
• Session Replay is enabled at a sessionSampleRate of 0.1 (about one in ten sessions is sampled) and onErrorSampleRate of 1.0 (sessions where an error occurs are recorded). Replays apply Sentry's default masking to text input fields and other sensitive UI on iOS and Android, so the contents of fields you type into are not captured.
• Performance traces are sampled at tracesSampleRate of 0.2 and profiles at profilesSampleRate of 0.2.

Sentry processes the data on our behalf as a processor. Their privacy notice: https://sentry.io/privacy/

3.7 Subscription Data (RevenueCat)

If you purchase ScanKeeper Pro, we use RevenueCat to manage your subscription state across platforms. RevenueCat receives:

• An anonymous app-user ID generated by the SDK
• The state of your transaction (for example, active, expired, refunded)
• Technical attributes such as platform and country code reported by the store

RevenueCat does not receive your payment card details. Your payment is handled directly by Apple (App Store) or Google (Google Play). RevenueCat's privacy notice: https://www.revenuecat.com/privacy

3.8 Marketing Website

The Site at https://scankeeper.nomadixapps.org/ is a static site. We do not intentionally set cookies, run analytics scripts, or use trackers on the Site. The hosting provider and content delivery network may keep standard request logs (for example, IP address, user-agent, requested URL, timestamp) for security, abuse prevention, and operational purposes, in line with their own policies. We do not combine these logs with Application data.

4. How We Use Information

We use the categories of information described above for the following purposes:

• Operate ScanKeeper. Store, organise, and display the codes, names, folders, and images you create, on your device and (if you opt in) in your iCloud.
• Provide features that need device hardware. Use the camera to scan, the photo library to import or save images, and the brightness API to display codes.
• Show ads in the free version. Serve banner and interstitial ads through Google AdMob, and measure their performance, in line with your consent and ATT choices.
• Manage subscriptions. Verify whether the Pro entitlement is active so that we can hide ads and unlock paid features.
• Understand product use. Use anonymous TelemetryDeck signals to see which features are used and where users encounter friction.
• Improve quality and stability. Use Sentry crash, error, performance, and (sampled) session-replay data to diagnose bugs.
• Respect your privacy choices. Show the appropriate consent forms, store your consent state, and respect opt-out signals.
• Comply with law. Respond to legitimate legal requests, enforce our Terms, and prevent fraud or abuse.

We do not use your information for automated decisions that produce legal or similarly significant effects on you, and we do not build user profiles from barcode contents.

5. Advertising, Tracking, and Your Choices

This Section explains the controls available to you for ads and tracking.

5.1 ATT prompt (iOS)

The first time the free version initialises ads, iOS shows Apple's App Tracking Transparency prompt asking whether ScanKeeper may track you across other companies' apps and websites. If you choose "Ask App Not to Track", IDFA is not made available to AdMob and you will see non-personalised ads only. Pro users are not shown the ATT prompt at all.

5.2 UMP consent form

In the EEA, the United Kingdom, Switzerland, and certain US states, Google's User Messaging Platform (a TCF v2.2-certified Consent Management Platform bundled with the AdMob SDK) shows a consent or opt-out form before ads run. Your consent is stored on your device by Google, not by us.

We have configured AdMob's UMP form to request the following IAB TCF v2.2 purposes:

• Consent-based purposes: Purpose 1 (Store and/or access information on a device), Purpose 3 (Create profiles for personalised advertising), Purpose 4 (Use profiles to select personalised advertising).
• Legitimate-interest purposes: Purpose 2 (Use limited data to select advertising), Purpose 7 (Measure advertising performance), Purpose 9 (Understand audiences through statistics), Purpose 10 (Develop and improve services).
• Not used: Purposes 5, 6, 8, and 11 (content personalisation and content measurement).

5.3 Privacy options entry in Settings

Inside ScanKeeper Settings, a "Privacy options" entry is shown to users for whom UMP marks privacy options as required (typically EEA, UK, Swiss, and applicable US-state users). You can use it at any time to revisit your consent choices, withdraw consent, or change your opt-out signals. This entry is the primary self-service mechanism for managing advertising-related preferences.

5.4 Pro removes ads and ad tracking

If you have an active Pro subscription:

• AdMob is not initialised.
• The ATT prompt is not shown.
• IDFA/GAID is not read by the ads stack.
• Banner and interstitial ads are not shown.

5.5 Device-level controls

You can also limit ads at the operating-system level:

• iOS: Settings → Privacy & Security → Tracking (disable "Allow Apps to Request to Track"); Settings → Privacy & Security → Apple Advertising.
• Android: Settings → Google → Ads (delete or reset the advertising ID; opt out of ad personalisation on supported versions).

6. Third Parties and Sharing

We do not sell your personal information for money. We use the following third-party providers, each acting either as our processor or as an independent controller as noted. Each provider is governed by its own privacy notice:

We may also disclose information when we are required to do so by law, when necessary to protect our rights or the safety of others, or in connection with a merger, acquisition, or sale of assets — in which case we will require the recipient to honour this Policy.

6.1 "Sharing" under California law

Under the California Privacy Rights Act ("CPRA"), the use of online identifiers like IDFA/GAID for cross-context behavioral advertising is treated as "sharing" even when no money changes hands. We disclose, honestly, that running personalised ads through AdMob in the free version may constitute "sharing" of personal information under the CPRA. See Section 11.2 for how to opt out.

We do not knowingly sell personal information for money, and we do not share personal information of users we know to be under 16.

7. Legal Bases (GDPR / UK GDPR / Swiss FADP)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR, the UK GDPR, and the Swiss revised Federal Act on Data Protection ("FADP"):

• Performance of a contract (Art. 6(1)(b) GDPR) — to provide the core functionality of the Application that you ask us to provide, and to manage paid Pro subscriptions.
• Consent (Art. 6(1)(a) GDPR) — for personalised advertising via AdMob (TCF Purposes 1, 3, 4) collected through the UMP consent form, for camera and photo-library access at the OS level, and for the iOS ATT preference. You can withdraw consent at any time via the in-app Privacy options entry or your device settings; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Legitimate interests (Art. 6(1)(f) GDPR) — for limited (non-personalised) advertising, ad performance measurement, audience insights, product analytics, crash reporting, security, and product improvement (TCF Purposes 2, 7, 9, 10, plus diagnostics through TelemetryDeck and Sentry). Our interests are running and improving a working, sustainable application; we balance these against your rights and offer the controls described in Section 5 and Section 11.
• Compliance with a legal obligation (Art. 6(1)(c) GDPR) — to respond to lawful requests and meet retention or disclosure duties.

Under the Swiss FADP, the equivalent grounds (consent, contractual necessity, overriding legitimate interest, legal obligation) apply.

8. International Transfers

Our processors and ad partners are global companies. Personal information may be processed in the United States and other countries that may not have the same data protection standards as your country.

Where transfers of personal information from the EEA, the UK, or Switzerland occur, we rely on appropriate safeguards. In practice, this means the European Commission's Standard Contractual Clauses (and the UK Addendum / Swiss equivalent where applicable) entered into by our processors, and supplementary measures these processors document in their own privacy notices linked in Section 6. You can request a copy of the relevant safeguard by contacting info@nomadixapps.org.

9. Data Retention

• Barcode and Application data on your device. Retained until you delete it from within ScanKeeper or uninstall the Application.
• iCloud-synced data. Retained in your iCloud until you disable iCloud Sync and/or delete the data from your iCloud storage. Apple's retention rules apply.
• Advertising signals. Retained by Google AdMob and Google UMP per Google's policies. Consent signals are stored on your device.
• Analytics signals. Retained by TelemetryDeck per its policy.
• Crash, error, performance, and replay data. Retained by Sentry per its policy.
• Subscription state. Retained by RevenueCat for as long as needed to provide the Pro entitlement and meet legal requirements, per its policy.
• Support emails. If you write to info@nomadixapps.org, we keep the email for as long as needed to handle your request and keep a record of it, then we delete it.

In general, we retain personal information for as long as necessary for the purposes described in this Policy, and no longer than required by applicable law.

10. Data Security

We take reasonable, industry-standard technical and organisational measures to protect personal information, including:

• Storing barcode and Application data inside your device's application sandbox (iOS Data Protection / Android app-specific storage).
• Using HTTPS/TLS for traffic between the Application and our processors.
• Configuring third-party SDKs with privacy-protective defaults (for example, masking input in Sentry session replays, hashing device IDs in TelemetryDeck).
• Restricting access to operational tools to a small team.

No system is perfectly secure, and we cannot guarantee absolute security. If we ever become aware of a personal data breach that affects you and is required to be reported under applicable law, we will notify you and the relevant supervisory authority within the time frames the law requires.

11. Your Rights

Your specific rights depend on where you live. To exercise any right, contact us at info@nomadixapps.org or use the in-app Privacy options entry where it is available. We will need to verify that the request is genuine; because we do not collect account credentials, we may need to ask for additional context (such as a device identifier you can read from inside Settings) to locate any data tied to you.

You may also use an authorised agent, where the law allows, by providing written authorisation we can verify.

We will not discriminate against you for exercising any of these rights. We answer all valid requests within the time periods required by the applicable law (typically 30–45 days, with one extension where permitted).

11.1 EEA, United Kingdom, and Switzerland

If you are in the EEA, the UK, or Switzerland, you have the rights to:

• Access the personal information we hold about you and obtain a copy
• Rectify inaccurate or incomplete information
• Erase your personal information ("right to be forgotten")
• Restrict processing in certain circumstances
• Data portability for information you provided to us, in a structured, commonly used, machine-readable format
• Object to processing carried out under our legitimate interests, including direct marketing
• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
• Lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents can complain to the Information Commissioner's Office at https://ico.org.uk/. Swiss residents can contact the Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch/.

11.2 United States

We respect the privacy rights granted by US state privacy laws. The rights below apply to residents of the corresponding state, subject to verification and to the exceptions set out in those laws.

California (CCPA / CPRA)

California residents have the right to:

• Know what categories of personal information we collect, use, disclose, and "share", and the sources, purposes, and recipients
• Access the specific pieces of personal information we hold about you
• Delete personal information we have collected, subject to legal exceptions
• Correct inaccurate personal information
• Opt out of the "sale" or "sharing" of personal information. As noted in Section 6.1, we do not sell personal information for money, but personalised advertising via AdMob in the free version may constitute "sharing" under the CPRA.
• Limit the use and disclosure of sensitive personal information (we do not knowingly process sensitive personal information beyond what is necessary to provide the requested service)
• Non-discrimination for exercising these rights
• Use an authorised agent to submit requests on your behalf

Do Not Sell or Share My Personal Information

To opt out of cross-context behavioural advertising "sharing":

1. Open ScanKeeper → Settings → Privacy options and withdraw consent for advertising; and / or
2. iOS: decline the App Tracking Transparency prompt or disable "Allow Apps to Request to Track" in Settings → Privacy & Security → Tracking; and / or
3. Android: open Settings → Google → Ads and tap Delete advertising ID; or
4. Email info@nomadixapps.org with the subject line "Do Not Sell or Share — California".

Subscribing to ScanKeeper Pro also stops the Application from initialising AdMob altogether.

We honour Global Privacy Control ("GPC") signals where the underlying advertising SDK supports them.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Montana (MCDPA), Oregon (OCPA), Delaware (DCDPA), Iowa (IICCC), and other US states with comparable laws

If you are a resident of one of these states (or another state that, by the time you read this, has adopted a comparable consumer privacy law), you have substantially similar rights to:

• Access / confirm the processing of your personal information
• Delete personal information we have collected
• Correct inaccurate personal information (where the law provides this right)
• Data portability in a usable format
• Opt out of targeted advertising, the sale of personal information, and certain types of profiling

To exercise any of these rights, follow the same steps as California residents above. If we deny your request, you may have a right to appeal; if so, reply to our response email and we will reconsider in the time frame your law requires.

11.3 Brazil (LGPD)

If you are in Brazil, you have the rights under the Lei Geral de Proteção de Dados (LGPD) to confirm whether we process your personal information; to access, correct, anonymise, block, or delete it; to data portability; to information about public and private entities with which we share your data; to information about the option of refusing consent and the consequences of refusal; and to revoke consent. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.br/anpd/.

11.4 Quebec, Canada (Law 25)

If you are a resident of Quebec, you have rights under "Law 25" (An Act to modernize legislative provisions as regards the protection of personal information) to access, rectify, withdraw consent, and request the cessation of dissemination of your personal information, and the right to data portability for computerised personal information you provided to us. You may also complain to the Commission d'accès à l'information du Québec at https://www.cai.gouv.qc.ca/.

11.5 Other jurisdictions

If you live elsewhere and your local law gives you privacy rights, contact us at info@nomadixapps.org and we will do our best to honour your request in line with that law.

12. Children's Privacy

ScanKeeper is a general-audience utility and is not directed to children. We do not knowingly collect personal information from children under 13 (or under the higher age of digital consent set by the EU Member State where the child resides, which can be up to 16). The Application is not used to build profiles of children or to target advertising at known children.

We comply with the US Children's Online Privacy Protection Act ("COPPA"). If you believe that a child has provided personal information to us, please email info@nomadixapps.org and we will delete the information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time, for example to reflect changes to the Application, to our processors, or to applicable law. When we make a change, we will update the "Last updated" date at the top of this page and post the updated Policy at https://scankeeper.nomadixapps.org/privacy-policy. For material changes, we will take additional steps required by law, such as showing an in-app notice or asking for renewed consent.

We encourage you to review this page periodically.

14. Contact

If you have any question about this Privacy Policy or about how Nomadix Apps handles your personal information:

• Email: info@nomadixapps.org
• Publisher: Nomadix Apps
• Website: https://scankeeper.nomadixapps.org/

We have not appointed a Data Protection Officer; please use the email address above and a member of our team will respond.

ScanKeeper Terms of Service

1. Acceptance of Terms

By downloading, installing, or using the ScanKeeper application ("Application"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not download, install, or use the Application.

2. Description of Service

ScanKeeper is a mobile application that allows you to scan, create, store, and display various types of barcodes and QR codes.

3. User License

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to download, install, and use the Application for your personal, non-commercial purposes.

4. Restrictions on Use

You agree not to:

• Use the Application for any unlawful purpose
• Modify, adapt, translate, reverse engineer, decompile, or disassemble the Application
• Remove any copyright, trademark, or other proprietary notices from the Application
• Use the Application in any manner that could damage, disable, overburden, or impair it
• Attempt to gain unauthorized access to any portion of the Application

5. User Content

You retain all rights to any content you create, upload, or store using the Application. You are solely responsible for all content that you create using the Application.

6. Intellectual Property Rights

The Application, including all content, features, and functionality, is owned by us and is protected by copyright, trademark, and other intellectual property laws.

7. Disclaimer of Warranties

THE APPLICATION IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

8. Limitation of Liability

IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES.

9. Changes to Terms

We reserve the right to modify these Terms at any time. Your continued use of the Application after any changes indicates your acceptance of the new Terms.

10. Contact Us

If you have any questions about these Terms, please contact us:

• By email: info@nomadixapps.org
• By visiting this page on our website: https://scankeeper.nomadixapps.org/