Privacy Policy

Last updated: June 12, 2026

The short version: Your scans stay on your device. When you sync, files go to your Google Drive — we have no servers and never see your documents. OCR runs entirely offline on your phone.

1. Who we are

QwikScanner ("the app", "we") is a mobile document scanning application for Android. This policy explains what information the app handles and how. For questions, contact us at covibedev@gmail.com.

2. Information the app collects

QwikScanner is designed to collect as little as possible:

Scanned documents and images — stored only in your device's local storage and local SQLite database. They are never transmitted to us.
Extracted text (OCR) — generated entirely on your device using Google ML Kit and stored locally alongside your documents. OCR processing requires no internet connection, and document content is never sent to any server for text recognition.
Google account information — if you sign in, the app receives your name, email address, and profile photo from Google to display in the app. We do not store this information anywhere except on your own device.
App settings — preferences such as default scan enhancement and export quality are stored locally on your device.

QwikScanner has no backend servers. We do not collect analytics, usage data, crash reports tied to your identity, advertising identifiers, or location data.

3. Google Drive access

When you choose to sync a document, the app uploads it to your own Google Drive account using Google's official API. Key points:

The app requests only the drive.file OAuth scope — the narrowest scope Google offers. This permits access only to files and folders the app itself creates.
The app cannot see, read, modify, or delete any other files in your Google Drive.
Synced files are placed in a QwikScanner/ folder in your Drive, organised by document title.
Syncing is always manual — the app never uploads anything in the background without your action.
Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Authentication and token storage

Sign-in uses native Google Sign-In. Your Google password is never seen or handled by the app. The OAuth access token that authorises Drive uploads is stored in your device's hardware-backed secure storage (Android Keystore via expo-secure-store) and is refreshed automatically. Signing out removes the stored token and account information from the device.

5. On-device OCR

Text extraction is performed by Google ML Kit Text Recognition, which runs entirely on your device. Your document images and their text content never leave your phone during OCR — extraction works even in airplane mode.

6. Data sharing

We do not sell, rent, trade, or share any of your information with third parties. The only data transfer that ever occurs is the one you initiate: uploading your own files to your own Google Drive account.

7. Data retention and deletion

Local documents — delete any document within the app at any time; this permanently removes it and its pages from your device.
Drive files — files you synced belong to you; manage or delete them directly in Google Drive.
Account access — sign out in Settings to remove your account and token from the device. You can also revoke QwikScanner's access entirely at myaccount.google.com/permissions.
Everything at once — uninstalling the app removes all locally stored documents, text, settings, and credentials.

8. Permissions the app requests

Camera — required to scan documents. Images are processed locally.
Internet — used only for Google Sign-In and Drive uploads you initiate.

9. Children's privacy

QwikScanner is not directed at children under 13, and we do not knowingly collect personal information from children. The app requires a Google account to use Drive sync, which itself has minimum-age requirements.

10. Security

Documents are stored in the app's private sandboxed storage, inaccessible to other apps. Authentication tokens are kept in hardware-backed secure storage. All communication with Google APIs uses HTTPS encryption.

11. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date above and, where appropriate, notify you within the app. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

Questions, concerns, or data requests: covibedev@gmail.com