Privacy Policy
Last updated: 6 May 2026 · Effective immediately
This Privacy Policy describes how Gamya Consultancy and Electric Solutions Pvt. Ltd. ("Company", "we", "us") collects, uses and shares information when you use the Scanvio mobile application ("App") and related services (collectively, the "Service").
1. Information we collect
1.1 Information you provide
- Email address — when you sign up for paid tiers, contact support, or join the iOS waitlist.
- Payment details — processed entirely by Razorpay (India) or Stripe (Global). We never see or store your full card number, CVV, or UPI PIN. We only receive a transaction reference and last-4 digits.
- Document content — only when you explicitly invoke an AI feature (Summary, Translation, Legal Analyzer). The image / extracted text is sent to our backend for processing and forwarded to the LLM provider.
- Consent records — when you accept Terms & Conditions, we store an anonymous consent log (consent_id, device hash, region, timestamp, version of T&C accepted) for legal compliance.
1.2 Information collected automatically
- Device identifier — an anonymous device hash (UUID) used to enforce free-tier daily quotas. Not linked to your name or email.
- Crash reports — anonymous stack traces if the app crashes (no scan content included).
- Usage analytics — only the count of API calls per day per device hash (for quota enforcement). We do not track individual user behaviour.
1.3 Information stored only on your device
- All scanned documents, images, OCR text, AI summaries, translations, business cards, and folder structure.
- App preferences and settings.
This data never leaves your device unless you explicitly request an AI feature, share, or export.
2. How we use your information
- To provide AI features (OCR, summary, translation, legal analysis) you explicitly invoke.
- To process payments and grant entitlements (Pro / Legal+ tiers).
- To enforce free-tier quotas (5 AI analyses + 3 translations per day per anonymous device hash).
- To respond to support requests and refund queries.
- To comply with applicable laws (tax, GST, fraud prevention).
3. AI processing & third parties
When you use AI features, your scan content is sent to one of the following LLM providers via their respective APIs:
- OpenAI — GPT-4o (vision) for OCR, document classification, summarization, and translation. OpenAI Privacy Policy
- Anthropic — Claude Sonnet 4.5 for Legal Document Analysis. Anthropic Privacy Policy
Both providers are opt-out of training on API data by default. We do not store your document content on our backend after processing — it is discarded within 24 hours.
Other third parties we rely on:
- Razorpay (payments, India) · privacy policy
- Stripe (payments, Global) · privacy policy
- Resend (transactional email) · privacy policy
- MongoDB Atlas (encrypted backend storage of consent logs and quota counters) · privacy policy
4. Data retention
| Data type | Where | Retention |
|---|---|---|
| Scans, OCR, AI summaries | Your device only | Until you delete them |
| Document content sent to LLM | Our backend cache | ≤ 24 hours, then auto-purged |
| Consent logs | MongoDB Atlas | 5 years (legal requirement) |
| Quota counters (anon. device hash) | MongoDB Atlas | 30 days rolling |
| Payment records | MongoDB Atlas | 7 years (tax law) |
| Crash reports | Sentry | 90 days |
5. Your rights
Depending on your jurisdiction (GDPR, India DPDP Act, CCPA):
- Access — request a copy of any data we hold about you.
- Correction — request correction of inaccurate data.
- Deletion — request deletion (subject to legal retention).
- Portability — receive your data in a machine-readable format.
- Objection / opt-out — withdraw consent at any time.
To exercise any right, email privacy@scanvio.app. We will respond within 30 days.
6. Children
Scanvio is not intended for users under 13 (under 16 in EU). We do not knowingly collect data from children. If you believe a child has used the Service, please contact us and we will delete the data.
7. Security
- All network traffic uses TLS 1.2+.
- Backend storage is encrypted at rest (MongoDB Atlas).
- Local device storage relies on the operating system's sandbox + encryption (Android Keystore / iOS Data Protection).
- No backend data is shared with third parties outside the providers listed in §3.
8. International transfers
Your data may be processed in the United States (OpenAI, Anthropic, Stripe), the European Union (Resend), or India (Razorpay, MongoDB ap-south region). All transfers are governed by Standard Contractual Clauses or equivalent safeguards.
9. Changes to this policy
We will update this policy when our practices change. The "Last updated" date at the top reflects the latest version. Material changes will be highlighted in-app.
10. Grievance Officer (India — Rule 5(9), IT Rules 2021)
Sushil Kumar
Gamya Consultancy and Electric Solutions Pvt. Ltd.
Email: grievance@scanvio.app
Response window: 48 hours acknowledgement, 30 days resolution.
11. Contact
General privacy queries: privacy@scanvio.app
Legal: legal@scanvio.app