FarmaScanner
Confidențialitate local-first
Această pagină descrie site-ul și rezumă abordarea privacy a aplicației.
Este afișată versiunea legală în engleză deoarece aplicația Android nu include încă o traducere specifică pentru această limbă.
Privacy Policy
Last updated: July 1, 2026
Summary
Receipt contents and any Tax ID are managed locally on your device. To improve app stability and quality, we use technical telemetry via Firebase/Google and Google Play diagnostics, designed to be minimized and exclude receipt contents and Tax ID.
Data Controller: Resis — Privacy contact: dev@resis.it
1. Data Controller and Contacts
Data Controller: Resis ("Controller")
Privacy contact: dev@resis.it
2. How the App is Designed
The App is designed with a clear separation between:
- Content data (receipts, extracted text, Tax ID): managed locally on the device to provide app features.
- Technical operational data (telemetry): used to improve stability and quality via third-party Google Firebase services and Google Play tools. This data is designed to be minimized and not include receipt content or Tax ID.
3. What Data is Processed
3.1 Data Processed Locally on Device
When using the main features of the App, the following may be processed and saved on your device:
- Receipt images (captured with camera or selected by user).
- Data extracted from receipts (via OCR), such as date, amount, and organizational elements.
- Tax ID (if entered by user or detected from receipt).
- App settings and preferences.
Note: some receipts (e.g., pharmacy) may involve potentially sensitive information. For this reason, technical telemetry is designed to exclude content and identifiers.
3.2 Data Shared Only at User's Initiative
The App may allow exporting data (e.g., ZIP/CSV) and sharing via device tools. Sharing occurs only because you initiate it; recipients process data according to their policies.
3.3 Technical Data Sent to Google Firebase
To improve App reliability and quality, the following may be processed via Google Firebase:
- Firebase Crashlytics: crash and error reports.
- Firebase Analytics: technical/usage events (e.g., OCR flow, outcomes, errors).
- Firebase Remote Config: technical parameters and feature flags.
Examples of technical data: App version, device model, OS version, language, structured events, counters, timing, error categories.
Telemetry is designed not to include receipt images/text, amounts, Tax ID, and to use pseudonymized and minimized identifiers.
3.4 Data via Google Play Console
Google Play may provide statistics and diagnostics (e.g., crash/ANR, Android Vitals) governed by Google policies.
4. Purposes and Legal Basis
A) Core App Features
Purpose: provide requested features (capture, storage, viewing, export).
Legal basis: contract performance (Art. 6(1)(b) GDPR).
B) Security and Stability (Crashlytics)
Purpose: identify malfunctions and improve reliability.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
C) Product Improvement (Analytics)
Purpose: measure and improve App flows.
Legal basis: consent (Art. 6(1)(a) GDPR) if opt-in is provided, or legitimate interest (Art. 6(1)(f) GDPR) if collection is strictly technical and minimized.
5. Recipients and Providers
The Controller uses providers who may act as Data Processors:
- Google (Firebase: Analytics, Crashlytics, Remote Config)
- Google Play / Play Console for statistics and diagnostics
6. Transfers Outside EEA
Cloud services may involve processing outside the European Economic Area. In such cases, GDPR-compliant safeguards are adopted (e.g., Standard Contractual Clauses).
7. Data Retention
- Local data: remains on device until you delete it or uninstall the App.
- Firebase Analytics: 14 months.
- Crashlytics: according to project settings and provider policies.
8. Security Measures
We adopt measures proportional to risk:
- Minimization of collected technical data
- Structured logging based on events/categories (not content)
- Technical controls to block/redact possible personal data
- Session correlation with non-persistent random identifiers
- Sampling and controlled enablement
- Runtime integrity checks to protect paid features (without collecting personal data)
9. User Rights
You may exercise your rights under Arts. 15-22 GDPR (access, rectification, erasure, restriction, objection, portability).
For local data, you can manage directly from the App (e.g., deletion).
For requests regarding Controller's processing: dev@resis.it
You have the right to lodge a complaint with the supervisory authority (in Italy: Garante per la protezione dei dati personali).
10. Changes to this Policy
We may update this Policy for legal or technical reasons. We will always indicate the date of last update.