Legal

Privacy Policy

Last updated: February 22, 2026

1. Introduction

ScanYum is a mobile application designed to help users scan, translate, and understand menus and food-related content while traveling or dining. This Privacy Policy ("Policy") explains how we collect, use, share, and protect your personal information when you use the ScanYum mobile application, the ScanYum website, and all related features and services (collectively, the "Service").

This Policy should be read together with our Terms of Service. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms of Service, including the definitions set forth in Section 2 thereof (such as "Service," "App," "User Content," "Scan Data," "Scan Modes," and "Subscription").

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with our data practices described herein, please do not use the Service.

2. Data Controller & Contact Information

ScanYum is the data controller responsible for the processing of your personal data in connection with the Service. If you have any questions, concerns, or requests regarding this Policy or our data practices, you may contact us:

  1. By email: support@scanyum.com
  2. Via our contact page

If you are located in the European Economic Area (EEA) or the United Kingdom (UK) and require information about our EU/UK representative, please contact us using the details above.

3. Information We Collect

We collect and process different categories of information depending on how you interact with the Service. We only process personal data to the extent necessary to provide the Service, comply with applicable law, and support our users.

a) Information You Provide

  1. Account Data. When you create an account, we collect your name, email address, and any other information you provide during registration.
  2. Contact Form Data. When you reach out to us via our contact page, we collect your name, email address, subject, and message content.
  3. Feedback. Any feedback, suggestions, or comments you voluntarily submit to us about the Service.

b) Scan Data & User Content

  1. Scanned Images. Images of menus, labels, or other food-related materials that you capture or upload using the App.
  2. OCR & Translation Results. Text extracted from scanned images through optical character recognition and the resulting translations, currency conversions, and other processed output.
  3. Scan Mode Data. Information generated through the use of specialized Scan Modes (Beer Mode, Wine Mode, Cocktail Mode), including tasting notes and beverage-specific details.
  4. Scan History. A record of your previous scans, stored locally on your device and/or in your account for convenient reference.

When you use the scanning feature, your images are transmitted to third-party OCR and translation service providers for processing. Processed results are returned to the App and stored in accordance with Section 8. We do not retain the original scanned images on our servers after processing is complete.

c) Subscription & Purchase Data

When you purchase a Subscription or make an in-app purchase, we receive transaction identifiers and subscription status information from Apple. We do not receive, process, or store your credit card number, bank account details, or other payment card information. All payment processing is handled by Apple through the App Store.

d) Automatically Collected Data

  1. Device Information. Device type, operating system version, app version, language settings, and unique device identifiers necessary for the operation of the Service.
  2. Diagnostics & Crash Logs. Technical information about app performance, errors, and crashes to help us identify and fix issues.
  3. Basic Usage Data. Minimal, aggregated data about how the Service is used (such as feature usage frequency) to help us improve the user experience.
  4. Push Notification Tokens. If you enable push notifications, we receive a device token from Apple to deliver service-related notifications (such as scan completion alerts and account updates). You may disable notifications at any time through your device's Settings.

Website Analytics. Our website uses Google Analytics (GA4), a web analytics service provided by Google LLC, to help us understand how visitors interact with our site. Google Analytics is loaded only after you provide your consent through the cookie consent banner displayed on the website. If you decline, no analytics data is collected. We do not use advertising SDKs or cross-app tracking technologies.

e) Device Permissions

The App requires access to your device's camera to capture images of menus and other materials for scanning. Camera access is requested through your device's operating system permission prompt and is used solely for this purpose. You may revoke camera access at any time through your device's Settings, though this will limit the App's ability to perform scanning.

4. How We Use Your Information

We use the information we collect for the following purposes:

  1. Provide the Service: To operate and deliver the core functionality of ScanYum, including scanning, translation, currency conversion, and Scan Modes;
  2. Manage Accounts: To create and maintain your account, authenticate your identity, and sync your data across devices;
  3. Process Subscriptions: To verify your subscription status, grant access to premium features, and manage purchase-related records;
  4. Respond to Inquiries: To address your questions, feedback, and support requests submitted through our contact page or email;
  5. Improve the Service: To analyze aggregated usage patterns, diagnose technical issues, and develop new features and enhancements;
  6. Ensure Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues;
  7. Comply with Law: To fulfill our legal obligations, respond to lawful requests from authorities, and enforce our Terms of Service; and
  8. Communicate: To send important service-related notices, such as updates to these Terms or this Policy, security alerts, and account notifications.

We do not use your personal data for targeted advertising, and we do not build advertising profiles based on your activity within the Service.

While the Service uses automated processing (such as OCR and translation), we do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects concerning you.

5. Legal Basis for Processing (GDPR)

If you are located in the EEA or the UK, we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR). The legal bases we rely on include:

  1. Performance of a Contract (Art. 6(1)(b)). Processing is necessary to provide the Service to you, including scanning, translating, managing your account, and fulfilling your Subscription.
  2. Consent (Art. 6(1)(a)). Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal. We will inform you if consent is the applicable basis at the time of collection.
  3. Legitimate Interests (Art. 6(1)(f)). Processing is necessary for our legitimate interests, such as improving the Service, ensuring security, and diagnosing technical issues, provided these interests are not overridden by your fundamental rights and freedoms.
  4. Legal Obligation (Art. 6(1)(c)). Processing is necessary to comply with a legal obligation to which we are subject, such as tax, accounting, or regulatory requirements.

Specifically, the legal bases apply to each data category as follows:

  1. Contract: Account Data, Scan Data, Subscription & Purchase Data, Push Notification Tokens (service-related);
  2. Legitimate Interests: Diagnostics & Crash Logs, Basic Usage Data, Device Information, Contact Form Data, Feedback;
  3. Legal Obligation: Subscription & Purchase Data (accounting and tax records), data retained for dispute resolution;
  4. Consent: any future optional data processing (e.g., analytics) that we may introduce, for which we will request your prior consent.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party.

We may share your information with the following categories of recipients, solely for the purposes described in this Policy:

  1. OCR & Translation Providers. Third-party service providers that perform optical character recognition and translation processing on Scan Data you submit through the Service. These providers process Scan Data transiently and are contractually required to delete it promptly after processing is complete.
  2. Apple Inc. For processing in-app purchases and Subscriptions, distributing the App through the App Store, and delivering push notifications.
  3. Cloud Hosting & Infrastructure Providers. Third-party providers that host our servers, databases, and backend infrastructure necessary to operate the Service.
  4. Email Service Provider. A third-party provider used to deliver transactional and service-related emails (such as account confirmations and support responses).
  5. Legal Authorities. Government agencies, law enforcement, or other authorities when we are required to disclose information by applicable law, regulation, legal process, or enforceable governmental request.

All third-party service providers are bound by data processing agreements that require them to implement appropriate technical and organizational security measures and to process your data only for the purposes specified therein.

7. International Data Transfers

Your personal data may be processed in countries outside of the European Economic Area (EEA) or the United Kingdom (UK), including by third-party providers that perform OCR, translation, and cloud hosting services on our behalf.

When we transfer personal data outside the EEA or UK, we ensure that appropriate safeguards are in place, which may include:

  1. Standard Contractual Clauses (SCCs) approved by the European Commission;
  2. Adequacy decisions by the European Commission confirming that the recipient country provides an adequate level of data protection; or
  3. Other safeguards as permitted under Chapter V of the GDPR.

You may request information about the specific safeguards we apply to international data transfers by contacting us at support@scanyum.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy. Retention periods vary by data category:

  1. Account Data. Retained for as long as your account remains active. Upon account deletion, your data will be deleted within ninety (90) days, except where retention is required by applicable law or for the resolution of disputes. This is consistent with the data retention provisions in Section 14 of our Terms of Service.
  2. Scan Data. Scan History stored locally on your device is under your control. Processed scan results (such as extracted text, translations, and scan metadata) associated with your account are retained in accordance with the account retention period described above. Original scanned images are not retained on our servers after processing, as described in Section 3(b).
  3. Contact Form Data. Retained for up to twelve (12) months from the date of your inquiry, or longer if needed for ongoing support or legal purposes.
  4. Subscription & Purchase Data. Retained for the duration of your Subscription plus a reasonable period thereafter for accounting, tax, and legal compliance purposes.
  5. Diagnostic & Crash Data. Retained in identifiable form for up to ninety (90) days. After this period, data is deleted or aggregated in a non-identifiable form.
  6. Push Notification Tokens. Retained for as long as you have notifications enabled. Tokens are automatically invalidated by Apple when you disable notifications or uninstall the App.

When data is no longer needed, we delete or anonymize it in accordance with our internal data retention procedures.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data. We are committed to honoring these rights in accordance with applicable law.

a) All Users

Regardless of where you are located, you may:

  1. Access the personal data we hold about you;
  2. Correct any inaccurate or incomplete personal data; and
  3. Delete your personal data, subject to certain exceptions (such as legal retention requirements).

To exercise these rights, you may use the privacy or account settings within the App (where available), contact us via our contact page, or email us at support@scanyum.com. We will respond to your request within thirty (30) days.

We may request additional information to verify your identity before fulfilling your request, to ensure that personal data is not disclosed to an unauthorized person. In certain circumstances, we may extend the response period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

b) EEA/UK Residents (GDPR)

If you are located in the EEA or the UK, you have the following additional rights under the GDPR:

  1. Restriction of Processing. You may request that we restrict the processing of your personal data in certain circumstances.
  2. Data Portability. You may request a copy of your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
  3. Right to Object. You may object to our processing of your personal data where we rely on legitimate interests as the legal basis.
  4. Withdraw Consent. Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
  5. Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. A list of supervisory authorities is available on the European Data Protection Board (EDPB) website.

c) California Residents (CCPA/CPRA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"):

  1. Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
  2. Right to Delete. You may request that we delete personal information we have collected from you, subject to certain exceptions.
  3. Right to Opt-Out of Sale or Sharing. We do not sell or share your personal information as those terms are defined under the CCPA. Accordingly, there is no need to opt out.
  4. Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
  5. Authorized Agents. You may designate an authorized agent to submit requests on your behalf, subject to verification of the agent's authority and your identity.

d) Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with applicable consumer privacy laws may have similar rights to access, correct, delete, and opt out of certain data processing activities. To exercise these rights, please contact us using the details provided in Section 16 of this Policy.

10. Account Deletion

You may request deletion of your account and associated personal data at any time by:

  1. Submitting a request through our contact page with the subject "Account Deletion Request"; or
  2. Emailing us at support@scanyum.com with the subject "Account Deletion Request."

Upon receiving your request, we will verify your identity and process the deletion of your account data within ninety (90) days. Some data may be retained beyond this period where required by applicable law or for the resolution of disputes.

Important: If you have an active Subscription, deleting your account does not automatically cancel your Subscription. You must cancel your Subscription separately through your Apple ID account settings before requesting account deletion to avoid continued billing. For instructions, visit your device's Settings > Apple ID > Subscriptions.

11. Cookies & Tracking Technologies

a) Website

The ScanYum website uses the following categories of cookies:

Essential Cookies

These cookies are strictly necessary for the operation of the site:

  1. Session Cookies. To maintain your browsing session and remember your preferences during a visit.
  2. CSRF Cookies. To protect against cross-site request forgery attacks and ensure the security of form submissions.

Analytics Cookies (with consent)

If you consent through the cookie banner, the following analytics cookies from Google Analytics (GA4) may be set:

  1. _ga — Used to distinguish unique visitors. Expires after 2 years.
  2. _ga_* — Used to maintain session state. Expires after 2 years.

These cookies are activated only after you provide your consent through the cookie consent banner. If you decline, no analytics cookies are set and no analytics data is collected. You may change your preference at any time by clearing your browser's local storage.

We do not use advertising cookies or any other non-essential tracking technologies on our website.

b) Mobile App

The ScanYum App does not use cookies, third-party tracking SDKs, advertising SDKs, or cross-app tracking technologies. We do not participate in any form of cross-application or cross-site tracking for advertising or measurement purposes.

The App does not engage in "tracking" as defined by Apple's App Tracking Transparency framework and does not request the AppTrackingTransparency permission.

12. Children's Privacy

The Service is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take prompt steps to delete such information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@scanyum.com so that we can take appropriate action.

13. Security

We implement reasonable technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  1. Encryption of data in transit using TLS/SSL;
  2. Access controls limiting data access to authorized personnel only;
  3. Secure cloud infrastructure with regular security updates and monitoring.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities and, where required by applicable law, affected users without undue delay, in accordance with our legal obligations.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of the Service. When we make changes, we will:

  1. Update the "Last updated" date at the top of this page;
  2. For material changes, provide notice through the App, by email, or by other reasonable means.

Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically to stay informed about how we protect your data.

15. Supplemental Terms for Apple App Store Users

If you downloaded the App from the Apple App Store, please note the following:

  1. Apple Inc. may collect certain data in connection with your use of the App Store and Apple services, in accordance with Apple's own privacy policy. ScanYum's data practices are independent of and separate from Apple's data collection.
  2. ScanYum is solely responsible for the data processing described in this Policy. Apple has no obligation to provide data-related services in connection with the App.
  3. For information about Apple's data practices, please refer to Apple's Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

  1. Via our contact page
  2. By email: support@scanyum.com

If you are located in the EEA or the UK, you also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available on the European Data Protection Board (EDPB) website.