Scanyx Privacy Policy
Last updated: March 2026
This Privacy Policy (“Policy”) describes how the Scanyx mobile application (“App”, “Service”) for Android collects, uses, and shares information when you install and use it.
By using the App, you acknowledge that you have read and agree to this Policy. You also acknowledge that the App uses third-party services (analytics, advertising, push, stores) that have their own privacy policies and data practices; we are not responsible for how those third parties collect, use, or process your data (see Section 4 and Section 4.2).
1. Data controller and who we are
Data controller (for GDPR and similar laws):
Mobiwaves Solutions Apps (developer name)
Organization details: Mobiwave Solutions Limited
Rm 702 7/F FU FAI COML CTR
27 HILLIER ST
上環 -
Hong Kong (HK)
Scanyx is a document scanning app that lets you capture documents, create PDFs, and manage scans. In this Policy, “we”, “us”, and “our” mean the data controller above (the operator and rights holder of the App).
2. Information we collect and use
2.1 Data required for the App to work
- Camera. We request camera access to scan documents. Image processing for scanning runs on your device. Without this permission, scanning is unavailable.
- Photos and files. To import images from your gallery and save scanned documents, the App may need access to photos and files on your device. This is used only for App features (creating and exporting PDFs, saving to app folders). You can change these permissions in your device settings (e.g. Android: Settings → Apps → Scanyx → Permissions).
- Your documents and scans. Scanned documents and PDFs are stored by default locally on your device. We do not have access to the contents of your files unless you explicitly use a feature that sends data elsewhere (e.g. sharing via another app or service you choose).
2.2 Analytics
We use analytics to understand how the App is used and to improve it. The following providers receive events and technical data (e.g. screen views, feature usage, device type, OS version, language). We do not send the content of your documents to analytics.
| Provider | Service | Privacy / opt‑out |
|---|---|---|
| Google Firebase Analytics | App usage analytics | Google Privacy Policy, Firebase Privacy |
| Yandex AppMetrica | App usage analytics | AppMetrica Privacy |
Note on Yandex AppMetrica: This service is operated by Yandex; data may be transferred to and processed in Russia. If you are in a jurisdiction where this is a concern (e.g. certain sanctions or data-residency requirements), please be aware that analytics data may be sent to Russia. See also Section 4.3 (International transfers).
Data sent to these providers may include: device identifiers, advertising ID (only where you have consented), app version, session and event data. You can limit ad tracking in your device settings (e.g. “Opt out of Ads Personalization” / “Limit Ad Tracking”); this may reduce personalized ads but does not stop analytics.
2.3 Advertising
The free version of the App may show ads. We use the following ad networks and related services:
| Provider | Role | Data used for ads | Privacy / opt‑out |
|---|---|---|---|
| Google AdMob | Ad serving (interstitial, app open, banner, rewarded) | Advertising ID, device data, ad interactions | Google Privacy, AdMob |
| AppLovin | Ad serving (interstitial, app open, rewarded, banner) | Advertising ID, device data, ad interactions | AppLovin Privacy |
| Google Firebase Remote Config | Remote configuration for ad units and behavior | App instance ID, config keys | Firebase Privacy |
- Advertising identifiers: We may use the Google Advertising ID to deliver and measure ads (including personalized ads when permitted). You can reset or limit it in your device settings.
- Consent: Where required (e.g. EEA/UK), we use Google User Messaging Platform (UMP) to collect and pass your consent choices to ad partners. You can change consent or opt out of personalized ads in the App or in your device settings (e.g. “Opt out of Ads Personalization”).
- We do not use your document or scan content for advertising.
2.4 In‑app purchases and subscriptions (Premium)
- Who processes payments: Purchases and subscriptions are processed entirely by Google Play. We do not collect or store your payment card or billing details.
- What we receive: We receive from the store only information needed to grant Premium access: for example, purchase state, subscription status, and (where provided by the store) anonymized transaction identifiers. This is used to unlock Premium features (e.g. ad-free experience, extra functionality) and to restore purchases on reinstall.
- Policies: Google Play payment and refund rules apply: Google Play Payments.
2.5 Push notifications
We use Firebase Cloud Messaging (FCM). The App sends your FCM token, plus non-identifying data (e.g. timezone, locale), to our servers so we can send you push notifications you have agreed to. You can disable push notifications in the App or in your device settings at any time.
2.6 Our backend (attribution and push)
Our own servers may receive:
- FCM token and related data (e.g. timezone, locale) to deliver push notifications.
- Attribution / conversion data (e.g. encrypted conversion IDs and timestamps) when you install or use the App after coming from a campaign. This is used for attribution and analytics and is not linked to your document content.
2.7 Support and contact
If you contact us by email or a contact form, we process the contact details and message content you provide only to respond and resolve your request.
2.8 Cookies, local storage, and in-app browsing
- On-device storage: The App uses local storage on your device for preferences, consent choices, and app state. This is not sent to third parties except as described in this Policy.
- In-app browser (WebView): Where the App shows ads or opens web content in an in-app browser (WebView), ad partners (e.g. AdMob, AppLovin) may use cookies or similar technologies for delivery and measurement. Their use is governed by their privacy policies (see Section 2.3).
- Web version: If we offer a website or web app, use of cookies and similar technologies there will be described in a separate notice on that site.
3. Purposes of processing
We use the data above to:
- Provide and improve App features (scanning, PDF creation, storage, export).
- Run analytics (in aggregated form) to improve the product.
- Show and measure ads in the free version (including personalized ads when you consent).
- Manage Premium access (subscription status) via the stores.
- Send push notifications (when you have agreed).
- Fulfill attribution and support requests.
3.1 Legal basis for processing (EEA/UK – GDPR Art. 6)
Where GDPR or UK GDPR applies, we process personal data on the following bases:
| Processing type | Purpose | Legal basis |
|---|---|---|
| Camera, photos, files | Providing scan and PDF features | Contract (Art. 6(1)(b)) – necessary to perform our contract with you |
| Purchase/subscription status | Granting and restoring Premium | Contract (Art. 6(1)(b)) |
| Analytics (usage, events, device data) | Improving the App, understanding usage | Legitimate interest (Art. 6(1)(f)) – improving our service and product; you may object |
| Personalized advertising | Showing relevant ads in the free version | Consent (Art. 6(1)(a)) where we ask for it (e.g. UMP); otherwise Legitimate interest where permitted by law |
| Push notifications | Sending notifications you agreed to | Consent (Art. 6(1)(a)) |
| Attribution / conversion data | Measuring campaigns and conversions | Legitimate interest (Art. 6(1)(f)); you may object |
| Support communications | Responding to your requests | Contract or Legitimate interest (Art. 6(1)(b) or (f)) |
| Compliance, legal requests | Meeting legal obligations | Legal obligation (Art. 6(1)(c)) where applicable |
Where we rely on consent, you may withdraw it at any time (e.g. in device or app settings); withdrawal does not affect the lawfulness of processing before withdrawal. Where we rely on legitimate interest, you have the right to object (see Section 9).
4. Third parties we share data with (summary)
We do not sell your personal data. We may share data only as follows:
| Category | Third parties | What is shared |
|---|---|---|
| Analytics | Google (Firebase Analytics), Yandex (AppMetrica) | Events, device/technical data, advertising ID (where permitted) |
| Advertising | Google (AdMob, UMP), AppLovin, Firebase Remote Config | Advertising ID, device data, ad events, consent status |
| Push | Google (FCM), our servers | Device/push token, timezone, locale |
| Purchases | Google Play | No payment data from us; the store processes payments and may share purchase/subscription status with us |
| Legal | Authorities | When required by law |
4.1 Our third-party partners and SDKs
The App uses the following third-party services and SDKs. Each has its own privacy policy and terms; we do not control their processing and we are not responsible or liable for their collection, use, disclosure, or retention of data. For any questions or requests regarding data processed by these partners, please contact them directly.
| Partner | Purpose | Privacy / terms |
|---|---|---|
| Google (Firebase Analytics, AdMob, FCM, Remote Config) | Analytics, advertising, push, remote config | Google Privacy, Firebase, AdMob |
| Yandex AppMetrica | Analytics | AppMetrica Privacy |
| AppLovin | Advertising | AppLovin Privacy |
| Google Play | In-app purchases | Google Play |
Any new partners or SDKs added to the App will be listed here. We encourage you to review each partner’s privacy policy. We have no control over and assume no responsibility for the content, privacy practices, or data handling of these third parties.
4.2 No responsibility for third-party processing
- We are not responsible for how third-party partners (listed in Section 4.1 and elsewhere in this Policy) collect, use, store, or disclose your data. Once data is shared with or collected directly by a third party, their privacy policy and practices apply.
- We do not supervise, control, or guarantee the compliance of third parties with applicable law or their own policies. Requests for access, deletion, or other rights regarding data held by analytics, advertising, or other partners should be directed to those partners.
- To the maximum extent permitted by applicable law, we disclaim liability for any loss, misuse, or unauthorized processing of your data by third-party services integrated into or used by the App.
4.3 International transfers (outside EEA/UK)
Some of the providers we use are located outside the European Economic Area (EEA) and the UK:
- United States: Google (Firebase, AdMob, FCM, Remote Config), AppLovin, and possibly other ad or analytics partners. The US is not subject to an adequacy decision in the EU/UK for general commercial transfers. Where we transfer data to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (and/or UK equivalents) and, where relevant, supplementary measures, as provided by the respective providers.
- Russia: Yandex (AppMetrica). Russia is not the subject of an adequacy decision. Data sent to AppMetrica may be transferred to Russia; we rely on the safeguards described in AppMetrica’s documentation and any contractual arrangements in place. Users in the EEA/UK or other jurisdictions that restrict transfers to Russia should be aware of this.
If you would like more detail on the transfer mechanisms we use for a specific provider, contact us (Section 10). We are not responsible for how those providers handle data once it is transferred to them (see Section 4.2).
5. Retention and deletion
- On your device: Your documents and scans stay on your device. Uninstalling the App or clearing its data removes them from the device. Local app settings and consent are stored on the device until you clear app data or uninstall.
- Our servers: Push tokens and attribution-related data (e.g. FCM token, timezone, locale, conversion-related identifiers) are retained for up to 24 months from last activity, or until you request deletion or withdraw consent (e.g. disable push), after which we delete or anonymize them within a reasonable period. Support correspondence is kept as long as needed to resolve your request and then for a limited period for legal and operational purposes (e.g. up to 3 years unless the law requires longer).
- Third-party providers: Analytics and ad partners retain data according to their own policies (see links in Sections 2.2 and 2.3). We do not control their retention periods.
- Your request: You can ask us to delete personal data we hold about you (see Section 9). We will do so within the time required by applicable law, except where we must retain data for legal obligations (e.g. tax, disputes).
6. Security
We use reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Data in transit is protected using standard mechanisms (e.g. HTTPS).
7. Children
The App is not intended for users under 13. We do not knowingly collect personal data from children under 13. In the EEA/UK, we do not knowingly collect personal data from children under 16 without parental consent (GDPR allows member states to set the age between 13 and 16; local thresholds may vary). If you are a parent or guardian and learn that your child has provided us with personal data, please contact us and we will delete it.
8. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top will change. For substantial changes we will notify you in advance in the App or by push notification (and by email if we have it). Continued use after the update means you accept the revised Policy; in GDPR jurisdictions, continued use after notice of a substantial change is treated as acceptance. For minor or non-substantial changes, publication of the updated Policy is sufficient.
9. Your rights (GDPR, CCPA, etc.)
Depending on where you live, you may have the right to:
- Access your personal data.
- Correct or delete your data.
- Restrict or object to certain processing.
- Withdraw consent where processing is based on consent.
- Data portability (where applicable).
- Lodge a complaint with a supervisory authority. In the EEA/UK, you have the right to lodge a complaint with a data protection authority in your country. You can find your supervisory authority in the list of EEA/UK data protection authorities (EDPB website).
California (CCPA): We do not sell personal information. You may request: categories of personal information collected; sources; business purpose; categories of third parties we share with; and deletion. Contact us (see below) to exercise these rights.
To exercise any of these rights, contact us using the details in Section 10. We will respond within the timeframes required by applicable law.
10. Contact
For privacy-related questions, requests to exercise your rights (access, correction, deletion, objection, portability, withdrawal of consent), or complaints:
- Website: https://mobiwavesolutionsltd.com
We will respond within the timeframes required by applicable law (e.g. one month under GDPR, with possible extension where permitted).
© Scanyx - AI PDF Scanner, Mobiwave Solutions Limited. March 2026.