SafeScan
00 / privacy

Privacy Policy

Last updated: May 26, 2026

SafeScan: QR & Barcode Scanner (shown on your device as "Safe QR") is built to keep your scans on your phone. This page describes exactly what data the app touches and what leaves your device.

On-device by default

Scan history, generated codes, and your saved wallet items live in local storage on your phone. The app does not maintain a server-side account, and we cannot see what you scan. This includes payment QRs (UPI, PIX, PayNow, PromptPay and similar) — their contents are parsed on your device and are never sent to us.

Anonymous analytics

If Anonymous analytics is on (you can turn it off anytime in Settings → Data and Privacy), the app reports anonymous usage so we can understand which features people use. No scan contents, URLs, Wi-Fi passwords, payment details, or anything you type are ever sent.

We use three first-party analytics tools:

  • Firebase Analytics and Mixpanel receive event names (like scan_completed, wallet_item_saved, or paywall_shown) and bucketed counts only — never raw content.
  • Microsoft Clarity provides anonymous interaction analytics (aggregate heatmaps of taps and scrolls). To protect you, session recording is switched off entirely on every screen that can show scan results, payments, Wi-Fi passwords, saved codes, or your history, and on-screen text and images are masked elsewhere.

To keep your analytics consistent across your own Apple devices, the app uses an anonymous, randomly generated ID stored in your Keychain. It is a random token — never your name, email, phone number, or a hardware/advertising identifier — used only for this first-party analytics. Turning analytics off, or resetting all settings, deletes it.

All collection stops the moment you opt out.

Crash reports

If a crash happens, it is reported through Apple's built-in crash reporting in App Store Connect. Crash reports contain a stack trace — not your scan contents, file paths from your library, or anything you typed.

URL safety checks

When you scan a URL, the app first runs on-device pattern checks (no network) for known phishing patterns, IDN homographs, lookalike brand domains, suspicious top-level domains, and URL shorteners. These checks are entirely local.

If the URL is short or scores as suspicious, the app may then send the URL to Google Safe Browsing for a reputation lookup. Per Google's published policy, the URL is hashed by their API and not stored against any account. The URL still leaves your phone in plaintext over HTTPS.

Product and book lookups

When you scan a product barcode, the GTIN is sent to Open Food Facts. When you scan an ISBN, the ISBN is sent to Open Library and Google Books. No other information is sent.

What we never do

  • We never sell your data.
  • We never share your data with advertisers.
  • We never show you ads, and we never use your data for advertising.
  • We never use an advertising identifier (IDFA) or track you across other apps or websites.
  • We never read your photo library beyond what you explicitly pick.
  • We never access your contacts beyond explicit Add-to-Contacts actions you initiate.

Your rights

You can:

  • Export everything as a ZIP (CSV + JSON) from Settings → Data and Privacy.
  • Clear all history with one tap (irreversible).
  • Clear all wallet items with one tap (irreversible).
  • Reset all settings from Settings → Advanced.
  • Delete the app to remove all local data.

Children

Safe QR is intended for general audiences. We do not knowingly collect personal data from children.

Changes

We will update this page when our practices change. The last updated date at the top reflects the most recent change.

Contact

Questions, deletion requests, or anything else: support@smartqrscan.app

← HomePrivacyTermsSupport