Legal

Privacy Policy

Last updated: February 2026

1. Introduction

Paper2Form ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

2. Information We Collect

2.1 Information You Provide

  • Account Data: When signing in with Google or Microsoft, we receive basic profile information (email, name) to enable form integration.
  • Scanned Documents: Images you scan are sent to our AI service (Google Vertex AI) for text extraction. Documents are deleted from Google's servers as soon as processing is complete. Scanned images remain stored locally on your device so you can review or re-process them.

2.2 Automatically Collected

  • Device Identifier: We collect a persistent device ID (Android ID or iOS Keychain UUID) and basic system version info to manage usage quotas and prevent abuse.
  • Usage Data: We track API call counts (daily and total) to enforce subscription limits.
  • Anonymous Authentication: We use Firebase anonymous sign-in to link your device to a user identifier for quota management.
  • Local Image Storage: Scanned images are stored on your device for review and re-processing. You can delete them at any time from the app.

3. How We Use Your Information

  • Provide and maintain our document scanning service
  • Authenticate with Google Forms and Microsoft Forms
  • Process documents using AI for text extraction
  • Manage subscription limits and usage quotas
  • Improve the app experience

4. AI Document Processing

When you scan a document, the image is sent to Google Firebase Vertex AI for analysis. Key points:

  • Regional Processing: You can choose EU-based servers (europe-west1) for GDPR compliance.
  • No Training: Your documents are NOT used to train AI models.
  • Server-Side Deletion: Images are processed in real-time and deleted from Google's servers as soon as processing is complete. They are not retained after analysis.
  • Local Retention: Scanned images remain on your device for review and re-processing. You can delete them manually at any time.

5. Third-Party Services

We use the following third-party services:

Google Services

  • Firebase Vertex AI: AI-powered document text extraction (Privacy)
  • Firebase Authentication: Anonymous user identification for quota management
  • Cloud Firestore: Secure storage of usage quotas and device data
  • Google Sign-In: OAuth authentication for Google Forms access (Privacy)
  • Google Forms API: Fetching form structure and submitting responses
  • Google Drive API: Accessing restricted forms you own

Microsoft Services

  • Microsoft Forms: Form submission via in-app browser (WebView). We do not use Microsoft APIs directly; authentication is handled through Microsoft's standard web login (Privacy)

WebView Cookies

When you sign in to Google or Microsoft through the in-app browser (WebView), session cookies are stored on your device to maintain your login. These cookies are only used for form access and are cleared when you log out of the respective service within the app.

Payment Services

  • RevenueCat: Subscription management and in-app purchases (Privacy)
  • Apple App Store: Payment processing for iOS (Privacy)
  • Google Play: Payment processing for Android (Privacy)

6. Data Storage & Retention

  • Device Data: Device ID and usage counts stored in Cloud Firestore
  • OAuth Tokens: Stored securely on your device only (not on our servers)
  • Scanned Images: Deleted from Google's servers immediately after AI processing. Stored locally on your device until you choose to delete them.
  • Retention: Usage data retained while your account is active

7. Lawful Basis for Processing (GDPR)

We process your data on the following legal bases under Article 6 GDPR:

  • Contractual Necessity (Art. 6(1)(b)): Processing your scanned documents and managing your subscription is necessary to provide the Paper2Form service you signed up for.
  • Legitimate Interest (Art. 6(1)(f)): Collecting device identifiers and usage counts to prevent abuse and enforce fair usage limits.

8. Your Rights (GDPR)

If you are in the European Union, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Withdraw consent at any time
  • Object to processing

To exercise these rights, contact our data protection contact at the email below.

9. Security

  • All data transmitted via TLS 1.3 encryption
  • OAuth tokens stored in secure device storage (Keychain/Keystore)
  • No server-side document storage
  • Firebase Security Rules protect Firestore data

10. Children's Privacy

Paper2Form is not intended for children under 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or our website.

12. Contact & Data Protection

Questions about this Privacy Policy or your personal data? Contact our data protection contact at paper2form.delivery519@passmail.net