Last updated: 9 February 2025
OnlyScans Privacy Policy
OnlyScans (“OnlyScans,” “we,” “us,” or “our”) operates the web application available at https://onlyscans.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information in connection with your use of the Service. If you use our Android app, please refer to the dedicated Android privacy policy.
1. Data Controller & Contact
OnlyScans is the data controller responsible for the personal data processed through the Service. You can reach us at privacy@onlyscans.app for any privacy-related question, request, or concern.
2. Information We Collect
2.1 Documents and uploads you provide
When you upload images or capture photos to create a PDF, the files are temporarily stored on secure servers to generate the output you requested. We do not inspect or use your documents for any other purpose. Files are cleaned up automatically after approximately 24 hours (or sooner if you delete them or contact us).
2.2 Usage and device data
Our hosting provider automatically collects standard web log data (such as IP address, browser type, operating system, and timestamps) when you access the Service. We rely on this information to troubleshoot issues, defend the Service against abuse, and understand aggregate usage patterns.
2.3 Local storage
The Service stores limited information in your browser’s local storage (for example, your preferred layout view and the number of scans performed in a day) to provide core functionality. This information never leaves your device unless you explicitly delete cookies or reset your browser storage.
2.4 Support communications
If you contact us by email, we collect the information you choose to share so we can respond to your inquiry. We keep these messages only as long as necessary to address your request and maintain business records.
3. How We Use Information
- Provide, maintain, and improve the Service.
- Generate PDFs and deliver the files you request.
- Prevent abuse, secure the Service, and diagnose technical problems.
- Communicate with you about the Service or respond to support requests.
- Comply with applicable laws, regulations, or legal processes.
4. Cookies, Local Storage & Google Ads
We currently use essential browser storage to remember your preferences and enforce daily usage limits. When we integrate Google Ads (including possible use of AdSense or Ad Manager), Google may set cookies or use device identifiers to deliver, personalize, and measure ads. We will display a Consent Management Platform where required by law so you can control whether ads are personalized.
Google uses cookies and similar technologies to serve ads based on your visits to this and other sites. You can manage personalization preferences at Google Ads Settings, learn more at Google’s advertising policies, and opt out of interest-based advertising via the Digital Advertising Alliance or the Network Advertising Initiative.
5. Legal Bases for Processing
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process personal data under the following legal bases:
- Contract necessity — to provide the Service you request, such as generating PDFs from your uploads.
- Legitimate interests — to secure the Service, prevent abuse, and understand basic usage metrics.
- Consent — for non-essential cookies, personalized advertising, or marketing communications (where applicable).
- Legal obligations — to comply with laws, regulations, or enforceable governmental requests.
6. Data Sharing & Disclosure
We do not sell or rent personal information. We may share data only with:
- Service providers that host our infrastructure, send transactional emails, provide content delivery, or protect the Service from abuse. These partners are bound by contractual confidentiality obligations.
- Advertising partners (such as Google) to show ads in the Service once ad placements are enabled, subject to your consent where required.
- Legal requirements when disclosure is necessary to comply with law, court order, or protect the rights, property, or safety of OnlyScans or others.
7. Data Retention
- Uploaded files — automatically cleared after roughly 24 hours unless we are legally required to preserve them longer.
- Generated PDFs — served through short-lived download links and deleted along with the source uploads.
- Server logs — retained for up to 30 days for security and troubleshooting, then automatically deleted or anonymized.
- Support emails — kept only as long as needed to address your request and comply with record-keeping obligations.
8. Your Rights
Depending on where you live, you may have rights to access, correct, delete, or restrict the processing of your personal data. You may also have the right to data portability, to object to certain processing (including personalized advertising), and to withdraw consent at any time. To exercise these rights, contact us at privacy@onlyscans.app. We may need to verify your identity before completing your request.
If you are located in the European Union, you also have the right to lodge a complaint with your local data protection authority. If you reside in California, you can request information about the categories of personal data we collect, delete personal data, or opt out of the “sale” or “sharing” of personal information (we do not sell your data, but you may opt out of personalized ads once available).
9. Data Security
We use industry-standard safeguards, including TLS encryption in transit, strict access controls, and routine cleanup of temporary files to protect your data. No method of transmission or storage is completely secure, but we continually monitor and improve our safeguards to keep your information safe.
10. International Data Transfers
OnlyScans is operated from the United States. By using the Service, you understand that your information may be transferred to and processed in the United States or other countries where our service providers operate. These locations may have privacy laws different from those in your jurisdiction. We rely on appropriate safeguards, such as Standard Contractual Clauses, where required by law.
11. Children’s Privacy
The Service is not directed to children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the revised policy on this page with a new “Last updated” date and, if the changes are material, we will provide additional notice as appropriate.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data, email us at privacy@onlyscans.app. We aim to respond within 30 days.