Privacy Policy
Effective Date: February 26, 2026 | Last Updated: February 26, 2026
ScanGo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, we collect your email address and password (securely hashed).
- Shift and Delivery Data: Start/end times, delivery counts, earnings, tips, expenses, and mileage you enter.
- Address Information: Delivery addresses you scan or enter (see Section 3 for how we handle this data).
- Payment Records: Manual payment entries you create to track employer payments.
- Settings and Preferences: Your app preferences including theme, language, notification settings, and receipt parser configurations.
1.2 Information Collected Automatically
- Device Information: Device model, operating system version, and app version for crash reporting and compatibility.
- Usage Analytics: Anonymous usage patterns (e.g., which features are used) to improve the app. No personally identifiable information is included.
- Crash Reports: Technical crash data to help us fix bugs (via Firebase Crashlytics).
1.3 Optional Information (Opt-In Only)
- OCR Feedback: If you enable "Help improve receipt scanning" in Settings, we collect anonymized corrections you make to scanned receipts. This helps us improve our parsing accuracy. No personal data is included.
- Receipt Images: If you enable "Include receipt images" in addition to OCR feedback, cropped receipt photos may be uploaded for visual debugging. Images are stored securely and deleted after analysis.
2. How We Use Your Information
We use your information to:
- Provide Core Functionality: Track your shifts, deliveries, earnings, and generate reports.
- Sync Across Devices: If you have a CLOUD+ subscription, sync your data securely across multiple devices.
- Generate Tax Reports: Create HMRC-compatible self-assessment data exports.
- Improve the App: Analyze anonymous usage patterns and crash reports to fix bugs and add features.
- Improve Receipt Scanning: Use anonymized OCR feedback (if opted in) to enhance parsing accuracy.
3. Data Storage and Security
3.1 Local Storage
All your data is stored locally on your device using encrypted Room database storage. Even without an internet connection, you can use all core app features.
3.2 Cloud Storage (Authenticated Users)
When you sign in and enable cloud sync:
- Data Encryption: Sensitive data (addresses, personal information) is encrypted using AES-256 encryption before upload.
- Firebase Services: We use Google Firebase for authentication, cloud storage (Firestore), file storage, analytics, and crash reporting.
- Access Control: Your cloud data is protected by Firebase Security Rules that ensure only you can access your data.
3.3 Address Data Handling (GDPR Compliance)
- FREE Tier: Only postcode area (e.g., "SW1") is synced to the cloud—no full addresses.
- PRO/CLOUD+ Tier: Full encrypted addresses are synced with a 30-day retention policy.
- Auto-Redaction: After 30 days, full addresses are automatically deleted from the cloud. Only the postcode area is retained for analytics purposes.
4. Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Authentication | User sign-in | Email address |
| Firebase Firestore | Cloud data sync | Encrypted shift/delivery data |
| Firebase Storage | Receipt images (opt-in) | Cropped receipt photos |
| Firebase Analytics | Anonymous usage stats | Non-identifiable usage events |
| Firebase Crashlytics | Crash reporting | Device info, crash traces |
| Google Play Billing | Subscription management | Purchase tokens |
All third-party services are GDPR-compliant. For details, see Google's Privacy Policy.
5. Your Rights
Under GDPR and other applicable privacy laws, you have the right to:
5.1 Access Your Data
Export your data at any time using the CSV export feature in Settings → Tax Returns.
5.2 Correct Your Data
Edit any shift, delivery, or payment record directly in the app.
5.3 Delete Your Data
- Delete Individual Records: Remove any shift, delivery, or payment from the app.
- Delete Your Account: Go to Settings → Delete My Account to permanently delete all your data from both the app and our cloud servers. This action cannot be undone.
5.4 Data Portability
Export your complete data history as CSV files for use in other applications.
5.5 Withdraw Consent
- OCR Feedback: Disable at any time in Settings → Privacy.
- Cloud Sync: Sign out to stop cloud synchronization.
- Analytics: We collect only anonymous, non-identifiable usage data.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Local app data | Until you delete or uninstall |
| Cloud-synced data | Until you delete or request deletion |
| Full addresses (cloud) | 30 days, then auto-redacted |
| OCR feedback | Until analysis complete, then deleted |
| Receipt images (opt-in) | Until analysis complete, then deleted |
| Crash reports | 90 days |
7. Children's Privacy
ScanGo is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.
8. International Data Transfers
Your data may be processed on servers located outside your country of residence (including the United States and European Union). Firebase uses data centers worldwide with appropriate safeguards including Standard Contractual Clauses for EU data transfers.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Displaying an in-app notification for significant changes
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Email: [email protected]
Website: https://scango.live
11. Legal Basis for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Shift and delivery tracking | Contract performance |
| Cloud sync | Contract performance + Consent |
| Analytics and crash reporting | Legitimate interest |
| OCR feedback collection | Consent (opt-in) |
| Receipt image upload | Consent (opt-in) |
This privacy policy was last updated on February 26, 2026.