Quick version. This app stores your receipts and warranty info on your device. We don't have servers for any of it. We literally cannot see your receipts, even if you asked us to. The only data that touches our third-party tools (Google Gemini for receipt OCR, Firebase for analytics, RevenueCat for subscriptions) is described below, in plain language. Most of it you can disable in Settings. Optional Cloud Backup (Pro) writes a single archive to your own iCloud or Google Drive account — we have zero access to it. Details in Section 6.
The data controller for the WarrantyVault application is:
Vizaxis Mateusz Olszewski
ul. Dworcowa 22/32
10-437 Olsztyn, Poland
Email: contact@vizaxis.com
WarrantyVault stores all user-created content (products, warranties, receipt photos, settings) on your device by default. Vizaxis does not operate cloud storage or backend servers for your data. Your receipts do not pass through us, and we cannot access what you save. Optional Cloud Backup (Pro feature) writes a backup archive to your own Apple iCloud or Google Drive account; the data lives in your cloud, not on Vizaxis servers. See Section 6 for the full disclosure.
The app uses the following third-party services that process data on our behalf or as independent controllers:
| Service | Data Processed | Purpose | Legal Basis (GDPR) | Retention |
|---|---|---|---|---|
| Google Gemini API Google LLC |
Receipt photo image data, sent over HTTPS for processing. On our paid API plan, Google does not use your data to train AI models. Google may temporarily process the image to generate a response. | AI-powered text extraction from receipt photos (OCR) | Consent: Art. 6(1)(a). You actively choose to use the receipt scanner each time. If you are offline or the AI scanner is unavailable, you can still add receipt details manually; in that case no image data leaves your device. | Google does not retain input data beyond the time needed to generate a response on paid API plans. See Google's Gemini API Terms. |
| Firebase Analytics Google LLC |
Pseudonymous app instance identifier, IP address (used for geolocation and then discarded by Google in the EU), device model, OS version, app usage events (screens viewed, features used), and user properties: subscription status, theme preference, haptics preference, locale, and the app instance identifier. | Understanding how the app is used to improve it | Consent: Art. 6(1)(a). You can opt out in Settings → Privacy Settings. When declined, analytics collection is fully disabled. | 26 months (Google default). Aggregated, non-identifiable reports may be retained longer. |
| Firebase Crashlytics Google LLC |
Installation UUID (pseudonymous device identifier), device model, OS version, crash stack traces, custom diagnostic keys (subscription status, theme preference). | Identifying and fixing app crashes | Consent: Art. 6(1)(a). You can opt out in Settings → Privacy Settings. When declined, crash reporting is fully disabled. | 90 days for crash data. |
| RevenueCat RevenueCat Inc. |
Anonymous app user identifier (generated by RevenueCat, not linked to your identity), purchase tokens from Google Play or Apple App Store, device platform, IP address (used for approximate geolocation). | Managing in-app subscriptions and verifying purchase status | Contract performance: Art. 6(1)(b). Processing is necessary to deliver and validate the features you purchased. | Purchase records retained for the lifetime of the app user ID. See RevenueCat Privacy Policy. |
We do not serve ads and do not integrate any advertising SDKs or tracking networks.
We do not sell, rent, or trade your data. The third-party services listed in Section 2 process data as follows:
We do not share data with any other third parties.
On first launch, the app requests your consent for analytics and crash reporting. You can change your choice at any time in Settings → Privacy Settings. When you decline:
Note: Opting out does not affect data already collected before you changed your preference. To request deletion of previously collected analytics data, contact us.
Cloud Backup is an opt-in feature available on the Pro plan. When you enable it, WarrantyVault writes a single backup archive to your own personal cloud storage on a debounced schedule (after every successful change to your products data, with a brief debounce to coalesce rapid edits). The backup contains: your products database (names, brands, store names, purchase dates, prices, currencies, notification IDs, notes) and your receipt photo files. There is no Vizaxis backend involved.
iOS — Apple iCloud. The backup archive is written to a private container in your iCloud Drive (container identifier iCloud.com.vizaxis.warrantyvault). Apple Inc. is the data controller for the iCloud service; their Privacy Policy applies to data stored there. Apple's processing is independent of Vizaxis; we do not receive any of this data.
Android — Google Drive. The backup archive is written to your Google Drive's app-private folder using the https://www.googleapis.com/auth/drive.appdata OAuth scope. This scope cannot read or write any other file in your Drive, only files this app created in its own private folder, which is hidden from drive.google.com and not visible to you in any other app. Google LLC is the data controller for Google Drive; their Privacy Policy applies. Google Sign-In is required to authorize the scope; the only data WarrantyVault receives from Google during sign-in is an access token for the appdata scope.
Vizaxis access. We have no server-side ability to read, modify, or delete your backup. The Drive scope grants access only to the device that performed the sign-in, and the iCloud container is accessible only via your Apple ID. Receipt photos and product data never traverse Vizaxis infrastructure.
Disabling and deletion. You can turn Cloud Backup off at any time in Settings → Cloud Backup. Disabling stops future uploads. Existing backup files in your cloud account remain in place; you can delete them yourself via your iCloud or Drive UI, or by tapping "Disable and delete cloud copy" within the app.
Legal basis (GDPR). Consent: Art. 6(1)(a). You actively enable the feature; declining or disabling it does not affect any other functionality.
When you use the AI receipt scanner, your receipt photo is sent to Google's Gemini API over an encrypted (HTTPS) connection for text extraction. The extracted data (product name, brand, price, date, store, category) is returned to your device and stored locally. We use a paid Gemini API plan, so Google does not use your input data for AI model training.
If you are offline or the AI scanner is unavailable, you can still add receipt details manually. In that case no image data leaves your device.
On your device: All products, warranties, receipt photos, and settings are stored locally. You can delete individual items within the app at any time. Uninstalling the app permanently deletes all local data.
Cloud Backup (your own iCloud or Drive account): Backup archives remain in your personal cloud account until you delete them yourself, either through your iCloud or Drive UI or by tapping "Disable and delete cloud copy" inside the app. Uninstalling the app does not automatically delete cloud backups; this is intentional, so reinstalling on a new device can restore your data.
Third-party services: Data processed by third-party services is subject to their retention policies as described in Section 2. We do not control third-party retention, but you can contact us to request that we initiate deletion where technically possible.
Your local data is protected by your device's built-in security (device encryption, screen lock, sandboxed app storage). All network communications with third-party services use HTTPS encryption in transit. Cloud Backup data is protected by Apple iCloud's or Google Drive's built-in encryption (in transit and at rest), governed by those providers.
Under the General Data Protection Regulation, you have the right to:
For locally stored data, you exercise these rights directly on your device (edit, delete products, change privacy settings). For data held by third-party processors (Firebase, RevenueCat), contact us at contact@vizaxis.com and we will assist you in exercising your rights.
We will respond to data rights requests within 30 days.
You have the right to lodge a complaint with your local data protection supervisory authority. For Poland:
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa, Poland
uodo.gov.pl
WarrantyVault is not directed at children under 16 (the age of digital consent in Poland under GDPR). We do not knowingly collect personal information from children. If you believe a child under 16 has used the app in a way that resulted in personal data being processed, contact us and we will take steps to delete such data.
Third-party services (Google LLC, RevenueCat Inc.) are based in the United States and may process data outside the European Economic Area. These transfers are governed by:
We may update this Privacy Policy when our data practices change. The updated version will be posted at this URL with a revised effective date. For material changes that affect how your data is processed, we will provide notice through the app. Continued use of the app after changes constitutes acceptance of the revised policy.
For questions about this Privacy Policy or to exercise your data protection rights:
Vizaxis Mateusz Olszewski
Email: contact@vizaxis.com
ul. Dworcowa 22/32, 10-437 Olsztyn, Poland