Privacy Policy

This Privacy Policy describes how Smart&Business collects, uses and protects the personal data of Quick Contact users.

1. Data Controller

2. Data Collected and Purposes

Business card images
Photos are processed locally on device. If needed, Google Cloud Vision API is called for OCR text extraction. Images are not stored on any server beyond the time needed for processing.

Extracted contact data
Fields extracted from business cards are saved, exclusively on the user's explicit request, to Google Contacts via the Google People API.

Google credentials (OAuth 2.0)
Quick Contact requests the following OAuth scopes:

• contacts.readonly — to read and display the user's existing Google Contacts within the app
• contacts — to create, update, or delete Google Contacts on explicit user action only

These scopes are used exclusively for the features described above. Google Contacts data is never processed, stored, or transmitted beyond what is necessary to fulfill these functions.

OAuth access tokens are stored securely in the device's SecureStore (iOS Keychain / Android Keystore) and are never transmitted to third parties. Tokens are deleted from the device when the user disconnects their Google account within the app.

Purchase data
Payments are managed by RevenueCat, Google Play and App Store. We do not collect credit card data.

Usage data
We do not collect usage statistics, location data, biometric data, cookies or advertising tracking technologies.

Anonymous ML training contribution (optional)
If you have enabled the "Train recognition" feature in Settings (active by default), the app may send anonymous field classification data to our Cloudflare Worker to improve the automatic recognition model. No personal data is transmitted: only abstract field type labels (e.g. "name", "email", "phone") and linguistic features derived from scanned text. No images, actual contact content, or personally identifiable information is ever sent. Aggregate monthly counters are stored server-side solely to measure participation; no individual user data is retained. You can opt out at any time in Settings → Contribute.

3. Legal Basis for Processing

• Contract performance (Art. 6(1)(b) GDPR)
• Consent (Art. 6(1)(a) GDPR)
• Legitimate interest (Art. 6(1)(f) GDPR)

4. Data Sharing with Third Parties

• Google Cloud Vision API — OCR processing
• Google People API / Contacts — contact storage
• RevenueCat — subscription management
• Cloudflare Workers — secure API proxy
• HubSpot — optional, user-initiated
• Pipedrive — optional, user-initiated

We never sell or transfer personal data to third parties for commercial purposes.

5. International Transfers

Some third parties (Google, Cloudflare, RevenueCat) operate in the USA. Transfers are governed by Standard Contractual Clauses approved by the European Commission.

6a. Data Retention

• OCR images are not retained on servers after processing
• OAuth tokens are deleted when the account is disconnected
• Local data remains on the device until the App is uninstalled

6b. Google Data Retention & Deletion

Quick Contact does not store Google Contacts data on its servers. All Google user data remains on the user's device and within their own Google account.

• OAuth tokens are deleted from the device when the user disconnects their Google account in app settings
• Contact data saved to Google Contacts can be deleted at any time directly from the app or from Google Contacts
• To request disconnection or raise any data concern, contact us — we respond within 30 days

7. User Rights (GDPR)

You have the right to access, rectify, erase, restrict, port and object to the processing of your data. To exercise these rights write an email. We will respond within 30 days.

8. Security

We implement appropriate technical and organizational measures: HTTPS transmission, SecureStore for tokens, API access via Cloudflare proxy.

9. Children

The App is not intended for users under 13. We do not knowingly collect data from minors.

10. Changes to This Policy

We reserve the right to update this Policy. Material changes will be communicated via in-app notification.