Privacy Policy
Last Updated: January 19, 2026
1. Overview
DocuFlow is a mobile document management app developed by Hendrik Kaiser, sole proprietor (Einzelunternehmen) based in Weinstadt, Baden-Württemberg, Germany. Core functions such as scanning, local storage, OCR, and document organization are performed locally on your device. Optional AI-powered features are only used after your explicit consent in the app.
2. Data We Collect
We process only data necessary for the app's functionality:
- Camera Permission: Used solely for document scanning. Captured images are processed and stored locally on your device unless you explicitly use an AI feature that sends selected content to a third-party provider.
- Document Content: OCR text, selected document excerpts, and related prompts are processed locally by default. When you use optional AI features, the specific content needed for the request may be transmitted to the selected AI provider.
- AI Configuration: The model, endpoint, and related AI configuration needed to process your request may be transmitted to the selected AI provider when you use AI features.
- No Additional Tracking: We do not use analytics, advertising SDKs, or crash reporting services, and we do not collect unrelated personal data such as contacts, location data, or health data.
- Children: No data from users under 13 (COPPA compliant).
3. How Data is Processed and Used
Scanning, OCR, and document organization work locally on-device. Optional AI features can be used to generate answers, summaries, and document metadata such as title, category, tags, supplier, or amounts.
Premium Backups: User-initiated, encrypted (AES-256-GCM) backups to your chosen cloud provider (Google Drive, OneDrive, WebDAV). We do not access, process, or store these backups.
4. Data Sharing and Third Parties
- Recipients: The AI provider selected by the user, for example OpenAI, Google Gemini, Anthropic Claude, Mistral AI, or a user-configured OpenAI-compatible endpoint.
- Data sent: OCR text, selected document excerpts, user prompts or questions, and the AI configuration needed to process the request, such as the selected model or endpoint.
- Purpose: Document analysis, generation of AI answers, summaries, and metadata such as title, category, tags, supplier, and amounts.
- Legal basis: Your explicit consent under Art. 6(1)(a) GDPR.
- When data is sent: Only after you explicitly consent in the app and actively use the relevant AI feature.
- Provider privacy terms: The applicable privacy policy depends on the provider selected by the user. For user-configured OpenAI-compatible endpoints, the privacy terms are determined by that endpoint provider.
We do not sell your personal data. We also do not operate our own server-side AI processing infrastructure for DocuFlow.
5. Data Security
Local data uses device-encrypted storage and runtime permissions. Backups are encrypted with AES-256-GCM by the app. When you use AI features, data is transmitted directly to the selected provider for processing. Please review the selected provider's privacy policy before use.
6. Data Retention and Deletion
Local documents remain on your device until you delete them or uninstall the app. We do not maintain our own server-side retention for document content. Retention by an external AI provider, if any, is governed by that provider's privacy terms.
7. Your Rights and Compliance
We aim to comply with applicable privacy laws including the GDPR. If you use optional AI features, third-party processing may apply based on your chosen provider and your explicit consent. EU-based developer.
8. Changes to This Policy
Updates posted here with effective date. Continued app use implies acceptance.
9. Contact
For privacy questions: snailberg@kaiser-mail.de
VAT ID: DE458855630