Privacy Policy

Skopi is built around a simple promise: your scans stay on your device. This policy explains exactly what we collect, what we don’t, and the choices you have.

Last updated: May 1, 2026 · Effective: May 1, 2026

Summary

The short version, in plain English:

  • We do not run our own servers. Skopi has no account system. We never see your scans, your history, or the codes you generate.
  • QR & barcode scanning happens on your device. Skopi reads QR codes and 1D/2D retail and shipping barcodes (EAN, UPC, Code 128, ITF-14, PDF417, Data Matrix, Aztec, and more). Camera frames are processed locally by Apple’s Vision framework and discarded immediately.
  • Your scan history is stored only on your iPhone using Apple’s on-device database (SwiftData).
  • Product lookups for retail barcodes (EAN/UPC) query the public Open Food Facts catalog over HTTPS using only the barcode digits — no personal data is sent.
  • We show ads through Google AdMob in the free version. You can disable personalized ads via iOS’s App Tracking Transparency prompt (or upgrade to Skopi Pro to remove ads entirely).
  • Purchases are handled by Apple. We never see your payment details.
No accounts No cloud sync On-device scanning Ads via AdMob (free tier)

1Scope & Operator

This Privacy Policy applies to the Skopi mobile application (the “App”) for iOS, distributed via the Apple App Store, and to the related websites at tanvirnh.github.io/skopi-privacy-policy and tanvirnh.github.io/skopi-support-.

The App is operated by an independent developer (“we”, “us”, “our”), reachable via the button below. For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the operator acts as the data controller for the limited categories of personal data described below.

2Information We Collect

Information processed entirely on your device (we never see it)

  • Camera frames while the scanner is active. Frames are processed in real time by Apple’s Vision framework to detect QR codes and 1D/2D barcodes (QR, EAN-13, EAN-8, UPC-A, UPC-E, Code 128, Code 39, Code 93, PDF417, Aztec, Data Matrix, ITF-14, Interleaved 2 of 5), then discarded. They are never recorded, uploaded, or written to disk.
  • Photos you choose to scan from your photo library. Images are read into memory only long enough to detect a code, then discarded. We do not retain or transmit them.
  • Decoded payloads (the text content of a QR code or barcode — for example a URL, product number, or contact card).
  • Scan history, including timestamps, decoded payload, code type, symbology, and any notes or folder you assign. Stored in Apple’s on-device SwiftData database.
  • QR codes you generate in the Create tab and any associated input you provide.
  • App preferences such as your selected tab, scan mode (Auto/QR/Barcode), batch-scan toggle, and app-lock settings, stored in iOS UserDefaults.
  • Biometric authentication state if you enable App Lock. Face ID is handled entirely by iOS — we never receive or store your biometric data.

Information collected by Apple on our behalf

  • In-app purchase status (whether you own Skopi Pro). Apple confirms entitlement to the App via StoreKit; we receive only a yes/no signal, not your Apple ID, payment method, or transaction details.
  • Crash logs and aggregate App Store analytics, only if you have opted in to share them with developers in your iOS Settings. These are provided to us by Apple in anonymized, aggregated form.

Information collected by Google AdMob (free tier only)

When ads are served, Google’s AdMob SDK may collect, depending on your iOS Tracking permission:

  • An advertising identifier (IDFA, only if you grant tracking permission in the iOS prompt; otherwise a non-personalized identifier)
  • Approximate location derived from IP address
  • Device and OS metadata (model, OS version, language, time zone, screen size)
  • Ad-interaction data (impressions, taps, requests)

This information is collected directly by Google. We do not receive raw event data — only aggregated revenue reports. Google’s practices are governed by the Google Privacy Policy and described in Google AdMob’s data disclosures.

Information we do not collect

  • We do not collect names, email addresses, phone numbers, or account credentials. Skopi has no account system.
  • We do not collect contacts, calendar entries, or messages.
  • We do not transmit your scan history, generated codes, photos, or notes off your device.
  • We do not use precise GPS location.
  • We do not record or store your camera feed.

3How We Use Information

We use the limited information described above only to:

  • Provide the core scanning, generation, and history features of the App on your device.
  • Verify your Skopi Pro entitlement so we can disable ads and unlock Pro features.
  • Serve and measure ads in the free tier (via Google AdMob, as described above).
  • Diagnose crashes and improve stability where Apple has shared anonymized crash reports with us.
  • Comply with legal obligations and protect against fraud or abuse.

We do not use your information for profiling that produces legal or similarly significant effects on you, and we do not sell your personal information.

4Device Permissions

Skopi will ask you for the following iOS permissions. Each is optional — you can decline or revoke any of them in Settings → Skopi at any time, with the consequences noted below.

  • Camera — required to scan QR codes and barcodes. Without it, the scanner tab cannot operate.
  • Photo Library (selected photos only) — optional. Used only when you tap the Gallery button to scan a code from an existing image. We use the modern PHPicker, so we never see images you didn’t pick.
  • Face ID — optional. Used only if you enable App Lock. The biometric check is performed by iOS; we receive only a success/failure result.
  • Tracking (App Tracking Transparency) — optional. If granted, the iOS advertising identifier (IDFA) may be used by Google AdMob to serve more relevant ads. If declined, ads are still shown but are non-personalized.
  • Notifications — not used by Skopi.

5Third-Party Services

Skopi integrates the minimum set of third-party services needed to operate. Each is bound by its own privacy policy.

  • Apple Inc. — App Store distribution, in-app purchases (StoreKit), on-device APIs (Vision, AVFoundation, SwiftData, LocalAuthentication). See the Apple Privacy Policy.
  • Google AdMob (Google Ireland Limited / Google LLC) — ad serving and measurement in the free tier. See the Google Privacy Policy, the AdMob & AdSense data security and privacy page, and the data Google may collect.
  • Open Food Facts — an open, community-run database of consumer products. When you scan an EAN/UPC barcode, Skopi sends the barcode digits to Open Food Facts over HTTPS to retrieve the product name, brand, and image (where available). No personal data, identifiers, or IP-derived profile is sent. See the Open Food Facts Privacy Policy.
  • GitHub Pages — hosts this Privacy Policy and our Support page as static content. GitHub may log your IP address and User-Agent for abuse prevention. See the GitHub General Privacy Statement.

We do not use first-party analytics, attribution SDKs, push services, social-network SDKs, or any other tracking-capable third parties.

6App Tracking & Advertising

Skopi’s free tier is supported by ads served through Google AdMob. We use three ad formats: a small banner on certain screens, an occasional full-screen interstitial after you finish reviewing a scan, and an app-open ad on cold launches. We never show ads on top of the live camera view, and ads are frequency-capped to limit interruptions.

The first time the App needs to show ads, iOS will display the standard App Tracking Transparency prompt asking whether you allow tracking across other companies’ apps and websites:

  • If you allow, AdMob may use your iOS advertising identifier (IDFA) to serve personalized ads and measure performance.
  • If you ask app not to track, AdMob will serve only non-personalized, contextually targeted ads, and will not link ad events to your IDFA. You will still see ads, but they will be less relevant.

You can change this choice at any time in iOS Settings → Privacy & Security → Tracking → Skopi. You can also reset your advertising identifier in Settings → Privacy & Security → Tracking.

EU / UK / Swiss users — consent for personalized ads

For users in the European Economic Area, the United Kingdom, and Switzerland, Google AdMob also operates a Consent Management Platform that asks for additional consent under the EU’s ePrivacy and GDPR rules. If you decline, AdMob will not store or read non-essential information on your device for advertising purposes, and ads will be limited to non-personalized inventory.

Removing ads entirely

You can purchase Skopi Pro as an in-app purchase to remove all ads from the App. With Pro active, the AdMob SDK is not invoked.

7Purchases & Subscriptions

All purchases of Skopi Pro are processed by Apple via StoreKit and are subject to the Apple Media Services Terms. We do not receive your name, billing address, payment instrument, or Apple ID. We receive only an anonymous, App-scoped entitlement signal indicating whether your Apple ID has purchased Pro.

Refund and cancellation requests must be handled through Apple. You can manage subscriptions and request a refund at reportaproblem.apple.com.

9Data Retention

  • On-device data (scan history, generated codes, preferences, app-lock settings) is retained on your iPhone until you delete individual entries, clear all history in Settings, or uninstall the App. Uninstalling removes the local database in full.
  • Apple’s purchase records are retained by Apple in line with their policies and applicable tax/accounting law.
  • Ad serving and measurement data collected by Google AdMob is retained by Google according to their published retention schedules.
  • Support emails sent via the button below are retained for up to 24 months from the last interaction so we can follow up on related issues, and then deleted unless legally required to keep them longer.

10Security

Because Skopi has no account system and we don’t run our own back-end, the surface area for breach is intentionally small. The information that exists locally is protected by iOS data protection (encryption-at-rest tied to your device passcode) and, optionally, by the App Lock feature you can enable in Settings, which gates access to your history with Face ID.

Network requests made by the App (App Store receipt validation, AdMob ad requests) use TLS. No system can be guaranteed to be 100% secure; please use the App Lock feature and your device passcode to protect on-device data.

11International Data Transfers

Apple and Google operate global infrastructure. The limited information they process on our behalf may be transferred to and processed in the United States and other countries. Where personal data is transferred from the EEA, UK, or Switzerland to a third country, the relevant provider relies on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the EU-U.S. Data Privacy Framework, and the UK International Data Transfer Addendum, as detailed in their respective privacy policies.

12Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate personal data.
  • Erase personal data we hold about you (the “right to be forgotten”).
  • Restrict or object to certain processing.
  • Withdraw consent for processing based on consent (such as personalized advertising).
  • Data portability for data you have provided.
  • Lodge a complaint with a supervisory authority — for EEA users, your local Data Protection Authority; for UK users, the Information Commissioner’s Office.

Because the App stores your scan history and generated codes only on your device, you can exercise the access, rectification, erasure, and portability rights for those records directly within the App: long-press an entry to delete it, or use Settings → Clear All History to delete everything at once. Uninstalling Skopi removes all on-device data.

For the limited categories of personal data processed off-device (App Store entitlements, ad-serving data), please contact us using the button below and we will work with Apple and Google to honor your request to the extent it concerns data they process on our behalf.

13California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the rights to know, delete, correct, and limit the use of your personal information, and to opt out of its sale or sharing for cross-context behavioral advertising.

We do not sell personal information for money. We may “share” an advertising identifier with Google AdMob for cross-context behavioral advertising as that term is defined under the CPRA. You can opt out of this sharing in two equivalent ways:

  • In the iOS App Tracking Transparency prompt, tap Ask App Not to Track, or change the setting later in iOS Settings → Privacy & Security → Tracking → Skopi.
  • Purchase Skopi Pro to disable advertising entirely.

We honor Global Privacy Control (GPC) signals to the extent they are technically supported by Apple’s in-app advertising framework. We do not knowingly process the personal information of California residents under 16 for sale or sharing without affirmative authorization.

14Children’s Privacy

Skopi is rated 4+ on the App Store and is suitable for general audiences. The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will delete it.

For users in jurisdictions where parental consent is required for personalized advertising, AdMob is configured to serve ads consistent with applicable family policies in line with the Children’s Online Privacy Protection Act (COPPA) and similar laws.

15Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the App, our practices, or applicable law. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you within the App on next launch. Continued use of Skopi after the effective date of an updated policy means you accept the changes.

16Contact

For privacy questions, requests to exercise your rights, or any feedback about this policy, please reach out using the button below:

We aim to respond within 14 business days, and within the deadlines required by applicable law for verifiable rights requests.

Need help with the App itself rather than privacy? Visit our Support page for FAQs and troubleshooting.