Privacy Policy

Zoreli - Business Card Scanner

Created: June 18th, 2025 | Last updated: June 18th, 2025

This Privacy Policy explains how Zoreli ("we," "us," or "Owner") collects, uses, discloses, and safeguards your personal data when you download, install, or use the Zoreli mobile application (the "App") and related services (the "Service"). By using the App, you consent to the practices described below.

1. Data Controller

The individual developer ("Owner") is responsible for the collection and processing of your personal data under this Policy.

Contact: andrews.dev.studio@gmail.com

2. Information We Collect

Account & Authentication Data

When you register, we collect your email address, authentication provider ID (Google, Apple, Facebook), and—if you sign up by email—a hashed password.

Business-Card Data

When you scan or upload a business-card photo, we collect the image itself and any text fields extracted by our third-party Image Recognition Software providers (e.g., name, company, title, phone, email, etc.).

Enriched Data

If you scan a business card or add a card text manually, we send Image Recognition Software results to AI-powered web-search APIs (including OpenAI's ChatGPT). The additional publicly-available information returned (e.g., linked profiles, company details) is stored in your account.

Usage & Diagnostics

We automatically collect crash reports, app version, device model, and anonymized analytics (like scan counts and feature usage) via Google Firebase to help us improve stability and user experience.

All business-card images and enrichment results are stored on your device via iCloud (or equivalent) under your control.

3. How We Use Your Data

• Account Management: To create, authenticate, and manage your user account.
• Scanning & Image Recognition Software: To process the images you upload and extract contact information.
• AI Enrichment: To perform web-search enrichment of extracted data via third-party AI services.
• Storage: To store your User Content on your personal iCloud (or equivalent) as you direct.
• Analytics & Improvement: To analyze anonymized usage patterns and improve the App's features and performance.
• Legal Compliance: To comply with applicable laws, respond to lawful requests, and protect our rights.

4. Third-Party Services & Data Sharing

Google Firebase (Authentication & Analytics)

We store your account credentials and analytics data in Firebase, which may replicate data across the U.S. and Europe under Google's Standard Contractual Clauses. Data at rest in Firebase is encrypted per Google's encryption-at-rest standards.

Retention: Account data stored until you delete your account; analytics logs kept up to 24 months under Google's policy.

Image Recognition Software Providers

Your business-card images and Image Recognition Software requests are sent to third-party Image Recognition Software services; they may retain those images and logs for up to 30 days.

Retention: Images and Image Recognition Software requests retained by the provider for up to 30 days.

OpenAI (ChatGPT or similar LLMs)

We send Image Recognition Software results to OpenAI's API for data enrichment. You acknowledge that OpenAI may retain API requests (including your business-card data) according to their data-usage and retention policies.

Retention: API requests (including your data) may be retained by OpenAI in accordance with their data-usage and retention policies.

iCloud (User Storage)

All processed images and enriched data are saved to your personal iCloud account under your control and deleted when you delete your data. This data is governed by Apple's iCloud terms.

Retention: Data remains on your iCloud until you delete it, per Apple's policies.

We do not share your personal data with advertisers. We may disclose data only to:

• Comply with legal obligations or lawful requests.
• Protect the rights, safety, or property of users or the Owner.

We do not use your data for advertising and we do not sell or rent your personal information to third parties.

5. International Data Transfers

Some processing by our third-party providers (Firebase, OpenAI) occurs outside your country or the EEA. We rely on Standard Contractual Clauses and other legal safeguards to ensure these transfers comply with applicable data-protection laws. For transfers outside Switzerland/EEA, we use Standard Contractual Clauses or equivalent safeguards as required by law.

6. Data Retention

• Account Data: Retained until you delete your account.
• User Content: Stored in your iCloud until you remove it. We hold no additional copies.
• Image Recognition Software Logs: Retained by Image Recognition Software providers for up to 30 days.
• AI Enrichment Logs: Retained by AI providers per their policies.
• Analytics & Crash Reports: Retained for up to 24 months, then anonymized or deleted.
• We retain records of your consent and any data-access/erasure requests for a period of 2 years from the date the request is fulfilled, to demonstrate compliance.

7. Your Rights

Where applicable (e.g., under GDPR), you have the right to:

• Access the personal data we hold about you.
• Correct or update inaccurate data.
• Request deletion of your personal data.
• Restrict or object to processing based on legitimate interests.
• Receive your data in a structured, machine-readable format.
• Withdraw any consent you've given (without affecting prior processing), such as the checkbox accepted at registration.
• Lodge a complaint with your local data-protection authority.

To exercise any right, please contact andrews.dev.studio@gmail.com. We will respond within the timeframe required by law.

8. Data Processing Agreement (DPA)

If you reside in the EEA or are subject to GDPR, you may request a Data Processing Agreement documenting our obligations under Article 28 GDPR. To obtain a DPA, email andrews.dev.studio@gmail.com.

9. Children's Privacy

The App is intended for users aged 18 or older. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us to request its removal. If you're a parent or guardian and believe we've collected data from a minor, please contact us to delete it.

10. Security Measures

We implement standard security measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS)
• Secure password hashing and storage in Firebase
• Role-based access controls for internal systems
• Regular security assessments and updates

11. Cookies & Analytics

We do not place cookies through the App itself. Analytics data is collected via Firebase without personal identifiers. This helps us monitor app performance and usage trends.

12. Export Compliance

You agree not to export or re-export any portion of the App or its output in violation of applicable export-control laws.

13. Data Breach Notification

If we become aware of a personal data breach affecting your information, we will notify you and any applicable supervisory authority without undue delay, and in any event within 72 hours, in accordance with legal requirements.

14. Changes to This Policy

We may update this Privacy Policy. For material changes, we'll notify you in-app or by email. Your continued use after the effective date signifies acceptance of changes.

15. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal data we collect, use, and share
• The right to request deletion of your personal data
• The right to opt out of the sale of personal data (we do not sell personal data)
• The right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, please contact us at andrews.dev.studio@gmail.com. We will verify your request in accordance with applicable law.

16. Legal Basis for Processing

• Consent – for scanning and AI enrichment.
• Contract Performance – for authentication and account management.
• Legitimate Interests – for analytics and improving the App.

Under both Swiss law and GDPR, our processing is based on your consent, contract performance, and legitimate interests.

17. US Privacy Rights & Legal Basis

In addition to the rights and obligations described above, we comply with applicable U.S. federal and state privacy laws. In the United States, there is no single comprehensive data-protection statute; instead, various sectoral and state laws apply. We process personal data under the following legal bases to the extent required by such laws:

• Consent. Where required (e.g. scanning business cards, AI enrichment), you have expressly opted in via the in-app checkbox.
• Contractual Necessity. Processing is necessary to perform the contract with you—namely, to provide authentication, scanning, enrichment, storage, and related App features.
• Legitimate Interests. We may process your data to improve app stability and security, analyze usage patterns, and develop new features—provided those interests do not override your privacy rights.

Additional U.S. Protections

• COPPA. We do not knowingly collect personal data from children under 13 and the App is not directed to them.
• CCPA/CPRA (California). California residents have specific rights (see Section 15).
• State Privacy Laws. Where other state laws apply (e.g., Virginia CDPA, Colorado CPA), we honor analogous rights such as access, correction, deletion, and objection.

If you believe you are entitled to additional rights under U.S. law not otherwise described here, please contact us at andrews.dev.studio@gmail.com.

18. Jurisdiction & Contact

This Policy is governed by Swiss law (Federal Act on Data Protection). Any disputes regarding data privacy will be subject to the exclusive jurisdiction of the Swiss courts.

For questions or requests regarding this Privacy Policy, please contact:

andrews.dev.studio@gmail.com

Thank you for choosing Zoreli. We're committed to protecting your privacy and giving you control over your data.