Privacy Policy — BriefAI: Letter Scanner Guide
Last updated: 19 May 2026
Provider: Adem Cilgin, an individual developer ("we", "us", "our").
This Privacy Policy explains how we collect, use, store, and share information when you use the mobile application BriefAI: Letter Scanner Guide (the "App") and related services (together, the "Services").
If you are in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, the GDPR and local adaptations apply to you as described in the sections on legal bases and your rights.
1. Summary
- BriefAI helps you read and understand letters, notices, forms, and other documents using on-device capture and AI-assisted explanations, summaries, and drafting tools.
- The App is an explanation, translation, and guidance tool only. It does not provide legal, financial, immigration, tax, medical, governmental, or other professional or official advice. See Section 11.
- Document images and extracted text you submit are sent to our backend proxy (a Cloudflare Worker) and then to OpenAI for processing, only to provide the feature you requested.
- Your letters, drafts, translations, and scan images are stored primarily on your device. We do not operate a user-account database for your document content.
- We use Firebase Analytics for product analytics and RevenueCat for subscriptions; Apple (and Google on Android) process payment data for in-app purchases.
- This Policy should be read together with our Terms of Use.
This summary does not replace the full Policy below.
2. Scope and roles
- You are the person using the App.
- We are the provider of the App and the operator of the infrastructure that connects the App to AI and subscription services.
- Processors / subprocessors (e.g., OpenAI, Cloudflare, Google, RevenueCat) process data on our instructions, or under their own terms where they act as independent controllers (e.g., payment platforms).
If you install the App from the Apple App Store or Google Play, the platform may process certain data as an independent controller (e.g., installation and billing).
3. Categories of personal data
Depending on how you use the App, we may process:
3.1 Content you provide (sensitivity may be high)
- Photos and images of letters, forms, or other documents captured with the camera or imported from your photo library.
- Text extracted, entered, or generated in the App (e.g., transcribed document text, summaries, explanations, drafted replies, translations).
Important: Official correspondence can include special categories of personal data under Article 9 GDPR (e.g., health, trade-union membership, biometric or sexual-life data, or data inferred from court or immigration letters). Do not upload documents you are not entitled to process, and consider redacting highly sensitive third-party data where possible. You submit such content voluntarily to obtain the requested feature.
3.2 Local profile fields (optional)
The App may let you store a name and email address locally on your device for convenience (e.g., to pre-fill draft letters or contact support). Unless you send them to us (e.g., by email), our backend does not receive them.
3.3 Subscription and entitlement data
- Purchase state, product identifiers, renewal information, and related identifiers are processed by Apple / Google and RevenueCat to validate subscriptions and unlock premium features.
- On iOS, the App may enable Apple Search Ads attribution via RevenueCat (
AdServices) where configured — limited device/advertising-related signals as described by Apple.
3.4 Diagnostics, analytics, and technical metadata
- Firebase Analytics events (e.g., onboarding completed, paywall viewed, feature used). Events may include non-content labels (e.g., high-level feature names). We instruct against placing full document text into analytics payloads.
- Crash logs, performance data, and device information collected by Apple/Google SDKs where enabled.
- IP address, timestamps, and request metadata processed by Cloudflare and OpenAI when you use AI features (standard server logs as defined by those providers).
3.5 Usage statistics (local)
The App may store approximate usage statistics on your device for transparency and debugging. This stays local unless you explicitly export or send it.
4. Purposes and legal bases (EEA / UK)
| Purpose | Typical legal basis |
|---|---|
| Provide AI analysis, explanation, translation, and reply/appeal drafts | Art. 6(1)(b) GDPR — performance of a contract / pre-contract steps at your request |
| Operate paywalls and verify premium access | Art. 6(1)(b) GDPR |
| Product analytics, fraud/abuse prevention, security | Art. 6(1)(f) GDPR — legitimate interests; or consent (Art. 6(1)(a)) where required for optional tracking |
| Comply with tax and accounting obligations for purchases | Art. 6(1)(c) GDPR |
| Special-category data contained in documents you upload | Art. 9(2)(a) GDPR — your explicit consent given when you voluntarily submit such content to obtain the service; please minimize uploads |
Where consent is the basis, you may withdraw it at any time without affecting prior processing; withdrawal may limit some features.
5. How AI processing works (transparency)
1. You capture or select an image of a document; you may crop or adjust it on your device. 2. The App sends the image and limited country/language context to our Cloudflare Worker endpoint. 3. The Worker forwards the content to OpenAI models that perform the analysis, translation, or drafting. 4. Results are returned to the App and stored locally in your letter library.
AI limitations. AI outputs are generated automatically and may be inaccurate, incomplete, or outdated. Any risk labels, deadlines, priorities, or suggested actions shown in the App are assistive only and are not binding determinations. You remain responsible for verifying important information against the original document and official sources, and for any decision or action you take. See our Terms of Use for the full disclaimer.
Training: Document content routed through our backend is sent to OpenAI to generate your result and is handled under OpenAI's applicable API data-usage terms; we do not use your document content to train our own models.
6. Recipients and subprocessors
We engage service providers that process data on our behalf or provide components of the Services, including:
- OpenAI — AI inference. Privacy:
https://openai.com/policies/privacy-policy - Cloudflare — edge hosting, security, and Worker execution. Privacy:
https://www.cloudflare.com/privacypolicy/ - RevenueCat — subscription status, entitlements, and customer identifiers used for purchases. Privacy:
https://www.revenuecat.com/privacy - Google Firebase / Google Analytics for Firebase — analytics. Privacy:
https://policies.google.com/privacy - Apple (App Store, StoreKit, related services) — distribution and payments. Privacy:
https://www.apple.com/legal/privacy/ - Google (Google Play) — distribution and payments on Android. Privacy:
https://policies.google.com/privacy
International transfers: Providers may process data in the United States and other countries. Where required, we and our providers rely on Standard Contractual Clauses or other lawful transfer mechanisms.
7. Retention
- On-device document data persists until you delete it in the App or uninstall the App.
- Server logs at Cloudflare and OpenAI are retained according to their policies and our configuration. Our Worker is designed to minimize logging and avoids logging document content.
- Analytics retention follows Google Firebase settings.
- Billing records follow Apple / Google and RevenueCat retention rules.
8. Security
We apply reasonable technical and organizational measures appropriate to the risk, including:
- Transport encryption (TLS) between the App and our backend.
- Bearer-token authentication for our Worker endpoints.
- No OpenAI API key in the client app — a server-side proxy pattern keeps the key off the device.
No method of transmission or storage is 100% secure. Keep your device updated and protected.
9. Your rights
Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, object to, and obtain portability of your personal data (GDPR Arts. 15–20), to withdraw consent, and to lodge a complaint with a supervisory authority.
If you are a California resident, you may have rights under the CCPA/CPRA, including to know, delete, and correct personal information, and to opt out of "sale" or "sharing." We do not sell your personal information.
To exercise your rights, contact appthego@gmail.com. Some requests (e.g., purchase-history deletion) must be directed to Apple or Google as the payment platforms. Because most document content is stored only on your device, you can also delete it directly in the App.
10. Children
The Services are not directed to children under 16 (or the minimum age required in your country). If you believe a child provided personal data, contact us and we will take appropriate steps.
11. Not professional or official advice
BriefAI is a translation, explanation, and guidance tool. It does not provide legal, financial, immigration, tax, medical, governmental, or other professional or official advice, and it is not a substitute for a qualified professional or an official authority. Using the App creates no attorney–client or other professional relationship. For important matters, consult a qualified professional or the relevant official authority. See our Terms of Use.
12. Apple App Store and Google Play disclosures
- Our Privacy Policy URL in App Store Connect and Google Play Console matches the published version of this document.
- Privacy "nutrition" labels / Data safety entries must accurately reflect data collection; we update them when SDKs or practices change.
- Permission strings (
NSCameraUsageDescription,NSPhotoLibraryUsageDescription, etc.) match the App's actual behavior.
13. Marketing and tracking
We do not sell your personal data. If we use advertising or cross-app tracking subject to Apple's App Tracking Transparency, we will request consent where required and update this Policy.
14. Changes
We may update this Policy. We will post a new "Last updated" date and, where required, provide additional notice (e.g., an in-app message).
15. Contact
Adem Cilgin — individual developer Email: appthego@gmail.com
End of Privacy Policy (English).