Get the App
← Back to Home

Privacy Policy

Last updated: March 2026  ·  Version 1.1

Short version: Your document images never leave your device for OCR. AI analysis sends only extracted text (not images) through an encrypted proxy. We don't store your data on any server. We don't have an account — we don't even know who you are.

Jump to section

  1. Introduction
  2. Who This Policy Applies To
  3. Data Stored Locally on Your Device
  4. Data Transmitted Off Your Device
  5. On-Device PII Detection and User Control
  6. The Developer-Controlled Proxy
  7. Third-Party Services
  8. No Analytics or Behavioral Tracking
  9. No Account or Login Required
  10. Device and OS Backups
  11. Data Retention and Deletion
  12. Changes to This Privacy Policy
  13. Contact

1. Introduction

This Privacy Policy describes how SunshineClaimBuddy ("the App") handles your information. The Developer is committed to a privacy-first approach: the App is designed to keep your documents and personal data on your device wherever possible and to transmit only the minimum information necessary for AI-powered features to function.

2. Who This Policy Applies To

This Policy applies to adults (18+), parents, and legal guardians who use the App. The App is not intended for direct use by children, and the Developer does not knowingly collect personal data from anyone under 18.

3. Data Stored Locally on Your Device

The following data is stored entirely on your device and is never transmitted to the Developer or any third party as part of normal App operation:

  • Document images and PDF files you scan or import — stored in the app's protected local file system.
  • Document metadata, OCR-extracted text, AI classification results, compliance flags, approval scores, category suggestions, and submission history — stored in an on-device SQLite database.
  • Your student profile (student first name, scholarship type, grade level, learning areas, and optional parent/guardian first name) — stored in encrypted on-device storage.
  • App settings and preferences — stored in the on-device database.

4. Data Transmitted Off Your Device

The App transmits limited data off-device only when you use AI-powered features:

  • OCR-extracted text (not the original document image or PDF) is sent to a developer-controlled Cloudflare Worker ("the Proxy") when you trigger AI classification, quality checking, approval scoring, category suggestion, or appeal letter generation. The Proxy forwards this text to Google's Gemini API for AI processing, then returns the response. Document images are never sent to any server.
  • Your RevenueCat App User ID (an anonymous identifier generated by the RevenueCat SDK — not linked to your name, email address, or payment details) is included in requests to the Proxy to verify your subscription entitlement before AI processing occurs.

All connections to the Proxy use HTTPS and are authenticated with a short-lived, device-specific HMAC token that expires after five minutes.

5. On-Device PII Detection and User Control

Before any OCR text is transmitted to the Proxy, the App automatically scans the text for sensitive data patterns, including credit card numbers (validated with a Luhn check), Social Security Numbers, bank account numbers, driver's license numbers, and similar identifiers. If sensitive data is detected, the App blocks transmission and requires you to take action — either redacting the sensitive area in the document image, marking the item as reviewed, re-scanning the document, or deleting the item.

You retain full control over what OCR text is ever transmitted.

6. The Developer-Controlled Proxy

The Proxy is a Cloudflare Worker operated by the Developer. Its sole functions are to verify your authentication token, confirm your subscription status via RevenueCat, and forward your OCR text to Google Gemini. The Proxy does not log, store, or retain your OCR text, document content, or personal information beyond the duration of a single request. The Google API key is stored only as a Cloudflare Worker secret — it is never included in the App binary.

7. Third-Party Services

The App integrates with two external services:

  • Google Gemini API (operated by Google LLC) — receives and processes OCR text you submit for AI analysis. Google's handling of this data is governed by the Google API Terms of Service and Google Privacy Policy.
  • RevenueCat (operated by RevenueCat, Inc.) — manages subscription entitlements. RevenueCat may receive subscription identifiers and transaction data from Apple App Store or Google Play. This data is governed by the RevenueCat Privacy Policy.

Beyond these two services, the App does not use any analytics SDKs, advertising networks, crash-reporting tools, or third-party behavioral tracking libraries.

8. No Analytics or Behavioral Tracking

The App does not collect analytics, usage statistics, crash reports, advertising identifiers, or any behavioral tracking data. The Developer has no visibility into how you use the App beyond the subscription entitlement check that occurs when you initiate an AI request.

9. No Account or Login Required

The App does not require you to create an account, provide an email address, or log in with any identity provider. Your identity is not known to the Developer. The RevenueCat App User ID used for subscription verification is an anonymous UUID generated by the RevenueCat SDK on first launch and is not linked to any personal information.

10. Device and OS Backups

Your device's operating system may include local App data in device backups (such as iCloud Backup on iOS or Google Drive Backup on Android). These backups are managed entirely by your device OS and cloud account provider — not by the Developer. The Developer has no access to, and no control over, what is included in OS-level backups. If you do not want your App data included in device backups, adjust your device backup settings or disable backup for this App in your device's system settings.

11. Data Retention and Deletion

Your data is retained on your device until you delete it. You can delete individual items from within the App, which permanently removes the associated image files and all database records from your device. Uninstalling the App removes all locally stored data. Because the Developer does not store your data on any Developer-controlled server, the Developer cannot retrieve, restore, or recover any data after it is deleted or after the App is uninstalled.

12. Changes to This Privacy Policy

The Developer may update this Privacy Policy at any time. When the Policy is updated, the combined legal document version number will be incremented. You will be required to review and re-accept the updated documents before continuing to use the App.

13. Contact

If you have questions about this Privacy Policy or the App's data practices, contact the Developer through the App's store listing page on the Apple App Store or Google Play, or by email at support@sunshineclaimbuddy.com.

Terms of Service →