OmniScan Privacy Policy

Last Updated: May 14, 2026
Effective Date: May 14, 2026

This Privacy Policy is established by the operator of OmniScan (hereinafter referred to as "we", "us", or "our") and applies to our mobile application OmniScan (hereinafter referred to as "this App") and its related services. We highly value your privacy and the security of your personal information. Please read this policy carefully before using this App. This policy, together with the User Service Agreement, constitutes a legal agreement between you and us. We will update this policy when necessary and announce it via in-app notices.

Article 1: Scope of Application

This policy applies to all activities involving the collection or processing of personal information through this App and its related online services, covering the entire lifecycle of personal data processing on mobile terminals and related backend services. It also includes all operations related to personal information collection, processing, storage, and sharing within all AI features of this App. If there is any inconsistency between this policy and other supplementary terms, the description of the relevant detail in this policy shall prevail.

Article 2: Personal Information We Collect

We adhere to the principles of minimal necessity and purpose limitation, collecting only essential information to provide the functions of this App, and do not collect personal data unrelated to the services.

(1) Scanned/Recognized Images
When you use the QR code/barcode scanning or object recognition feature, we will call your camera permission to obtain the images you capture. Images are processed in two ways:

Online Recognition Mode: The image will be encrypted and uploaded to our servers or third-party AI service providers (see "Third-party SDKs" section) for real-time recognition. After recognition is complete, the image will be immediately deleted from the server, retained for no more than 24 hours, and used solely for providing that recognition service, not for any other purpose.
Offline Recognition Mode: You can download the offline recognition model package within the App. When offline mode is enabled, images are processed entirely locally on your iOS device and are not uploaded to any server. The offline model package may update automatically in the background (only via WiFi) to improve recognition accuracy.

(2) Scan History Records
After each scan or recognition, we will save the following information by default only in your device's local database: the raw content of the scanned QR code/barcode, a summary of the recognition result (e.g., product name, plant name), and the recognition mode (online/offline).
You can view, delete single entries, batch delete, or clear all records at any time on the "History" page within the App.

(3) Device and Permission Information

1. Camera Permission: Used only for QR code/barcode scanning and AI image recognition. We do not capture or store unrelated photos/videos.
2. Photo Library/Storage Permission: Used only to import images from your photo library for scanning/recognition. We do not read or upload your other private files.
3. Device Information: Device model, system version, unique device identifier (used only for service stability and troubleshooting).
4. Network Information: Network status, carrier information (used only to ensure service connectivity).

(4) Crash Logs and Performance Data
When the App crashes, freezes, or encounters errors, we may collect anonymous crash logs (including stack traces, device memory status, network environment, etc.). We use third-party tools (e.g., Firebase Crashlytics) to collect this information to fix issues and improve stability. You can disable crash log collection by turning off "Share iPhone Analytics" in iOS Settings > Privacy > Analytics & Improvements.

Article 3: Purpose of Data Usage

We use data in accordance with the principles of necessity, minimization, and transparency:

Service Provision: Used for core functions such as QR code/barcode scanning and parsing, AI image recognition, product information lookup, AI recognition agent interpretation, popular product archive queries, and AI personalized analysis.
Product Improvement: Diagnostic logs and anonymous behavioral data are used to fix faults, optimize AI algorithms, and improve recognition and response accuracy.
Before transmitting data to third-party AI services, we will notify you via pop-up about the recipient, purpose, transmission method, and risks, and obtain your explicit consent.
Security and Compliance: Used to prevent malicious attacks, service abuse, and improper operations, and to fulfill compliance obligations required by laws, regulations, regulators, and judicial authorities.

5. Data Sharing Description for Third-party AI Services
To provide you with the following features, this App calls the API interfaces of third-party AI services. The specific details are as follows:

Feature	Recipient	Type of Data Sent	Data Protection
General object and scene recognition, voice content recognition	Volcano Engine Large Model	Images – images captured by camera or selected from album (JPG/JPEG/PNG/BMP/PDF), voice	Encrypted transmission (HTTPS); signature authentication (HMAC-SHA256); sensitive data protection policy (can block leaks such as ID numbers); Volcano Engine will not provide direct access to third parties
Provide QR code recognition, text recognition, etc.	Volcano Engine Large Model	Text, images – images captured by camera or selected from album (JPG/JPEG/PNG/BMP/PDF); text information within the image content	Encrypted transmission (HTTPS); signature authentication (HMAC-SHA256); sensitive data protection policy (can block leaks such as ID numbers); Volcano Engine will not provide direct access to third parties

【Important Notice】
The above third-party AI services are provided by independent service providers, and their data processing activities are governed by their own privacy policies.
We only send the corresponding data to third parties when you actively use the above features. Without your explicit permission, we will not send any data in advance or in the background.
The first time you use the above features, we will explain the data transmission situation via a pop-up and seek your consent. You have the right to refuse; refusing will only disable the corresponding feature and will not affect other functions.
We will not collect or use sensitive permission data for purposes unrelated to the core functionality of the App, nor will we require you to grant a certain permission as a prerequisite for using core services.

Article 4: Permission Description and Minimization Principle

1. Before applying for sensitive permissions, we will explain their purpose and necessity, and will not enable them by default or force authorization.
2. We collect only the minimum data necessary to achieve core functionality; non-essential permissions are optional, and you can turn them off at any time in the system settings.
3. If alternative solutions exist, we will provide them to ensure basic functionality is available.
4. All device permissions related to AI features (camera, photo library, storage) are not enabled by default in this App. They are only used after your explicit authorization when you use specific AI features:
- Camera permission: used only for scanning and AI image recognition capture;
- Photo library permission: used only to import images for scanning/recognition and to save AI-generated content;
- Storage permission: used only to locally save recognition records and AI-generated content.
Refusing any AI-related permission will only disable the corresponding AI feature and will not affect the normal use of other functions of this App.

Article 5: User Consent and Withdrawal

1. Explicit Consent: Before collecting or accessing sensitive information (camera, photo library, uploading samples), we obtain your explicit consent through an independent pop-up or authorization page, without using default checkboxes or forced authorization.
2. Separate Consent: For transmitting identifiable personal information related to AI features to third-party AI service providers, we will obtain separate authorization from you and clearly disclose the relevant information and risks.
3. Withdrawal of Consent: You can withdraw camera, photo library, and other permissions at any time in the device system settings. After withdrawal, the related optional functions will stop, but the legality of data processed based on prior lawful consent will not be affected.
4. Service Independence: App functions will not be conditioned on your granting specific data access permissions.

Article 6: Data Retention, Export, and Deletion

1. Local First: By default, raw data such as scan records, AI recognition results, and AI conversation content are saved locally on your device to minimize cloud storage.
2. Retention Rules
Images, text, and other materials you upload to use AI features are retained only for the necessary service period; after the service is completed, the system automatically deletes them and does not retain them.
AI-generated records and scan recognition records are displayed on the client. You can manually delete them; after deletion, we will synchronously clear the corresponding data on the server.
Data that laws and regulations require to be retained will be kept according to statutory requirements.
3. Data Export and Deletion: You can submit requests for data access, export, or deletion through customer service channels. We will respond within 15 working days after verifying your identity. After accepting a deletion request, we will make reasonable efforts to remove personally identifiable data from servers and backups within 90 days (except where legal retention obligations apply). Anonymized/aggregated data may be retained for statistical and service optimization purposes.

Article 7: Third-party Sharing, Disclosure, and Compliance Requirements

1. We share your data only in the following circumstances (and in accordance with the minimization principle):
- a. Necessary to provide services to you (e.g., third-party SDKs, AI service providers);
- b. Scenarios where you have explicitly authorized;
- c. Required by law, regulatory authorities, or judicial authorities;
- d. Necessary to protect our or others' legitimate rights and interests (e.g., security investigations, litigation).
2. We will list all third-party entities that access user data, along with their purposes, in this privacy policy and within the App (see Appendix 1 for the list of third-party SDKs/service providers).
3. Unless required by law or explicitly authorized by you, we will not use user data for advertising, marketing, or sell it to third-party data brokers. All personal information related to AI features is stored only on our compliant servers and is not shared with any third party (except as required by laws/regulations or with your explicit authorization).
4. We sign data processing agreements (DPA) with third parties that access user data, requiring them to adopt equivalent protective measures and use the data only for agreed purposes. Stricter information protection requirements are imposed on third parties that access AI-related data.

Article 8: Third-party AI Services

All personal information collection, storage, processing, use, and other data activities in this App are completed within the territory of the People's Republic of China.
Some AI services in this App may embed third-party AI SDKs, with technical support provided by third parties. These third-party AI service providers are compliant entities within China, and their information processing activities are strictly limited to within China. They have independent privacy policies, and their information processing rules are not governed by this policy. Before using third-party AI-related services, you should carefully read their privacy policies. If you discover information security risks, we recommend that you immediately terminate the operation.

Article 9: Tracking and App Tracking Transparency (ATT)

If this App needs to perform cross-app/cross-website identification or share identifiers or behavioral data with third parties for advertising purposes, we will request user authorization through the system-level ATT framework; without authorization, we will not engage in such tracking. We will not force you to use core functions by enabling tracking or other permissions as a condition.

Article 10: Minor Privacy

This App does not actively provide services to individuals under 18 years of age. For the collection and use of personal information of minors, we will obtain the consent of their guardians and comply with applicable laws and regulations. If we discover that we have collected personal information of a minor without guardian consent, we will immediately delete or stop using it.

Article 11: Service Accuracy and Risk Warning

This App provides services based on AI algorithms, image recognition, and public data sources. Detection and recognition results are affected by device performance, ambient lighting, image quality, database coverage, and algorithmic capabilities. We will clearly indicate the instructions for use, applicable scenarios, and possible margins of error on the function interface.
The output content of features such as AI recognition agent and AI personalized analysis in this App is generated based on artificial intelligence models, which have inherent errors and uncertainties. The relevant information is for daily reference only and does not constitute professional advice. We will clearly indicate this risk and usage restrictions on the AI function interface.

Article 12: Data Security Assurance Measures

We adopt reasonable technical and management measures to protect data security, including but not limited to:

1. Use of TLS/HTTPS encryption for transmission;
2. Industry-standard encryption for storage;
3. Strict access control and permission management, granting access to production environment data only to authorized personnel;
4. Log audits, penetration testing, and regular security assessments;
5. In case of a major security incident, timely notification to users and regulatory authorities as required by law and platform policies, and implementation of remedial measures;
6. Establishment of specialized security protection mechanisms for AI-related data to prevent information leakage, tampering, or loss;

Article 13: User Rights and How to Exercise Them

You have the right to exercise the following rights to the extent permitted by law: access, rectification, deletion, withdrawal of consent, restriction or objection to processing, and data portability.
We will process your request within a reasonable time after verifying your identity (typically responding within 15 working days). For data already transferred to third parties, we will make reasonable efforts to have the third party delete it and obtain confirmation (except where the third party is legally required to retain it).
You can manually manage AI-generated records and uploaded AI material content through the product's feature settings, and choose to delete relevant information. After the deletion operation is completed, we will synchronously clear the corresponding data on the server side according to the rules. You also have the right to request that we provide records related to your use of AI functions and data processing; we will provide them promptly after identity verification.

Article 14: Dispute Resolution

1. The formation, validity, interpretation, and performance of this agreement shall be governed by the laws of the People's Republic of China.
2. Any disputes arising from or in connection with this agreement shall first be resolved through friendly negotiation. If negotiation fails, either party may submit the dispute to the Guangzhou Arbitration Commission for arbitration, with the arbitration place in Guangzhou. The arbitration award shall be final and binding on both parties.

Article 15: Updates and Contact Information

We may revise this policy from time to time based on business needs, legal requirements, or platform policies. The revised policy will take effect upon publication; your continued use of this App will be deemed as your acceptance of the revised content. Please check this policy regularly for updates.
If you have any questions about this policy or data protection matters, or need to exercise your rights, please contact us via the following methods. We will respond within 15 working days:
Customer Service Email: iscanner@yeah.net

Appendix 1: List of Third-party SDKs

Name	Developer	Purpose	Data Types	Privacy Policy
Doubao Large Model	ByteDance	Online image recognition (plants, products, cars, etc.)	User-uploaded images (temporary, deleted immediately after recognition)	https://www.volcengine.com/product/doubao
Bugly	Shenzhen Tencent Computer Systems Co., Ltd.	App quality monitoring (crash analysis, performance monitoring)	Log information (stack traces), device information (ID, network info, system name and version)	https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56
Sensors Data	Sensors Data (Beijing) Co., Ltd.	Data analytics and user behavior analysis (event tracking, full tracking, etc.)	User behavior events, device information, etc. (configured by the developer)	https://www.sensorsdata.cn/compliance/privacy.html

* The above third-party SDKs may be updated based on business adjustments; we will announce changes in the App or in this policy in a timely manner.