Privacy Policy

ExplainThisDoc - Last updated: February 2026

1. Controller

ExplainThisDoc
Julian Heger
Cumberlandstr. 40
1140 Vienna
Austria
Contact: contact@explainthisdoc.app

2. Overview

  • OCR (text extraction) is performed locally on the user's device.
  • Image files and PDF documents are not transmitted to our servers.
  • Only extracted text is transmitted for analysis.
  • No advertising tracking is used. We do not sell personal data.

3. Categories of Data Processed

3.1 Text Content

When a user scans or imports a document, text extraction is performed locally on the device. Only the extracted text is transmitted to our backend and processed by an external AI service provider (OpenAI). No images, camera data, or document files are transmitted to the AI provider.

Legal basis: Article 6(1)(b) GDPR (performance of a contract)

3.2 Technical Usage Data

To operate and secure the service, we process limited technical data such as IP address, a pseudonymous device identifier, request timestamps, usage metrics, and credit/transaction identifiers, for service delivery, fraud prevention, rate limiting, and security.

Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR (legitimate interest in system integrity and abuse prevention)

3.3 In-App Purchases

Credits may be purchased via Apple's App Store. Payment processing is handled by Apple. We do not receive or store payment card information. We receive only transaction-related metadata necessary to credit the user's account. Apple acts as an independent data controller.

Apple Privacy Policy: https://www.apple.com/legal/privacy/

4. Server Location

Our backend infrastructure is hosted within the European Union (Germany).

5. International Data Transfers

When users request text analysis, extracted text may be processed by OpenAI, which may involve processing outside the EEA (including the United States). Transfers are carried out under Article 46 GDPR using Standard Contractual Clauses and additional safeguards as applicable.

OpenAI Privacy Policy: https://openai.com/privacy

6. Data Retention

Technical usage data is retained only as long as necessary for service provision and legal obligations. Locally stored history can be deleted in the app at any time. Purchase transaction records may be retained as required by law and for fraud prevention.

7. No Automated Decision-Making

We do not perform automated decision-making within the meaning of Article 22 GDPR. AI-generated explanations are informational only and do not constitute legal or financial advice.

8. Data Security

We implement appropriate technical and organizational measures (including encrypted transmission and access controls) to protect data.

9. Your Rights (EU/EEA)

You have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. To exercise your rights, contact us using the details above. We may require your in-app device identifier to identify your account.

10. Obligation to Provide Data

The provision of certain data (such as extracted text content and technical usage data) is necessary for the performance of the contract and to provide the service. Without such data, the service cannot be delivered.

11. Legitimate Interests

Where processing is based on Article 6(1)(f) GDPR, our legitimate interests include ensuring system security, preventing abuse, maintaining service integrity, and managing credit accounting. We ensure that such interests do not override the fundamental rights and freedoms of users.

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the European Union, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

13. Hosting and Infrastructure Providers

Our infrastructure may rely on service providers acting as data processors under Article 28 GDPR. Such providers process data solely on our behalf and under contractual safeguards.

14. Children

The app is not directed to children under 16 years of age. We do not knowingly collect data from children without appropriate consent.

15. Changes

We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version is always available within the app and on our website.