1. Controller
ExplainThisDoc
Julian Heger
Cumberlandstr. 40
1140 Vienna
Austria
Contact: contact@explainthisdoc.app
2. Overview
- OCR (text extraction) is performed locally on the user's device.
- Image files and PDF documents are not transmitted to our servers.
- Only extracted text is transmitted for analysis.
- No advertising tracking is used. We do not sell personal data.
3. Categories of Data Processed
3.1 Text Content
When a user scans or imports a document, text extraction is performed locally on the device. Only the extracted text is transmitted to our backend and processed by an external AI service provider (OpenAI). No images, camera data, or document files are transmitted to the AI provider.
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
3.2 Technical Usage Data
To operate and secure the service, we process limited technical data such as IP address, a pseudonymous device identifier, request timestamps, usage metrics, and credit/transaction identifiers, for service delivery, fraud prevention, rate limiting, and security.
Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR (legitimate interest in system integrity and abuse prevention)
3.3 In-App Purchases
Credits may be purchased via Apple's App Store. Payment processing is handled by Apple. We do not receive or store payment card information. We receive only transaction-related metadata necessary to credit the user's account. Apple acts as an independent data controller.
Apple Privacy Policy: https://www.apple.com/legal/privacy/
4. Server Location
Our backend infrastructure is hosted within the European Union (Germany).
5. International Data Transfers
When users request text analysis, extracted text may be processed by OpenAI, which may involve processing outside the EEA (including the United States). Transfers are carried out under Article 46 GDPR using Standard Contractual Clauses and additional safeguards as applicable.
OpenAI Privacy Policy: https://openai.com/privacy
6. Data Retention
Technical usage data is retained only as long as necessary for service provision and legal obligations. Locally stored history can be deleted in the app at any time. Purchase transaction records may be retained as required by law and for fraud prevention.
7. No Automated Decision-Making
We do not perform automated decision-making within the meaning of Article 22 GDPR. AI-generated explanations are informational only and do not constitute legal or financial advice.
8. Data Security
We implement appropriate technical and organizational measures (including encrypted transmission and access controls) to protect data.
9. Your Rights (EU/EEA)
You have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. To exercise your rights, contact us using the details above. We may require your in-app device identifier to identify your account.
10. Obligation to Provide Data
The provision of certain data (such as extracted text content and technical usage data) is necessary for the performance of the contract and to provide the service. Without such data, the service cannot be delivered.
11. Legitimate Interests
Where processing is based on Article 6(1)(f) GDPR, our legitimate interests include ensuring system security, preventing abuse, maintaining service integrity, and managing credit accounting. We ensure that such interests do not override the fundamental rights and freedoms of users.
12. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority in the European Union, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
13. Hosting and Infrastructure Providers
Our infrastructure may rely on service providers acting as data processors under Article 28 GDPR. Such providers process data solely on our behalf and under contractual safeguards.
14. Children
The app is not directed to children under 16 years of age. We do not knowingly collect data from children without appropriate consent.
15. Changes
We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version is always available within the app and on our website.