Privacy Policy - ID Scanner
Last updated: July 7, 2026
This Privacy Policy describes how Alfa Apps (“Alfa Apps,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the ID Scanner mobile application and related services (collectively, the “App” or “Services”).
This policy applies only to ID Scanner. It does not apply to other Alfa Apps products or websites unless they link to this policy.
If you do not agree with this Privacy Policy, do not use the App.
Contact: support@alfadapps.xyz
1. Summary
ID Scanner is a business-to-business (B2B) tool for licensed venues (such as bars, clubs, and event operators) and their authorized staff to assist with ID verification at the door. The App is not intended for consumers to scan their own ID for personal use.
Depending on how you use the App, we may process:
– Account and subscription information (email, sign-in provider details, subscription status)
– Identification document data parsed from barcodes or analyzed from photos (for example, name, date of birth, document number, issuing jurisdiction)
– ID photographs when you use Advanced Scan
– Usage and device analytics (for example, scan mode, outcomes, app version)
– User-submitted scan reports when you choose to report an issue
Basic (barcode) scanning is processed on your device by default. Advanced Scan sends a photograph to our servers and to our document-verification provider. Cloud storage of patron-related data occurs only when you submit a report, use certain account or team features, or when otherwise described in this policy.
2. Who This Policy Covers
This policy covers:
– Venue operators and authorized staff who use the App in a business capacity
– Patrons whose identification information is scanned by venue staff using the App
Venues are responsible for providing any notices and obtaining any consents required under applicable law before scanning patron IDs, and for how staff use and share scan results within the venue.
3. Information We Collect
3.1 Information you provide
Data | When collected | Examples
Account information | Sign-in, registration, or venue setup | Email address, name from Apple or Google sign-in, venue name, device nickname
Support communications | When you contact us | Email content, issue descriptions
Scan reports | When you tap “Report Issue” or similar | Issue category, optional comments, scan context described below
3.2 Identification and scan data
Data | Basic Scan (barcode) | Advanced Scan (photo)
Parsed ID fields | Processed on device | Received from verification provider after analysis
Raw barcode data | Stored on device; included in user-submitted reports | May be included when both modes are used
ID photograph | Not collected by us | Transmitted from your device to our secure backend, then to our document-verification provider
Fraud scores, validation results, cross-check results | Computed on device | Displayed in the App; may be stored on device and in user-submitted reports
Basic Scan: Barcode data and validation results are processed locally on the device. We do not automatically upload Basic Scan results to our servers.
Advanced Scan: When you capture or import an ID image, the App encodes the image and sends it to our Firebase Cloud Functions endpoint. Our server forwards the image to ID Analyzer for document verification and returns the analysis result to the App. We do not permanently store ID photographs on our servers after the scan request is completed. ID Analyzer may process and retain images according to its own privacy policy.
On-device storage: The App may store scan history, ban lists, and Advanced Scan results locally on the device (for example, in on-device storage or a local database). This data remains on the device unless you submit a report, use team or cloud sync features, or otherwise choose to share it.
3.3 Information collected automatically
Data | Purpose | Provider
App usage events | Product analytics, reliability, feature improvement | Amplitude
Device and app metadata | Analytics context | Amplitude
Authentication identifiers | Secure access to Advanced Scan and cloud features | Google Firebase
Rate-limit counters | Prevent abuse of Advanced Scan | Google Firebase (Firestore)
Subscription status | Entitlements and billing | RevenueCat, Apple App Store
Analytics: We use Amplitude to understand how the App is used (for example, scan started, scan completed, paywall viewed). We configure analytics not to include patron names, dates of birth, or other patron-identifying scan payload in event properties.
3.4 Information from third parties
– Apple and Google (if you use Sign in with Apple or Google Sign-In): authentication tokens and basic profile information they provide with your consent
– Apple App Store: subscription and purchase status
– ID Analyzer: document verification results returned to the App after Advanced Scan
We do not buy or sell lists of patron personal information.
4. How We Use Information
We use information to:
1. Provide the Services — run barcode validation, Advanced Scan, ban lists, scan history, and team features
2. Operate accounts and subscriptions — authenticate users, enforce plan limits, process entitlements
3. Improve and secure the App — debug reported issues, improve validation rules, monitor abuse, protect against fraud
4. Communicate with you — respond to support requests and send service-related notices
5. Comply with law — respond to lawful requests and enforce our Terms of Use
We do not use patron ID data for advertising profiles or sell patron personal information.
5. Legal Bases for Processing (EEA, UK, Switzerland, Canada)
Where applicable privacy laws require a legal basis:
– Contract — to provide the App and subscriptions you request
– Legitimate interests — to secure, improve, and operate the Services, and to prevent abuse, balanced against your rights
– Consent — where required (for example, optional analytics in jurisdictions that require consent)
– Legal obligation — where we must retain or disclose information by law
Venues are generally responsible for determining the lawful basis for scanning patron IDs under local law.
6. How We Share Information
We share information only as described below:
Recipient | Why
ID Analyzer | Document image verification for Advanced Scan
Google Firebase | Authentication, Cloud Functions, Firestore (reports, rate limits), App Check security
Amplitude | De-identified product analytics
RevenueCat | Subscription management
Apple / Google | Sign-in and (for purchases) payment processing by Apple
Service providers | Hosting, support, and operations under confidentiality obligations
Legal and safety | If required by law, court order, or to protect rights, safety, and security
Business transfers | In connection with a merger, acquisition, or asset sale, with notice where required
We do not sell personal information as defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA.
6.1 Venue and team accounts
If your venue uses shared or team accounts, the venue owner or administrator controls which staff can access the account. Scan history, ban lists, and related venue data may be visible to authorized staff on other devices linked to the same venue account.
Venue owners are responsible for:
– Inviting only trusted staff
– Training staff on lawful ID checks and data handling
– Complying with applicable privacy, liquor, and employment laws
7. Data Retention
Data type | Retention period
User-submitted scan reports (Firestore) | Up to 90 days, then deleted or anonymized
Advanced Scan images on our servers | Not retained after the scan request completes
Rate-limit records | Short-term operational retention (typically up to 90 days)
Analytics events | Per Amplitude’s configuration and our internal retention settings
Account data | While your account is active and as needed thereafter for legal, security, or billing purposes
On-device scan history and ban lists | Until you clear data in the App, uninstall the App, or delete the device data
ID Analyzer data | Governed by ID Analyzer’s policies
We may retain anonymized or aggregated information that does not identify individuals.
8. Security
We use administrative, technical, and organizational measures designed to protect information, including encryption in transit, access controls, and Firebase App Check. No method of transmission or storage is 100% secure. You are responsible for securing devices used by your venue and restricting staff access.
9. International Data Transfers
We are based in Indonesia. Our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.
10. Your Rights and Choices
Depending on where you live, you may have the right to:
– Access personal information we hold about you
– Correct inaccurate information
– Delete your account and associated data we control
– Object to or restrict certain processing
– Data portability (where applicable)
– Withdraw consent where processing is based on consent
10.1 Delete your account or data
When account features are available, you may initiate deletion from Settings in the App. You may also email support@alfadapps.xyz with the subject “Account Deletion Request.”
We will verify your request and complete deletion of account and associated cloud data we control within 30 days, except where we must retain information for legal, security, or billing compliance. Deleting your account does not cancel an App Store subscription; cancel subscriptions in your Apple ID settings.
Local data on your device may remain until you clear it in the App or remove the App from the device.
10.2 Exercising rights
Email support@alfadapps.xyz. We may need to verify your identity. We will respond within the time required by applicable law.
11. California Residents (CCPA / CPRA)
This section applies to California residents.
Categories collected in the past 12 months (depending on use of the App):
Category | Examples | Collected
A. Identifiers | Email, account ID, device identifiers in analytics | Yes
B. California Customer Records | Name, email, venue name | Yes
C. Protected classifications | Date of birth from scanned IDs (in reports or Advanced results) | Yes, when scanned or reported
F. Internet or network activity | App interactions via analytics | Yes
H. Sensory / visual information | ID photographs during Advanced Scan (transient processing) | Yes, during Advanced Scan
I. Professional information | Business/venue affiliation | Yes
Sensitive personal information: Government ID details and images may be processed when you use scanning features. We use this information only to provide the Services and as described in this policy, not for unrelated purposes.
Sale or share: We do not sell or share personal information for cross-context behavioral advertising.
Your California rights: Right to know, delete, correct, and opt out of sale/share (not applicable as we do not sell). Non-discrimination for exercising rights.
Contact: support@alfadapps.xyz
12. Canadian Residents
If you are in Canada, you may have rights under PIPEDA and applicable provincial laws, including access, correction, and withdrawal of consent where processing is consent-based. Venues scanning Canadian IDs remain responsible for compliance with local requirements. Contact support@alfadapps.xyz to exercise rights.
13. Children
The App is for venue operators and staff aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact support@alfadapps.xyz and we will take appropriate steps to delete it.
The App is not directed at patrons; venues must comply with laws governing ID checks and minors.
14. Third-Party Links and Services
The App may link to third-party services (for example, Apple subscription management). Their privacy practices are governed by their own policies. We encourage you to review:
– ID Analyzer privacy documentation
– Google Firebase privacy documentation
– Amplitude privacy documentation
– RevenueCat privacy documentation
– Apple Privacy Policy
15. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be notified in the App or by other reasonable means. Continued use after the effective date constitutes acceptance of the updated policy.
16. Contact Us
Alfa Apps
Email: support@alfadapps.xyz
Subject line: “Privacy — ID Scanner”
For account or data deletion: support@alfadapps.xyz (subject: “Account Deletion Request”)