Alfa Apps

Privacy Policy - ID Scanner

Last updated: July 7, 2026

This Privacy Policy describes how Alfa Apps (“Alfa Apps,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the ID Scanner mobile application and related services (collectively, the “App” or “Services”).

This policy applies only to ID Scanner. It does not apply to other Alfa Apps products or websites unless they link to this policy.

If you do not agree with this Privacy Policy, do not use the App.

Contact: support@alfadapps.xyz

1. Summary

ID Scanner is a business-to-business (B2B) tool for licensed venues (such as bars, clubs, and event operators) and their authorized staff to assist with ID verification at the door. The App is not intended for consumers to scan their own ID for personal use.

Depending on how you use the App, we may process:

– Account and subscription information (email, sign-in provider details, subscription status)
– Identification document data parsed from barcodes or analyzed from photos (for example, name, date of birth, document number, issuing jurisdiction)
– ID photographs when you use Advanced Scan
– Usage and device analytics (for example, scan mode, outcomes, app version)
– User-submitted scan reports when you choose to report an issue

Basic (barcode) scanning is processed on your device by default. Advanced Scan sends a photograph to our servers and to our document-verification provider. Cloud storage of patron-related data occurs only when you submit a report, use certain account or team features, or when otherwise described in this policy.

2. Who This Policy Covers

This policy covers:

– Venue operators and authorized staff who use the App in a business capacity
– Patrons whose identification information is scanned by venue staff using the App

Venues are responsible for providing any notices and obtaining any consents required under applicable law before scanning patron IDs, and for how staff use and share scan results within the venue.

3. Information We Collect

3.1 Information you provide

Data | When collected | Examples

Account information | Sign-in, registration, or venue setup | Email address, name from Apple or Google sign-in, venue name, device nickname

Support communications | When you contact us | Email content, issue descriptions

Scan reports | When you tap “Report Issue” or similar | Issue category, optional comments, scan context described below

3.2 Identification and scan data

Data | Basic Scan (barcode) | Advanced Scan (photo)

Parsed ID fields | Processed on device | Received from verification provider after analysis

Raw barcode data | Stored on device; included in user-submitted reports | May be included when both modes are used

ID photograph | Not collected by us | Transmitted from your device to our secure backend, then to our document-verification provider

Fraud scores, validation results, cross-check results | Computed on device | Displayed in the App; may be stored on device and in user-submitted reports

Basic Scan: Barcode data and validation results are processed locally on the device. We do not automatically upload Basic Scan results to our servers.

Advanced Scan: When you capture or import an ID image, the App encodes the image and sends it to our Firebase Cloud Functions endpoint. Our server forwards the image to ID Analyzer for document verification and returns the analysis result to the App. We do not permanently store ID photographs on our servers after the scan request is completed. ID Analyzer may process and retain images according to its own privacy policy.

On-device storage: The App may store scan history, ban lists, and Advanced Scan results locally on the device (for example, in on-device storage or a local database). This data remains on the device unless you submit a report, use team or cloud sync features, or otherwise choose to share it.

3.3 Information collected automatically

Data | Purpose | Provider

App usage events | Product analytics, reliability, feature improvement | Amplitude

Device and app metadata | Analytics context | Amplitude

Authentication identifiers | Secure access to Advanced Scan and cloud features | Google Firebase

Rate-limit counters | Prevent abuse of Advanced Scan | Google Firebase (Firestore)

Subscription status | Entitlements and billing | RevenueCat, Apple App Store

Analytics: We use Amplitude to understand how the App is used (for example, scan started, scan completed, paywall viewed). We configure analytics not to include patron names, dates of birth, or other patron-identifying scan payload in event properties.

3.4 Information from third parties

– Apple and Google (if you use Sign in with Apple or Google Sign-In): authentication tokens and basic profile information they provide with your consent
– Apple App Store: subscription and purchase status
– ID Analyzer: document verification results returned to the App after Advanced Scan

We do not buy or sell lists of patron personal information.

4. How We Use Information

We use information to:

1. Provide the Services — run barcode validation, Advanced Scan, ban lists, scan history, and team features

2. Operate accounts and subscriptions — authenticate users, enforce plan limits, process entitlements

3. Improve and secure the App — debug reported issues, improve validation rules, monitor abuse, protect against fraud

4. Communicate with you — respond to support requests and send service-related notices

5. Comply with law — respond to lawful requests and enforce our Terms of Use

We do not use patron ID data for advertising profiles or sell patron personal information.

5. Legal Bases for Processing (EEA, UK, Switzerland, Canada)

Where applicable privacy laws require a legal basis:

– Contract — to provide the App and subscriptions you request
– Legitimate interests — to secure, improve, and operate the Services, and to prevent abuse, balanced against your rights
– Consent — where required (for example, optional analytics in jurisdictions that require consent)
– Legal obligation — where we must retain or disclose information by law

Venues are generally responsible for determining the lawful basis for scanning patron IDs under local law.

6. How We Share Information

We share information only as described below:

Recipient | Why

ID Analyzer | Document image verification for Advanced Scan

Google Firebase | Authentication, Cloud Functions, Firestore (reports, rate limits), App Check security

Amplitude | De-identified product analytics

RevenueCat | Subscription management

Apple / Google | Sign-in and (for purchases) payment processing by Apple

Service providers | Hosting, support, and operations under confidentiality obligations

Legal and safety | If required by law, court order, or to protect rights, safety, and security

Business transfers | In connection with a merger, acquisition, or asset sale, with notice where required

We do not sell personal information as defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA.

6.1 Venue and team accounts

If your venue uses shared or team accounts, the venue owner or administrator controls which staff can access the account. Scan history, ban lists, and related venue data may be visible to authorized staff on other devices linked to the same venue account.

Venue owners are responsible for:

– Inviting only trusted staff
– Training staff on lawful ID checks and data handling
– Complying with applicable privacy, liquor, and employment laws

7. Data Retention

Data type | Retention period

User-submitted scan reports (Firestore) | Up to 90 days, then deleted or anonymized

Advanced Scan images on our servers | Not retained after the scan request completes

Rate-limit records | Short-term operational retention (typically up to 90 days)

Analytics events | Per Amplitude’s configuration and our internal retention settings

Account data | While your account is active and as needed thereafter for legal, security, or billing purposes

On-device scan history and ban lists | Until you clear data in the App, uninstall the App, or delete the device data

ID Analyzer data | Governed by ID Analyzer’s policies

We may retain anonymized or aggregated information that does not identify individuals.

8. Security

We use administrative, technical, and organizational measures designed to protect information, including encryption in transit, access controls, and Firebase App Check. No method of transmission or storage is 100% secure. You are responsible for securing devices used by your venue and restricting staff access.

9. International Data Transfers

We are based in Indonesia. Our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.

10. Your Rights and Choices

Depending on where you live, you may have the right to:

– Access personal information we hold about you
– Correct inaccurate information
– Delete your account and associated data we control
– Object to or restrict certain processing
– Data portability (where applicable)
– Withdraw consent where processing is based on consent

10.1 Delete your account or data

When account features are available, you may initiate deletion from Settings in the App. You may also email support@alfadapps.xyz with the subject “Account Deletion Request.”

We will verify your request and complete deletion of account and associated cloud data we control within 30 days, except where we must retain information for legal, security, or billing compliance. Deleting your account does not cancel an App Store subscription; cancel subscriptions in your Apple ID settings.

Local data on your device may remain until you clear it in the App or remove the App from the device.

10.2 Exercising rights

Email support@alfadapps.xyz. We may need to verify your identity. We will respond within the time required by applicable law.

11. California Residents (CCPA / CPRA)

This section applies to California residents.

Categories collected in the past 12 months (depending on use of the App):

Category | Examples | Collected

A. Identifiers | Email, account ID, device identifiers in analytics | Yes

B. California Customer Records | Name, email, venue name | Yes

C. Protected classifications | Date of birth from scanned IDs (in reports or Advanced results) | Yes, when scanned or reported

F. Internet or network activity | App interactions via analytics | Yes

H. Sensory / visual information | ID photographs during Advanced Scan (transient processing) | Yes, during Advanced Scan

I. Professional information | Business/venue affiliation | Yes

Sensitive personal information: Government ID details and images may be processed when you use scanning features. We use this information only to provide the Services and as described in this policy, not for unrelated purposes.

Sale or share: We do not sell or share personal information for cross-context behavioral advertising.

Your California rights: Right to know, delete, correct, and opt out of sale/share (not applicable as we do not sell). Non-discrimination for exercising rights.

Contact: support@alfadapps.xyz

12. Canadian Residents

If you are in Canada, you may have rights under PIPEDA and applicable provincial laws, including access, correction, and withdrawal of consent where processing is consent-based. Venues scanning Canadian IDs remain responsible for compliance with local requirements. Contact support@alfadapps.xyz to exercise rights.

13. Children

The App is for venue operators and staff aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact support@alfadapps.xyz and we will take appropriate steps to delete it.

The App is not directed at patrons; venues must comply with laws governing ID checks and minors.

14. Third-Party Links and Services

The App may link to third-party services (for example, Apple subscription management). Their privacy practices are governed by their own policies. We encourage you to review:

– ID Analyzer privacy documentation
– Google Firebase privacy documentation
– Amplitude privacy documentation
– RevenueCat privacy documentation
– Apple Privacy Policy

15. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be notified in the App or by other reasonable means. Continued use after the effective date constitutes acceptance of the updated policy.

16. Contact Us

Alfa Apps
Email: support@alfadapps.xyz
Subject line: “Privacy — ID Scanner”

For account or data deletion: support@alfadapps.xyz (subject: “Account Deletion Request”)