Privacy Policy | ResaleScan

Last updated: April 1, 2026

1. Introduction

Welcome to ResaleScan ("we," "us," "our," or the "Company"). This Privacy Policy explains how ResaleScan: How much is... ("the App") collects, uses, stores, shares, and protects your personal data when you use our mobile application available on iOS and Android.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR/DSGVO), the Austrian Data Protection Act (DSG), and other applicable data protection laws.

Data Controller: ResaleScan: How much is... Country: Austria Email: info@resalescan.app

If you have any questions about this Privacy Policy, please contact us at info@resalescan.app.

2. Definitions

Personal Data: Any information that relates to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, erasure, etc.).
Service: The ResaleScan mobile application.
Account: A unique account created for you to access our Service.
Device: Any device (smartphone, tablet) that can access the Service.
Usage Data: Data collected automatically during use of the Service.
Third-Party Service: Any service integrated into or used by our App.
You / User: The individual using the Service.

3. Data We Collect

3.1 Account & Authentication Data

When you create an account or sign in, we collect:

Data Type	When Collected	Purpose
Email address	Email/password registration or email-link login	Account creation, authentication, communication
Display name	Social login (Google, Apple, Facebook)	Account personalization
Firebase User ID (UID)	Automatically upon account creation	Unique account identifier
Authentication provider	Upon login	To manage your sign-in method
Email verification status	Upon registration	Account security

Social Sign-In Providers:

Google Sign-In: We receive your email address, display name, and a Google ID token.
Apple Sign-In: We receive your email address (if shared), given name, family name, and an identity token. Apple may provide a private relay email.
Facebook Login: We receive your email address and a Facebook access token via the Facebook SDK.
Anonymous/Guest Mode: No personal data is collected. A temporary anonymous Firebase UID is generated.

3.2 User-Generated Content (Item Data)

When you scan and catalog items, we store:

Item name, brand, model, and description
Item condition and category
Estimated and original value
Sales title and seasonal demand data
Item status (in progress, listed, sold)
Image file paths (local references)
Timestamp of creation

This data is stored in our Firebase Firestore database under your user account.

3.3 Image & Camera Data

Our App uses your device camera and photo library to scan items:

Camera Access: Required to photograph items for AI analysis.
Photo Library Access: Optional, to select existing photos for analysis.
Image Processing: Photos are compressed locally on your device using image compression, then converted to Base64 encoding and transmitted via HTTPS to our Firebase Cloud Function for AI-powered analysis.
Data sent for analysis: Base64-encoded front and back images, your selected language, and country.
Image Retention: Images are processed in real-time for analysis. Only the analysis results (item name, brand, condition, value, etc.) are stored — not the original images on our servers. Images remain locally on your device.

3.4 Usage Data (Automatically Collected)

When you use the App, we automatically collect:

Device platform (iOS or Android)
App version
Screen views and navigation patterns (via Firebase Analytics)
Purchase events (product ID, price, currency — via Firebase Analytics)
App crash data (stack traces, error messages, device context — via Firebase Crashlytics)
App performance data (network request times, screen load times — via Firebase Performance Monitoring)
IP address (implicitly transmitted during network requests to our servers and third-party services)

3.5 Subscription & Purchase Data

When you subscribe to our premium plans, we process:

Subscription plan and entitlement status
Subscription expiration date
Purchase token and product identifier
Transaction history (managed by Apple App Store, Google Play, and RevenueCat)

We do not collect or store your credit card details, bank information, or payment credentials. All payments are processed by the Apple App Store (iOS) or Google Play Store (Android) through RevenueCat.

3.6 Local Device Storage (SharedPreferences)

We store the following data locally on your device:

Daily scan token count (free users)
Last token reset date
Email for email-link login (temporary)
Onboarding completion status
Language, currency, and country preferences
Pending deep link data (temporary)

This data stays on your device and is not transmitted to our servers unless explicitly noted.

3.7 Data We Do NOT Collect

Location data: We do not request GPS or location permissions.
Contacts: We do not access your address book.
Microphone: We do not access your microphone.
Device identifiers: We do not explicitly collect IMEI, serial numbers, or Android Advertising IDs in our own code. However, third-party SDKs (see Section 5) may access device identifiers subject to your consent.

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

Purpose	Legal Basis (Art. 6 GDPR)
Account creation & authentication	Performance of contract (Art. 6(1)(b))
Providing the scan & catalog service	Performance of contract (Art. 6(1)(b))
AI-powered image analysis	Performance of contract (Art. 6(1)(b))
Processing in-app purchases	Performance of contract (Art. 6(1)(b))
Product price lookup via Amazon API	Legitimate interest (Art. 6(1)(f)) — providing accurate pricing
Displaying advertisements (free users)	Consent (Art. 6(1)(a)) / Legitimate interest (Art. 6(1)(f))
Personalizing ads (when authorized)	Consent (Art. 6(1)(a)) — via ATT on iOS
App analytics & improvement	Legitimate interest (Art. 6(1)(f)) — improving user experience
Crash reporting & stability	Legitimate interest (Art. 6(1)(f)) — maintaining service quality
Performance monitoring	Legitimate interest (Art. 6(1)(f)) — ensuring app performance
Fraud prevention & security	Legitimate interest (Art. 6(1)(f))
Communication (support requests)	Performance of contract (Art. 6(1)(b))
Legal compliance	Legal obligation (Art. 6(1)(c))

5. Third-Party Services & SDKs

Our App integrates the following third-party services that may collect and process data independently:

5.1 Firebase (Google LLC)

We use multiple Firebase services:

Firebase Service	Data Processed	Purpose
Firebase Authentication	Email, UID, auth provider, login timestamps	User authentication
Cloud Firestore	User profile, item data, subscription status, tokens	Data storage
Firebase Cloud Functions	Base64 images, language, country	AI image analysis, subscription verification
Firebase Analytics	Screen views, purchase events, app engagement	App analytics & improvement
Firebase Crashlytics	Crash logs, stack traces, device info	Crash reporting & stability
Firebase Performance Monitoring	Network traces, screen rendering times	Performance optimization
Firebase Remote Config	Device metadata, A/B test assignments	Feature flags & paywall optimization
Firebase Storage	(Reserved for future use)	File storage

Firebase data is processed on Google Cloud servers. Data may be transferred to the United States under the EU-US Data Privacy Framework (adequacy decision by the European Commission, July 2023).

5.2 Google AdMob (Google LLC)

Free users see advertisements served by Google AdMob:

Banner ads displayed on certain screens
Rewarded interstitial ads shown before scanning (free users)
AdMob may collect: device identifiers, IP address, ad interaction data, and app usage information
Personalized ads: Enabled by default when you grant tracking permission. Non-personalized ads are shown if you decline.
Premium users do not see any ads.

5.3 RevenueCat, Inc.

We use RevenueCat to manage in-app subscriptions:

Data shared: Firebase User ID, purchase transactions, subscription status, platform
Data received: Entitlement status, subscription expiry, customer info updates
RevenueCat acts as a data processor on our behalf.

5.4 Facebook / Meta Platforms, Inc.

If you use Facebook Login:

The Facebook SDK is integrated for authentication purposes.
Data shared with Facebook: Authentication tokens, basic profile information.
Facebook may collect additional data through its SDK in accordance with its own privacy policy.

5.5 Apple Inc.

If you use Sign in with Apple:

Apple provides your email (or a private relay email), name, and identity token.
Apple controls what data is shared based on your Apple ID settings.

5.6 Google Sign-In (Google LLC)

If you use Google Sign-In:

Google provides your email, display name, and ID token for authentication.
Google's privacy practices apply to the data Google processes.

5.7 Amazon Product Advertising API (Amazon.com, Inc.)

We use the Amazon Product Advertising API to look up product prices and information:

Data sent to Amazon: Item keywords/names for product search
Data received: Product titles, prices, images, customer review counts, sales rank
Marketplace: Amazon.de (EU region)
No personal user data is sent to Amazon — only item search queries.

5.8 SKAdNetwork (Apple Inc.)

On iOS, we use Apple's SKAdNetwork for privacy-preserving ad conversion tracking without accessing your IDFA.

6. App Tracking Transparency (ATT) — iOS

On iOS 14.5 and later, we request your permission via Apple's App Tracking Transparency framework before accessing your device's advertising identifier (IDFA).

If you allow tracking: We may use your IDFA to deliver personalized ads via Google AdMob and measure ad effectiveness.
If you deny tracking: We will only show non-personalized, contextual ads. No IDFA is accessed.
On iOS versions below 14: Tracking was permitted by default under the previous framework.

You can change your tracking preference at any time in iOS Settings > Privacy & Security > Tracking.

7. Data Sharing & Transfers

7.1 Who We Share Data With

We share your data only with the following categories of recipients:

Recipient	Data Shared	Purpose
Google / Firebase	Account data, analytics, crash reports, images for analysis	Service operation, analytics, stability
Google AdMob	Device info, ad interactions	Advertising (free users only)
RevenueCat	Firebase UID, purchase data	Subscription management
Facebook / Meta	Auth tokens (only if Facebook Login is used)	Authentication
Amazon	Item search keywords	Product price lookup
Apple / Google Play	Purchase transactions	Payment processing

We do not sell your personal data to any third party.

7.2 International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), primarily the United States, where our third-party service providers (Google, RevenueCat, Amazon, Facebook/Meta) operate.

These transfers are protected by:

EU-US Data Privacy Framework (adequacy decision by the European Commission)
Standard Contractual Clauses (SCCs) where applicable
Appropriate technical and organizational measures

8. Data Retention

We retain your data as follows:

Data Type	Retention Period
Account data (email, UID, profile)	Until account deletion
Item data (scanned items, values)	Until account deletion or manual item deletion
Subscription data	Until account deletion; transaction records as required by law
Firebase Analytics data	14 months (Google default), then aggregated
Crashlytics data	90 days (Google default)
Local device data (SharedPreferences)	Until app uninstallation or manual data clearing
Images	Not stored on our servers; local copies remain on your device
Scan tokens	Reset daily; no historical retention

After account deletion, we will delete your personal data within 30 days, except where retention is required by law (e.g., tax/accounting obligations).

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and to request a copy of that data.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data.

9.3 Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data. You can delete your account directly in the App via Settings > Account Settings > Delete Account.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data under certain circumstances.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests, including direct marketing and profiling.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent (e.g., personalized advertising), you can withdraw consent at any time without affecting the lawfulness of prior processing.

9.8 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The relevant authority for Austria is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority) Barichgasse 40-42 1030 Vienna, Austria Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at

To exercise any of these rights, please contact us at info@resalescan.app. We will respond within one month of receiving your request.

10. Account Deletion & Data Clearing

10.1 Delete Your Account

You can permanently delete your account and associated data from within the App:

Settings > Account Settings > Delete Account

This will:

Delete your user profile from our database (Firestore)
Delete your Firebase Authentication account
Delete all items and associated data linked to your account

10.2 Clear Local Data

You can clear all locally stored data (without deleting your account) via:

Settings > Account Settings > Clear All Data

This will:

Sign you out
Clear all locally stored preferences and cached data
Not delete your server-side data

10.3 Uninstalling the App

Uninstalling the App removes all locally stored data. Your server-side account data will remain until you delete your account.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit: All data transmissions between the App and our servers use HTTPS/TLS encryption.
Firebase Security Rules: Access to Firestore data is restricted by authentication-based security rules.
Authentication: Secure sign-in via Firebase Authentication with support for email verification and social login providers.
Access control: Users can only access their own data.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Service is not directed at children under the age of 16 (in accordance with GDPR Art. 8 and Austrian DSG requirements).

We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@resalescan.app.

13. Advertising & Free/Premium Model

13.1 Free Users

Free users see advertisements served by Google AdMob (banner ads and rewarded interstitial ads).
Free users must watch a rewarded ad before each scan, or use their daily allocation of 3 free scans per day if ads are unavailable.
Ad personalization depends on your ATT consent (iOS) or ad preferences.

13.2 Premium Users

Premium subscribers enjoy an ad-free experience with unlimited scans.
No advertising data is collected or shared for premium users.

13.3 Opting Out of Personalized Ads

iOS: Settings > Privacy & Security > Tracking — disable tracking for ResaleScan.
Android: Settings > Google > Ads > Opt out of Ads Personalization.
You will still see ads, but they will be non-personalized.

14. A/B Testing & Remote Configuration

We use Firebase Remote Config to conduct A/B testing and optimize the user experience, including:

Paywall design and text variations
Feature availability
UI experiment assignments

This data is used in aggregate to improve our service. No personally identifiable information is used for A/B testing — only anonymized experiment group assignments.

15. Deep Links & Universal Links

Our App supports deep links and universal links for:

Email verification links
Login via email link
App navigation from external sources

Deep link data may be temporarily stored in SharedPreferences on your device and is deleted after processing.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Updating the "Last updated" date at the top of this policy
Posting a notice within the App (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ResaleScan: How much is... Email: info@resalescan.app Country: Austria

For GDPR-related inquiries, we aim to respond within one month of receiving your request, in accordance with Art. 12(3) GDPR.

18. Summary of Third-Party Data Flows

Your Data	Where It Goes	Why	Your Control
Email & profile	Firebase Auth & Firestore	Account management	Delete account
Item photos (Base64)	Firebase Cloud Function (AI)	Product identification & valuation	Don't scan
Item keywords	Amazon API	Price lookup	Don't use price feature
Screen views & events	Firebase Analytics	App improvement	Opt out in device settings
Crash reports	Firebase Crashlytics	Bug fixing	—
Device info & ad clicks	Google AdMob	Advertising	Upgrade to premium / deny ATT
Purchase data	RevenueCat / App Store / Play Store	Subscription management	—
Auth tokens	Facebook / Google / Apple	Social login	Use email login instead
IDFA (iOS)	AdMob (if permitted)	Ad personalization	Deny via ATT