Cosmos Scanner
Cosmos Scanner Privacy Policy
Last Updated: February 2026
Introduction
Cosmos Scanner ("we", "our", or "the App") is committed to protecting your privacy and securing your sensitive personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.
By using Cosmos Scanner, you agree to the practices described in this Privacy Policy.
Overview
Cosmos Scanner is designed with privacy as a core principle. All your documents and sensitive data stay on your device.
Key Points:
- All documents are encrypted with AES-256 and stored locally on your device
- We never transmit your documents or sensitive information to external servers
- You have complete control over your data
- The app displays personalised advertisements (can be removed with one-time purchase)
- Network calls are made to Google Play for purchases and to ad networks for displaying ads
Information We Collect
Information You Provide
Authentication Information
- 4-digit PIN: Hashed with PBKDF2 + salt (100,000 iterations) and stored in encrypted preferences
- Biometric data (fingerprint/face): Stored locally on your device by Android system, never by us
Document Information
- Scanned documents: Images captured using your device camera, encrypted and stored locally
- Document metadata: Titles, categories, notes, tags, creation dates - all encrypted
- Categories: Doctor Referrals, Test Referrals, Test Results, Receipts, Personal Documents, Financial Records, Legal Documents, and any custom categories you create
Extracted Text
- OCR data: Text extracted from scanned documents for search functionality
- Metadata extraction: Dates, names, and other details extracted from documents
Automatically Collected Information
- Scan count (for free tier limit tracking)
- Last active timestamp (for auto-lock feature)
- Failed authentication attempts (for security lockout)
- Encryption key metadata (creation date, version)
- Last backup timestamp
Advertising-Related Information
When you use the free version of the app with advertisements, the following information may be collected by our advertising partners:
- Device Advertising ID: A unique identifier assigned to your device for advertising purposes
- Device Information: Device type, operating system version, and screen size
- Ad Interaction Data: Information about ads viewed and clicked
- Approximate Location: General location based on IP address (not precise GPS location)
Important: This advertising-related data is collected and processed by Google AdMob, not by Cosmos Scanner directly. Your documents and sensitive information are never shared with advertising networks.
Permissions We Request
| Permission | Purpose | Required |
|---|---|---|
| Camera | To scan and capture documents | Yes |
| Storage | To save encrypted documents and create backups | Yes |
| Biometric | To enable fingerprint/face unlock | No |
| Internet | To display ads and verify purchases | Yes |
How We Use Your Information
Core Functionality
- Document Storage: Securely store your scanned documents with AES-256-GCM encryption
- Organisation: Categorise and organise documents (Doctor Referrals, Test Referrals, Test Results, Receipts, Personal Documents, Financial Records, Legal Documents, and custom categories)
- Search: Enable full-text search across your document collection using extracted text
- Security: Authenticate your identity using PIN or biometric authentication
- Backup: Create encrypted backups of your documents (user-initiated only)
Advertising
- Display Ads: Show personalised banner advertisements to support free access to the app
- Ad Personalisation: Allow ad networks to show relevant advertisements based on your interests
Advertising and Your Choices
About Advertisements
Cosmos Scanner displays banner advertisements powered by Google AdMob to support the free version of the app. These ads help us provide the app at no cost to users.
What Advertising Partners Collect
Google AdMob may collect:
- Device advertising identifier
- IP address (for approximate location)
- Device and app information
- Ad interaction data
Your Advertising Choices
You have several options to control advertising:
- Remove Ads Permanently: Purchase the one-time "Remove Ads" option within the app to permanently disable all advertisements
- Personalised Ad Consent: Users in the European Economic Area (EEA) and UK are shown a consent dialog to choose whether to receive personalised or non-personalised ads
- Reset Advertising ID: You can reset your device's advertising ID in your device settings
- Opt Out of Personalisation: You can opt out of personalised advertising in your device's privacy settings
GDPR Compliance for Advertising
For users in the European Economic Area (EEA) and United Kingdom:
- We use Google's User Messaging Platform (UMP) to obtain consent before showing personalised advertisements
- You can choose to receive personalised ads, non-personalised ads, or no ads (by purchasing the Remove Ads option)
- Your consent choice is stored and respected across app sessions
- You can change your consent preference at any time in the app settings
Data Storage and Security
Local-Only Storage for Your Documents
Cosmos Scanner does NOT transmit your documents, text, or metadata to external servers. All document data stays on your device. Network calls are made only to:
- Google Play for purchase verification (no document content is sent)
- Google AdMob for displaying advertisements (no document content is sent)
Encryption Standards
| Component | Method | Details |
|---|---|---|
| Database | SQLCipher (AES-256-CBC) | All metadata encrypted |
| Files | AES-256-GCM | Unique IV per file |
| Backups | Zip4j AES-256 | Password-protected |
| PIN | PBKDF2-HMAC-SHA256 | 100,000 iterations |
Key Management
- 32-byte master key generated from SecureRandom
- Master key stored in Android Keystore (hardware-backed, non-extractable)
- Separate keys derived for database and files using HKDF-SHA256
Data Protection Features
- Hardware-Backed Security: Encryption keys stored in Android Keystore
- Private Storage: Documents live in app-private storage
- Screenshot Protection: Enabled by default (can be disabled in Settings)
- Auto-Lock: App locks after configurable inactivity period
- Session Security: Authentication required after app backgrounding
Data Sharing and Disclosure
Document Data - NOT Shared
Cosmos Scanner DOES NOT share your document data:
- Your documents are never transmitted to any server
- Your sensitive information stays on your device
- We do not sell your personal information
- We do not use your document data for analytics or advertising
Advertising Data - Shared with Partners
For users of the free (ad-supported) version:
- Device advertising ID is shared with Google AdMob
- General device information is shared for ad serving
- Ad interaction data is collected by ad networks
Note: No document content, metadata, or extracted text is ever shared with advertising partners.
User-Initiated Sharing
The ONLY way document data leaves your device is when you explicitly:
- Create a backup file and share it yourself
- Share a document via Android's share function
- Contact support and choose to include information in your email
Third-Party Services
Google Play Billing
- Purpose: Process premium purchases (Remove Ads)
- Data Shared: Purchase tokens only (no document data)
- Privacy Policy: https://policies.google.com/privacy
Google AdMob
- Purpose: Display advertisements to support free app access
- Data Collected: Device advertising ID, device information, ad interaction data, approximate location
- Data NOT Shared: Documents, sensitive information, document metadata, OCR text
- Privacy Policy: https://policies.google.com/privacy
- How to Opt Out: Purchase "Remove Ads" or adjust device advertising settings
Google User Messaging Platform (UMP)
- Purpose: Obtain and manage user consent for personalised advertising (GDPR compliance)
- Data Collected: Consent preferences
- Privacy Policy: https://policies.google.com/privacy
ML Kit Document Scanner
- Purpose: On-device document scanning and OCR
- Processing: Entirely on-device (no data transmitted to Google)
Data Retention
User Control
- You control all document data: All information remains on your device until you delete it
- Document Deletion: Documents are permanently deleted when you remove them
- Secure Deletion: Files are overwritten before deletion to prevent recovery
Advertising Data
- Advertising-related data is managed by Google AdMob according to their retention policies
- You can reset your advertising ID at any time through your device settings
- Purchasing "Remove Ads" stops all future advertising data collection
Backup Data
- User Responsibility: Backup files you create are your responsibility to manage
- Encryption: Backups remain encrypted until you decrypt them with your password
App Uninstallation
When you uninstall Cosmos Scanner:
- All encrypted documents are deleted
- All metadata and preferences are deleted
- Backup files you've created will remain in your Downloads folder unless manually deleted
- Advertising data held by Google is subject to Google's retention policies
Your Privacy Rights
You have complete control over your data:
- Access: View all your documents and settings anytime
- Modification: Edit document titles, notes, categories, and settings
- Deletion: Delete individual documents or all data
- Export: Create encrypted backups of your data
- Portability: Restore backups on any device
- Ad-Free Option: Purchase "Remove Ads" to eliminate advertising data collection
For EEA/UK Users (GDPR)
- Consent Management: Control your advertising consent preferences
- Right to Object: Opt out of personalised advertising
- Data Portability: Export your data via encrypted backups
Security Incident Response
Device Loss or Theft
If your device is lost or stolen:
- Your data is protected by AES-256 encryption
- Without your PIN or biometric authentication, data cannot be accessed
- We recommend enabling "Find My Device" features on your device
Security Vulnerabilities
If you discover a security vulnerability, please contact us immediately:
- Email: support@cosmosone.cloud
- Subject: [Cosmos Scanner Security]
Children's Privacy
Cosmos Scanner is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
International Users
Cosmos Scanner is designed for use worldwide. All document data processing occurs locally on your device, regardless of your location. No document data crosses international borders unless you explicitly transfer it yourself.
Advertising data may be processed by Google in accordance with their privacy policy and applicable data transfer mechanisms.
Compliance Note
Cosmos Scanner is designed with privacy-by-design principles:
- Data Minimisation: Only collect data necessary for functionality
- Purpose Limitation: Use data only for stated purposes
- Storage Limitation: Document data stored only on user's device
- Integrity and Confidentiality: AES-256 encryption throughout
- User Control: Complete control over data lifecycle
- Security by Default: Encryption mandatory, not optional
- Consent: Advertising consent obtained where required by law
Changes to This Privacy Policy
We may update this Privacy Policy to reflect:
- Changes in legal requirements
- New features or functionality
- Changes to third-party service integrations
- Improvements to security practices
Notification: Major changes will be announced in-app.
Contact Information
If you have questions about this Privacy Policy:
Email: support@cosmosone.cloud
Subject Line: [Cosmos Scanner Privacy]
Website: https://cosmosone.cloud
Response Time:
- General inquiries: Within 5 business days
- Premium users: Within 24 hours (priority support)
- Security issues: Within 24 hours (all users)
Summary
| Aspect | Details |
|---|---|
| Document storage | Encrypted locally on device (AES-256) |
| Metadata storage | Encrypted database (SQLCipher) |
| Document data transmission | None |
| Backup security | Password-protected AES-256 encrypted |
| Advertisements | Yes (Google AdMob) - can be removed with purchase |
| Advertising data shared | Device ID, device info, ad interactions |
| Document data shared with ads | None - never |
| User control | Complete over all document data |
| Ad-free option | One-time "Remove Ads" purchase available |