Legal
Privacy Policy
The short version
Offload keeps your documents in your memory by keeping them on your phone. Your IDs, registrations, licenses, plate and passport numbers, scans, and the dates that matter — Pax reads them and reminds you, and none of it is ever uploaded to us. By default it never leaves your device at all. It's stored encrypted, on your phone.
If you choose to turn on backup, only an encrypted copy that you alone can unlock is saved to your own Google Drive — we can't read it and neither can Google. That's the one and only place your document data can go, and only if you ask for it.
A few other narrow things leave your phone for specific reasons: processing a purchase, an anonymous crash report so the app doesn't stay broken, and feedback you choose to send. This policy says exactly what, when, and to whom — in plain language, because vagueness is its own kind of dishonesty.
We do not sell your data. We do not share it with advertisers. There are no ad networks and no usage-analytics trackers in Offload.
01 Who's responsible for the limited data that reaches us
You stay in control of your information. Offload keeps your documents on your device — we never receive them, store them, or look at them. For that data there is no one "responsible" but you, because it never reaches us.
The only personal data we are responsible for is what you choose to send:
- the feedback you submit (your message plus basic app and device details — never your documents), and
- anonymous crash reports (if enabled), which only help us fix problems.
(Purchases and subscriptions are handled by the App Store / Google Play and RevenueCat — see Section 3 — and are not stored by us.)
For that limited data — and only that — the responsible party (the "data controller" under laws such as the GDPR) is the independent developer who operates Offload. You can reach us about any privacy matter, including the rights in Section 8, at privacy@offloadpax.app.
If you are in the EU/EEA or UK and believe we have not resolved a concern, you also have the right to lodge a complaint with your local supervisory authority.
02 What stays on your device — and is never collected
The core of Offload is local-first. The following is created and stored only on your device, in the app's local storage, and is never transmitted to us or to any third party through the app:
- Document and item details you add or scan: names, national/Civil ID numbers, passport numbers, vehicle plate and VIN/chassis numbers, license and registration numbers, issue and expiry dates, fees, notes.
- Photos and scans of your documents and cards, and any attachments you add.
- Birthdays added to the in-app calendar.
- Your service log / history, reminders, and preferences.
- Your app-lock PIN (stored only as a salted SHA-256 hash — the PIN itself is never stored) and your biometric setting (biometric matching is handled entirely by your device's operating system; Offload never sees your fingerprint or face data).
Scanning and text recognition (OCR) happen entirely on your device using on-device libraries. The image and the text read from it are not sent anywhere.
Encrypted at rest. On your device, your data is stored in an encrypted (SQLCipher) database; scan images are separately encrypted; your app-lock PIN and the encryption keys live in your device's secure hardware store (Android Keystore / iOS Keychain). Raw text read by OCR during a scan is not retained.
No automatic cloud backup. Offload deliberately disables your device's automatic operating-system backup (Android Auto Backup and iCloud backup) for its data. Unless you turn on Encrypted Backup (below), nothing is copied to any cloud, and nothing transfers when you set up a new device.
Optional Encrypted Backup to your own Google Drive (off by default). You may choose to enable backup. If you do, you sign into your own Google account and set a backup password. Offload then encrypts a copy of your data on your device (AES-256-GCM, key derived from your password with PBKDF2-SHA-256 at 600,000 iterations) and uploads only that encrypted file to a private, app-only folder in your Google Drive. Your scan images are not included — only structured details. Your password and encryption key never leave your device. Because the encryption happens before upload, neither we nor Google can read your backup — only someone with your password can. There is no recovery if you forget it: the backup is, by design, unrecoverable without your password. You can turn backup off and delete the backup file at any time.
Because this data never leaves your device, we cannot access it, recover it, or delete it for you — it is yours alone. Deleting the app, or using the in-app "erase all data" control (see Section 8), removes it.
03 What does leave your device — and exactly when
Offload connects to outside services only in these specific situations. For each, we name the processor, the data involved, and why.
| Service (processor) | What is sent | When it happens | Where the processor operates |
|---|---|---|---|
| RevenueCat, Inc. (purchases) | An anonymous, randomly-generated app-user identifier; purchase and subscription receipt data; basic device and network information (incl. IP address) | Only if you open the store/paywall or make/restore a purchase | United States |
| Sentry (Functional Software, Inc.) (crash reports) | Anonymous crash diagnostics: error type and stack trace, app version, device model and OS version, and network metadata (incl. IP) | Only in released builds, when a crash occurs [subject to the opt-out in Section 7] | United States / EU |
| Supabase (feedback) | A random, reinstall-resettable installation ID; the message text you type; the category you pick; app version; platform; OS version; device locale; and your current plan name | Only when you choose to send feedback | [Supabase project region — confirm] |
| open.er-api.com (currency rates) | A request for current exchange rates. No personal data is included — only your IP address, as with any internet request | When the app refreshes currency conversion rates | — |
| Google Drive (optional Encrypted Backup) | An end-to-end-encrypted copy of your structured data (see Section 2), stored in a private app-only folder in your own Google account. We never receive it; Google stores only ciphertext it cannot read | Only if you turn backup on, then on your schedule | Your Google account |
Apart from the opt-in, end-to-end-encrypted backup to your own Google Drive, we do not transmit your documents, scans, IDs, plate/passport numbers, or any item content to RevenueCat, Sentry, Supabase, or any other service — and the backup itself is encrypted on your device so no one but you can read it.
Note on payments: purchases are processed by Apple (App Store) or Google (Google Play) and brokered by RevenueCat. Offload never sees or stores your payment-card details. Your purchase is governed by Apple's or Google's terms in addition to ours.
04 Why we process this data (purposes and legal bases)
For users in jurisdictions that require a legal basis (e.g. EU/UK under the GDPR; Saudi/UAE/Bahrain under the applicable PDPL), the bases are:
| Purpose | Data | Legal basis |
|---|---|---|
| Provide the core reminder service | On-device data (Section 2) | Performance of a contract with you / your consent by using the app. Processing is local; no transfer to us. |
| Process and restore purchases and subscriptions | RevenueCat data (Section 3) | Performance of a contract (delivering the plan you bought) |
| Keep the app stable and fix crashes | Sentry crash diagnostics | Legitimate interests (maintaining a working product), balanced against your rights, with an opt-out provided |
| Respond to feedback you send | Supabase feedback data | Your consent, given by choosing to submit feedback |
| Show amounts in your currency | FX rate request | Legitimate interests (a useful display feature); no personal data sent |
05 Device permissions
Offload asks only for what a given action needs, and explains why in context:
- Camera / Photos — to scan or attach a document or card. Images are processed on-device; you choose each one.
- Notifications — to deliver Pax's reminders. Reminders are scheduled and shown locally by your device.
- Biometric / Fingerprint — for the optional app lock. Matching is done by your operating system; Offload never receives biometric data.
You can change or revoke any of these in your device settings at any time.
06 How long data is kept (retention)
- On-device data: kept until you delete the item, use "erase all data", or uninstall the app. We hold no copy and impose no retention period because we never receive it.
- Purchases (RevenueCat / Apple / Google): retained per those providers' policies for as long as needed to manage your subscription and for legal/financial record-keeping.
- Crash reports (Sentry): retained for a limited diagnostic window per Sentry's configured retention [confirm: typically 30–90 days], then deleted.
- Feedback (Supabase): retained while we review and act on it; you may request deletion (Section 8).
07 Crash-report opt-out
Anonymous crash reporting helps keep Offload working. You can turn it off at any time in Settings → Privacy → Share anonymous crash reports. When off, no crash diagnostics are sent to Sentry.
08 Your rights and how to use them
Depending on where you live, you have some or all of these rights: access a copy of your data; correct it; delete it ("right to be forgotten"); export/port it; object to or restrict processing; and withdraw consent at any time. We do not discriminate against you for exercising any right.
Because Offload is local-first, most of these you exercise directly on your device:
- Access / export: your data lives in the app; document details and history are viewable and (where supported) exportable in-app.
- Correction: edit any item directly.
- Deletion: delete any item, or use Settings → erase all Offload data to remove everything on the device. Uninstalling also erases all local data.
For data held by our processors (feedback in Supabase, crash reports in Sentry, purchase records in RevenueCat), email privacy@offloadpax.app and we will action your request, normally within 30 days.
California residents (CCPA/CPRA): we do not "sell" or "share" personal information as those terms are defined, and we do not process it for cross-context behavioral advertising — so no "Do Not Sell or Share My Personal Information" action is required. You retain the rights to know, delete, and correct, exercisable via the contact above.
09 International data transfers
If you use Offload outside the United States, note that RevenueCat and Sentry operate in the US, and Supabase in [region]. Where required (e.g. for EU/EEA, UK, or Saudi/UAE/Bahrain users), these transfers rely on appropriate safeguards — Standard Contractual Clauses and the processors' Data Processing Agreements — which we maintain with each provider.
10 Children
Offload is a general-audience utility and is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided data through feedback, contact us and we will delete it.
11 Security
Your document data is stored in an encrypted database (SQLCipher) on your device, with scan images separately encrypted and the encryption keys and app-lock PIN held in your device's secure hardware store (Android Keystore / iOS Keychain). Access is further protected by your device's own security (lock screen, OS sandboxing) and Offload's optional app lock (biometric and/or hashed PIN). Any optional Encrypted Backup is encrypted on your device before it leaves (end-to-end), so it is never readable by us or by Google. Data in transit to the processors in Section 3 is encrypted (HTTPS/TLS). No method is perfectly secure, but we minimize risk by keeping document data off the network by default and encrypting it both at rest and — when you back up — in your own cloud.
12 Changes to this policy
If we change how Offload handles data, we will update this policy, change the version and effective date above, and — for material changes — surface a notice in the app. Continued use after an update means you accept the revised policy.
13 Contact
Questions, requests, or complaints: privacy@offloadpax.app