Privacy Policy

Last updated: June 2, 2026 · Effective date: May 2, 2026

This policy explains what Klypt collects, what stays on your phone, and what doesn't. It's written in plain English. Klypt is designed to keep your data local — this policy is mostly about the small slice that doesn't.

1. Who we are

Klypt is made by Pacio LLC, a Michigan limited liability company.

Email: support@klyptapp.com
Mailing address: Pacio LLC, PO Box 144, Davison, MI 48423, USA

2. What we collect

What stays on your phone

Klypt is designed to keep your data local. The following items NEVER leave your device unless you explicitly export them:

Photos, scans, and files you import (PDFs and images from your camera, device storage, or other apps)
Text Klypt extracts from those scans (OCR)
Folder names, document names, and tags
Any organization or notes you add

OCR (text extraction from your scans) is performed entirely on your device using Google ML Kit. No image or text is sent to Google for OCR processing.

There is no Klypt server, no Klypt cloud, and no Klypt user account. We never receive your scans.

What gets sent off your device

Klypt uses a small number of Google services to function and to support development. Those services collect limited data, governed by their own privacy policies:

Google AdMob (banner ads in the free tier): Google may collect your advertising identifier, IP address, and limited device information to serve ads. You can reset your advertising identifier at any time via your device's privacy settings. If you remove ads via the in-app purchase, AdMob is no longer used.
Google Firebase Analytics: Google collects anonymized usage events (screen views, scans, imports, shares, paywall and in-app-purchase outcomes, age-gate result) and your advertising identifier to help us understand how Klypt is used. We do not associate this data with your identity. By default, Google retains Firebase Analytics data for up to 14 months; you may request earlier deletion via your Google account.
Google Firebase Crashlytics: If Klypt crashes, Google receives an anonymized crash report (stack trace, device model, operating-system version, and the line of code that failed) so we can fix the bug. No scan content, no document text, and no personal data from your scans is included in crash reports.
App-store in-app-purchase processing (Google Play Billing on Android; Apple App Store on iOS) — only if you make an in-app purchase: the app store handles the transaction. We receive only a purchase token confirming the purchase was made.
RevenueCat (in-app purchase management) — only if you make or restore an in-app purchase: Klypt uses RevenueCat to record your purchase and unlock state so the "Remove ads forever" purchase carries across reinstalls and (in future versions) across devices. RevenueCat sits between Klypt and your device's app store. When you buy or restore the purchase, RevenueCat receives the purchase token issued by your app store, an anonymous device-scoped identifier generated by the RevenueCat SDK, your device model and operating-system version, and your country code. RevenueCat does NOT receive your scans, OCR text, folder names, document names, tags, or any document content. Because Klypt has no user accounts, RevenueCat does not receive your name, email, or any identifier that personally identifies you. RevenueCat acts as a data processor on Pacio LLC's behalf for the limited purpose described above. Their privacy policy: revenuecat.com/privacy

What we do NOT collect

We do not have a Klypt server. There is no Pacio LLC backend that receives your scans.
We do not have user accounts. No email, password, or profile required.
We do not use facial recognition, content analysis, or AI training on your data.
We do not sell your data to anyone, ever.
We do not share your scans with any third party, ever.

Categories of personal information (California residents)

Under the California Privacy Rights Act (CPRA), the data the third-party services described above collect falls into the following categories:

Identifiers (Advertising ID): collected by Google AdMob and Firebase Analytics
Internet or other electronic network activity (in-app screen views, taps, app interactions): collected by Firebase Analytics
Geolocation data (approximate, IP-derived — never precise GPS): collected by Google AdMob
Diagnostic / app performance data (crash reports, stack traces, device info): collected by Firebase Crashlytics
Commercial information (purchase records): collected by your device's app store (Google Play on Android; Apple App Store on iOS) and processed by RevenueCat as Pacio LLC's purchase-management processor

We do not sell personal information. AdMob's personalized advertising may qualify as "sharing" under the CPRA's broad definition of cross-context behavioral advertising. See Section 6 for opt-out information.

3. Children's privacy

Klypt is intended for adults aged 18 and over. We do not knowingly collect personal information from children under 13.

We also do not knowingly collect personal information from children under 16 in jurisdictions where that is the age of digital consent (most EU countries and the United Kingdom). See Section 6 for details on EU and UK rights.

The "School & Sports" folder in Klypt is for adults to file their children's household paperwork (school forms, sports registrations, etc.) — not for children to use the app themselves.

If you are a parent or guardian and believe your child has used Klypt and you would like their information removed, contact us at the email above and we will help.

4. Health and medical information

Klypt is NOT designed for, and is NOT HIPAA-compliant for, the storage of protected health information (PHI).

Klypt is a household organizing tool. Please do NOT store medical records, vaccination cards, health insurance cards, prescription details, lab results, or other health information in Klypt. If you do, you do so at your own risk and outside the scope of HIPAA protection. Pacio LLC is not a HIPAA covered entity or business associate.

5. Storage and security

Your scans are stored in Klypt's app-private storage on your device. Other apps cannot read this storage. Standard device security applies (your screen lock, full-disk encryption, etc.).

Klypt opts out of operating-system-level automatic cloud backup of its data. Your scans, OCR text, and folders are never copied to your device's cloud-backup system (Google account backup on Android; iCloud backup on iOS). If you uninstall Klypt or use your device's "clear app data" option, your scans are deleted from your device with no recovery path — Pacio LLC does not retain a copy.

Sharing scans out of Klypt. You can share individual scans or assembled PDFs from Klypt via your device's share sheet. The file passes directly from your device to whichever app you select (email, messaging, cloud storage, etc.). Pacio LLC is not involved in that handoff and never receives a copy.

App lock (optional). You can lock Klypt with your device's biometric authentication. The biometric check is performed by your device's operating system — Klypt never sees, stores, or transmits your fingerprint or face data.

6. Your rights

Access: All your data is on your device. You can view, edit, or delete any of it at any time within Klypt.
Delete: To delete an individual scan, tap delete inside Klypt. To delete everything at once, uninstall Klypt (or, if your device offers it, use the "clear app data" option in your device's app settings).
Reset advertising identifier: your device's privacy settings let you reset your advertising identifier or limit ad tracking.
Stop analytics: We do not currently offer an in-app opt-out for Firebase Analytics. If you want one, contact us and we will work to add it.
California residents (CCPA/CPRA): You have the right to know, delete, and opt out of the sale of personal information. Klypt does not sell personal information. To exercise your rights, contact us.
EU / UK residents (GDPR / UK GDPR): Pacio LLC acts as the data controller for the limited data described in Section 2. Your rights include access, rectification, erasure, restriction of processing, data portability, and objection to processing. Klypt's on-device design means most of this is exercised directly within the app; for any data Google holds via the services listed above, contact Google directly. To exercise your rights against Pacio LLC, email support@klyptapp.com.
Australia residents (Privacy Act 1988): Pacio LLC handles personal information consistent with the 13 Australian Privacy Principles. The data flows described in Section 2 apply: collection is limited to what is needed to operate the app; we do not sell personal information; we do not disclose it to third parties for direct marketing. You may request access or correction by emailing support@klyptapp.com. To file a complaint, contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

EU/UK additional disclosures

Legal basis for processing: Consent (for Firebase Analytics and AdMob personalized advertising, where required by your jurisdiction); legitimate interest (for Firebase Crashlytics, to diagnose and fix bugs in the app you installed); contract performance (for app-store in-app-purchase processing and RevenueCat purchase-record management when you complete or restore an in-app purchase).
International data transfers: The Google services and RevenueCat described above transfer data to servers in the United States. These transfers rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms under Chapter V of the GDPR.
Right to lodge a complaint: You have the right to file a complaint with your national Data Protection Authority. UK residents may file with the Information Commissioner's Office (ICO).
Children under 16: We do not knowingly collect personal information from children under 16 in jurisdictions where that is the age of digital consent (most EU countries and the UK).

7. Future cloud features

Klypt is currently on-device only. Future versions may offer optional cloud backup as a paid subscription. If we add cloud features, we will:

Make them strictly opt-in
Notify you in the app before any cloud sync begins
Update this privacy policy with full disclosure of what is backed up and where

8. Third-party services

The third-party services used by Klypt are governed by their own privacy policies:

Google (umbrella)
Google AdMob
Firebase
Apple App Store (iOS in-app purchases)
Google Play (Android in-app purchases)
RevenueCat (in-app purchase management)

9. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect any changes. For material changes (anything that affects what data we collect or how we use it), we will notify you in the app before the change takes effect.

10. Contact us

Questions about this privacy policy? Email support@klyptapp.com.

For postal mail, write to Pacio LLC at the address listed in Section 1.