Privacy promise

Stays on your phone. We mean that.

Most document scanners upload to a server by default and ask you to create an account. Klypt doesn't. This page explains what that actually means, and the technical commitments behind it.

The short version

Three things we don't do.

If any one of these changes, we update the privacy policy first and tell you before the change ships.

We don't upload your scansThere's no Klypt server. We can't see your scans, lose them, or sell them, because they're not ours.
We don't require an accountNo sign-up, no email, no password. Open the app and start scanning.
We don't sell data to brokersKlypt is a paid utility app and an ad-supported free tier. No third-party data sales. Period.

The technical commitments

What "on-device" actually means.

Marketing pages say "secure" a lot. Here's the specific work that backs it up.

🔐

Encrypted database

Klypt's scan database is AES-256 encrypted via SQLCipher. The passphrase is generated once per install and held in the Android Keystore — hardware-backed on every phone Klypt runs on (Android 8 and newer).

🗝️

Encrypted preferences

Even your settings (lock state, smart-naming toggle) are wrapped by Android Keystore-backed encrypted SharedPreferences. A rooted phone or "adb pull" no longer yields plaintext anything.

📵

OCR runs locally

Text recognition uses Google ML Kit's on-device library. The page never goes to a server. Klypt works fully offline.

🚫

Auto Backup off

Klypt explicitly opts out of Android's automatic Google Drive backup. Your scans don't sync to your phone's cloud backup either — by design.

📊

Analytics on the app, not your scans

We log app launches, crashes, and which screens get used — not what's in your documents. OCR text, folder names, and tag names never appear in any analytics event.

🔓

Optional vault lock

Turn on the lock and Klypt requires your phone's fingerprint or PIN to open. Uses the OS credential — Klypt never sees your biometric data.

What we do collect

The honest answer.

We're not zero-data. A few signals are necessary to keep the app working and the ads loading. Here's the complete list.

Crashlytics

If the app crashes, we get a stack trace. No scan content, no folder names, no OCR text. Just the line of code that broke.

App analytics

Anonymous app launches, screen views, and key actions (scan completed, IAP purchased). Used to know if a release broke a flow. No content.

AdMob

When the banner ad loads in the free tier, your advertising ID goes to Google. We don't add anything to that. Buy the $1.99 IAP to turn off ads entirely.

Play Billing

If you buy the $1.99 ad-removal IAP, Google handles the transaction. We get a "purchased" flag back — never your payment details.

Read the legal privacy policy →

What's NOT for Klypt

Some paper we won't let in.

Medical records

Klypt is not HIPAA-compliant. There's no "Medical" folder by design, and our copy never invites you to store vaccination cards, insurance cards, or lab results. For health records, use a HIPAA-covered system.

Anyone under 18

Klypt is built for adults filing household paperwork. We don't market to children, don't opt into Google Play's "Designed for Families" category, and ask your age once at first launch.