Privacy Policy

Last updated: June 2026

This policy applies to the DocDuck iOS application, published by Shirokamolab.

1. Who we are

Shirokamolab is operated by Artur Bielunov, a sole proprietor established in Germany.

Contact for privacy matters: privacy@docduck.app

2. What data we process and why

2.1 Crash reporting — Sentry

Purpose: Identifying and fixing software bugs to maintain app stability. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — a stable, error-free app is in the interest of all users. Processor: Functional Software, Inc. (Sentry) — data is hosted in the EU region (ingest.de.sentry.io) and stored within the European Union.

What is collected:

  • Stack traces and crash reports
  • Device model, iOS version, app version, and free memory at time of crash
  • A sequence of anonymised in-app events leading up to the crash (no document content, no filenames, no personal information)
  • A random, anonymous Sentry install ID that is not linked to any identity

What is not collected:

  • IP addresses (sendDefaultPII = false)
  • User names, emails, or any contact information
  • Document content or filenames
  • Performance traces (tracesSampleRate = 0)

2.2 Analytics — PostHog

Purpose: Understanding how the app is used so we can improve it. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — product improvement benefits all users. Processor: PostHog, Inc. — data is hosted on PostHog EU Cloud (eu.posthog.com) and stored within the European Union.

What is collected:

  • A random anonymous device ID (UUID generated on first install — no name, email, or account attached)
  • Event names and timestamps: onboarding steps, paywall views, subscription events, document import actions
  • App version, iOS version, and device model class (e.g. “iPhone”)
  • Session start/end and app open/background events
  • IP address, anonymised immediately on ingestion (IP anonymisation is enabled in PostHog project settings)

What is not collected:

  • Document contents, filenames, or any document metadata
  • Email addresses or any contact information
  • iCloud account details
  • Photos, scans, or any personal files
  • Precise location
  • Any text entered by the user

Opt-out: You can disable analytics at any time in Settings → Privacy → Share analytics. When opted out, no events are sent and no device ID is created or persisted.

2.3 Document storage — iCloud

Purpose: Syncing your documents across your devices. Legal basis: Contract performance (Art. 6(1)(b) GDPR) — delivering the iCloud vault feature you have chosen to use. Processor: Apple Inc. — governed by Apple’s Privacy Policy.

When you create an iCloud vault, your documents are stored in your personal iCloud Drive. DocDuck does not have access to a copy of your iCloud data; files are never routed through Shirokamolab servers. This applies only if you choose to use an iCloud vault — local and in-app vaults never involve iCloud.

2.4 On-device AI features

Automatic summarisation and automatic masking features run entirely on your device using Apple’s on-device AI frameworks (Apple Foundation Models). No document content is sent to any server, including Shirokamolab’s or any third-party AI provider, for these features.

2.5 In-app purchases

Purpose: Processing subscriptions and one-time purchases for paid features. Legal basis: Contract performance (Art. 6(1)(b) GDPR). Processor: Apple Inc. (StoreKit / App Store) — governed by Apple’s Privacy Policy.

DocDuck does not process payment data directly. All purchases are handled by the Apple App Store. We do not store or have access to your payment card details. Purchase receipts are verified on-device via StoreKit.

2.6 Contact and support

If you contact us by email, we retain that correspondence solely to respond to your enquiry. We do not add you to any mailing list or share your email with third parties.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

3. Data we do not collect

We do not collect, process, or sell your personal information beyond what is described above. We have no access to the documents, files, or content you store in DocDuck. All document processing (masking, summarisation, tagging) happens on your device.

4. Data retention

DataRetention period
Crash reports (Sentry)90 days
Analytics events (PostHog)2 years
Analytics opt-out preferenceUntil app is deleted
Support emailsUntil the matter is resolved, then deleted

5. Data transfers outside the EU

  • Sentry: Data is processed and stored in the EU (ingest.de.sentry.io). ✓
  • PostHog: Data is processed and stored in the EU (eu.posthog.com). ✓
  • iCloud: Apple may store data across multiple regions per their own data transfer addendum.
  • No other third-party services receive data from our apps.

6. Your rights under GDPR

If you are in the European Economic Area, you have the following rights:

  • Right of access (Art. 15) — Request a copy of the data we hold about you.
  • Right to rectification (Art. 16) — Request correction of inaccurate data.
  • Right to erasure (Art. 17) — Request deletion of your data.
  • Right to restriction (Art. 18) — Request that we limit how we use your data.
  • Right to object (Art. 21) — Object to processing based on legitimate interests. For analytics, use the opt-out toggle in Settings at any time.
  • Right to data portability (Art. 20) — Request your data in a structured, machine-readable format.
  • Right to lodge a complaint — You have the right to complain to the supervisory authority in your member state. In Germany, the competent authority depends on your federal state (Bundesland). The federal authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI): www.bfdi.bund.de.

To exercise any of these rights, contact us at privacy@docduck.app.

Because analytics data is collected anonymously (no name or email attached to the device UUID), the most effective way to stop future collection is the opt-out toggle in Settings → Privacy → Share analytics. For deletion of historical records, you can find your anonymous analytics ID in Settings → Privacy → Analytics ID — include it in your deletion request so we can locate your records precisely in PostHog.

7. Children’s privacy

DocDuck is not directed at children under the age of 16 (EU) or 13 (US). We do not knowingly collect personal data from minors. If you believe a minor has provided data, please contact us and we will delete it promptly.

8. California residents (CCPA)

We do not sell your personal information. We do not share personal information with third parties for cross-context behavioural advertising. California residents have the right to know what personal information is collected, to request deletion, and to opt out of sale — sale does not occur here so no further action is needed.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced via an in-app notice or App Store update notes. The “Last updated” date at the top of this page always reflects the current version.

10. Contact

privacy@docduck.app

DocDuck Terms of Use →