Privacy Policy
Provider (Impressum)
Oberstr. 3, 47829 Krefeld, Germany
Handelsregister: HRB 21178 (Amtsgericht Krefeld)
USt-IdNr: DE456304266
Managing Director: Holger Köther
Contact: webmaster@blocksize.one
Data We Collect
Images
Images you submit for extraction are transmitted to an AI provider for processing. When using our backend service, images are sent to Anthropic (Claude AI). When using your own API key, images are sent directly to your configured provider.
When using our backend service, we temporarily retain extraction logs (including images) for up to 14 days to debug issues and improve service quality. After 14 days, image data is automatically deleted while anonymized metadata may be retained for analytics.
Legal basis: Article 6(1)(b) GDPR (performance of a contract — providing the extraction service you requested).
Apple Sign In
We receive an anonymous user identifier from Apple. If you choose to share your email, we receive that as well. This is used for account management and purchase tracking.
Legal basis: Article 6(1)(b) GDPR (performance of a contract — account management and purchase verification).
iCloud Integration
We use Apple's CloudKit framework to enable cross-device credit synchronization. Here's how it works:
- We obtain an anonymous identifier linked to your iCloud account
- This identifier is a one-way hash (SHA256) of your iCloud record ID — we cannot reverse it to identify you
- We do NOT access your iCloud email, name, photos, or any other personal iCloud data
- This identifier is used solely to sync your credit balance across devices signed into the same iCloud account
Legal basis: Article 6(1)(b) GDPR (performance of a contract — enabling cross-device synchronization of your purchases).
Data Storage
Your credit balance and purchase history are stored on our servers. This data is linked to your anonymous iCloud identifier (if signed into iCloud) or your device identifier (if not). Purchase transactions are verified with Apple's App Store Server API.
Purchases
In-app purchases are processed by Apple. We store transaction IDs to prevent duplicate credits.
Legal basis: Article 6(1)(b) GDPR (performance of a contract — processing and verifying your purchases).
API Keys
API keys you configure are stored locally on your device in the iOS Keychain. We do not receive your API keys.
Service Usage Data
When using our backend service, we collect:
- Extraction requests (timestamp, success/failure, provider used)
- Credit purchases and usage
- Error logs for debugging
- Device locale and timezone (for accurate date parsing)
This data helps us improve the service and troubleshoot issues.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in maintaining and improving service quality).
Data We Do Not Collect
We do not collect:
- Device fingerprints or hardware identifiers
- Advertising identifiers
- Precise location data
- Calendar content (events are saved directly to your device)
- Data when using your own API keys (requests go directly to your provider)
Extraction history is stored locally on your device.
Third Parties
| Provider | Purpose | Location |
|---|---|---|
| Anthropic | AI extraction (backend) | United States |
| OpenAI | AI extraction (your key) | United States |
| Google (Gemini) | AI extraction (your key) | United States |
| Mistral | AI extraction (your key) | France |
| xAI (Grok) | AI extraction (your key) | United States |
| Apple | Auth and payments | United States |
| Cloudflare | Backend hosting | Global |
When you use third-party services with your own API key, their privacy policies govern data handling.
Data Retention
Extraction logs: Images and extraction data are automatically deleted after 14 days. Anonymized metadata (success rates, error types) may be retained longer for service improvement.
Account data: User ID, credit balance, and transaction history are retained until you delete your account.
Delete your account: Use the "Delete Account" option in Settings within the app, or email webmaster@blocksize.one.
International Transfers
Data may be transferred to the United States via Anthropic and Cloudflare, protected by Standard Contractual Clauses.
Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your personal data (Article 15)
- Rectify inaccurate data (Article 16)
- Request deletion of your data (Article 17)
- Restrict processing (Article 18)
- Data portability (Article 20)
- Object to processing based on legitimate interest (Article 21)
Where processing is based on your consent, you have the right to withdraw that consent at any time (Article 7(3) GDPR). Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise these rights, contact webmaster@blocksize.one. We will respond within 30 days. Given our minimal data collection, there is limited data to act upon.
Supervisory Authority
Postfach 20 04 44, 40102 Düsseldorf, Germany
https://www.ldi.nrw.de
Changes
We may update this policy. Continued use constitutes acceptance.
Contact
For privacy inquiries: webmaster@blocksize.one