Privacy Policy

Last updated: 29 April 2026 · Applies to CardHaus version 1.0 and later.

CardHaus (“the app”, “we”, “us”) is a business-card scanner app for iPhone and iPad. This policy explains, in plain English, what data the app handles, where it goes, and what choices you have.

If anything below isn't true any more, we'll update this page and bump the “Last updated” date. Material changes will also be called out in the app's “What's New” notes.

1. The short version

Your scanned cards live on your device. We don't have a copy.
We don't run third-party analytics or crash-reporting SDKs.
We do show ads from Google AdMob to support the free tier. AdMob receives standard ad-request data (device model, OS version, IP-derived coarse location, advertising identifier if you grant the iOS tracking permission). It never receives your scanned cards. See § 4 for the full breakdown, and § 7 for how to turn ads off.
The only times your card data leaves your device are when you explicitly ask the app to send it — for example, tapping “Export to Outlook”.
We never sell your data. There's nobody to sell it to: we don't have it.

2. What we store, and where

On your device

The following data is stored locally in the app's private SwiftData container, encrypted at rest by iOS Data Protection (Class C):

The contents of every card you scan, type, or import — name, job title, company, phone numbers, email, website, address, social handles, notes, tags, custom category, scan date, and the optional card image.
Your “My Card” (the digital business card you share with others).
Your settings — language preference, sort order, favourites, follow-up reminder schedule, and which features (e.g. AI Assist) you've turned on.

If you ever uninstall the app, iOS deletes this data. We have no way to recover it.

In the iOS Keychain

Standard OAuth access and refresh tokens for the third-party services you voluntarily connect (currently Microsoft 365 and Microsoft Dynamics 365). Tokens are stored under the com.saeedsaf.LeadLens.tokens Keychain service and protected with kSecAttrAccessibleAfterFirstUnlock. Removing a connection from Settings → Connections deletes the matching token.

On our servers

None. CardHaus 1.0 has no server back-end. We do not operate a database, file store, or message queue that holds user data.

3. When data leaves your device

Card data only leaves your device on your explicit action. The complete list, as of v1.0:

Action you take	What we send	Where
Tap Export to Microsoft 365 (Outlook)	The fields of the card you chose to export, formatted as a Microsoft Graph contact.	`https://graph.microsoft.com/v1.0/me/contacts` — i.e. your own Outlook mailbox.
Tap Export to Microsoft Dynamics 365	The same fields, formatted as a Dataverse contact.	The Dataverse environment URL you supplied when connecting (e.g. `https://contoso.crm4.dynamics.com`).
Tap Save to iOS Contacts	The contact card.	The on-device Contacts database, which then syncs according to your iCloud / Exchange Contacts settings — those are not CardHaus.
Tap Refresh Company (future Pro feature, not enabled in v1)	The company name on the card.	The Azure AI Foundry endpoint configured in `Secrets.swift` if the app's developer has enabled AI Assist. Off by default unless an endpoint is configured.
Tap Open on LinkedIn	A LinkedIn URL or search query containing the contact's name.	The LinkedIn iOS app or `linkedin.com`. LinkedIn handles it under their privacy policy.
The app fetches a company logo	The contact's email domain (e.g. `acme.com`).	`logo.clearbit.com` and, as a fallback, `google.com/s2/favicons`. The contact's name and personal data are not sent.

OAuth sign-in itself involves a redirect through login.microsoftonline.com in an ASWebAuthenticationSession browser, where Microsoft authenticates you directly. We never see your password.

4. Advertising (Google AdMob)

The free tier of CardHaus shows native ads supplied by Google AdMob. This is the only third-party SDK in the app. We chose AdMob because it lets us keep the app free without standing up a tracking pipeline of our own.

What AdMob receives on every ad request:

Your device model, OS version, screen size, language, and time zone.
An IP address (which Google translates into approximate, country-level location for ad-relevance purposes).
A randomly-generated advertising identifier:
- IDFA (the system advertising identifier) — only when you tap Allow on the iOS App Tracking Transparency prompt.
- IDFV (an identifier scoped to apps from the same vendor) — always.
The ad unit ID being loaded (so AdMob knows which placement to fill).
SKAdNetwork attribution postbacks (Apple's privacy-preserving install-attribution standard).

What AdMob never receives:

Any contents of the cards you scan.
Your name, email, photos, or contact list.
Your precise location (we make no Core Location calls).

If you decline the App Tracking Transparency prompt, AdMob still serves ads — they're just non-personalised, drawn from a contextual pool rather than tailored to a profile. Either way the app works the same.

Google's handling of this data is governed by the Google Privacy Policy and the AdMob & AdSense terms.

Turning ads off entirely: CardHaus Pro removes ads. You can also flip the Show ads toggle in Settings → General at any time, even without Pro, and the AdMob SDK stops loading and rendering.

5. What we never collect

CardHaus does not collect, transmit, store on our servers, or share with any third party:

Your camera frames (OCR runs entirely on-device using Apple's VisionKit).
Your photo library beyond the single image you pick to import.
Your physical location (no Core Location calls). Note: AdMob will derive a coarse, country-level location from your IP address — see § 4.
Your contacts list beyond what you explicitly choose to import.
Your microphone, health data, browsing history, or financial information.
Your scanned card contents — neither we nor Google AdMob ever receive the names, phone numbers, emails, or notes from your library.

6. Children

CardHaus is rated 4+ and does not knowingly collect data from anyone. It is also not directed at children under 13. If you believe a child has somehow been affected by the app, contact us at the address below and we will help.

7. Your rights

Because CardHaus stores all card data on your device, you are already in control:

Access — every card you've scanned is visible in the app's list view.
Export — Settings → Export lets you save your entire library as CSV or vCard.
Delete one card — swipe left on the card.
Delete everything — Settings → “Erase all data” or simply uninstall the app.
Stop seeing personalised ads — iOS Settings → Privacy & Security → Tracking lets you withdraw the App Tracking Transparency permission at any time. Future ads will be non-personalised.
Stop ads entirely — Settings → General → Show ads turns the ad surface off, or upgrade to Pro.

If you live in the EU/UK and rely on GDPR/UK-GDPR rights of access, rectification, erasure, restriction, portability, or objection — these are all satisfied by the in-app controls above. Because we hold no card data on our servers, there is nothing for us to forward to a Data Subject Access Request. If you'd nevertheless like written confirmation of that, email us and we'll send it.

The legal basis under GDPR/UK-GDPR Article 6(1)(b) for processing the data you choose to send to Microsoft 365 / Dynamics 365 is performance of the contract you have with Microsoft (your work account); CardHaus is a processor only at that moment, and the data is in transit, not at rest with us. The legal basis for processing your IP address and advertising identifier through Google AdMob is your consent (Article 6(1)(a)) when you allow App Tracking Transparency, and our legitimate interest in funding the free tier of the app (Article 6(1)(f)) when you decline it — in which case ads are non-personalised.

8. Security

All network traffic is HTTPS (TLS 1.2+). The app blocks plaintext HTTP at the App Transport Security level.
OAuth tokens are stored only in the iOS Keychain.
Card data is stored in the app's sandboxed SwiftData store, which iOS protects with file-level encryption tied to your device passcode.
Optional Face ID / Touch ID lock can be turned on in Settings.

We do not promise that any system is impenetrable, but we follow standard Apple-recommended practices and we do not roll our own cryptography.

9. International transfers

Card data only crosses borders when you trigger an export to Microsoft 365 or Dynamics 365. In that case the data goes to the Microsoft tenant region you chose when you set up your work account — not a region we picked. Microsoft's own privacy commitments cover that transfer.

Ad-request data sent to Google AdMob is handled on Google's global ad infrastructure; Google operates regional data centres and acts as a data controller for that traffic under their own privacy policy.

10. Third-party services we touch

Service	When it's reached	What is shared	Their privacy policy
Google AdMob (`googleads.g.doubleclick.net`, `pagead2.googlesyndication.com`)	Every app launch on Free, unless you toggled ads off.	Device model, OS, IP address, ad unit ID, IDFV, IDFA (only with ATT consent), SKAdNetwork postbacks. No card data.	policies.google.com/privacy
Microsoft Graph (`graph.microsoft.com`)	Only when you tap “Export to Microsoft 365”.	The card's fields.	privacy.microsoft.com
Microsoft Dynamics 365 (your env URL)	Only when you tap “Export to Dynamics 365”.	The card's fields.	privacy.microsoft.com
Microsoft sign-in (`login.microsoftonline.com`)	Only during the OAuth handshake when you connect a Microsoft account.	Whatever you type into Microsoft's sign-in page (we never see it).	privacy.microsoft.com
Clearbit Logo API (`logo.clearbit.com`)	Each time we display a company logo.	The email domain on the card.	clearbit.com/privacy
Google Favicon (`google.com/s2/favicons`)	Logo fallback only.	The email domain on the card.	policies.google.com/privacy
LinkedIn (`linkedin.com`, `linkedin://`)	Only when you tap “Open on LinkedIn”.	A search query containing the contact's name.	linkedin.com/legal/privacy-policy

11. Changes to this policy

We'll update this page when we add features that change what data the app handles. The new policy goes live before the new feature is enabled in a public release.

12. Contact

Questions, complaints, or right-to-erasure requests:

Email: hello@lead-lens.app
Postal: (your registered address)

We'll respond within 30 days, usually much sooner.