← Back to home
Privacy Policy
Privacy Policy
How we collect, use and protect your information.
Effective: 13 July 2026
Data Controller
The data controller for the RealScan platform is Lemorange Ltd, a company incorporated in the Republic of Cyprus. You can contact us at [email protected] for all data-related enquiries.
What We Collect
- Account details: your name, email address and a securely hashed password.
- Uploaded financial documents and their images: invoices, receipts, bank statements, credit notes and any other documents you submit for processing, together with the structured data extracted from them.
- Camera access (mobile app): used only to capture document photos within the RealScan app. Images are uploaded immediately to your account; they are not stored locally on the device beyond the active capture session.
- Location data (optional, opt-in only): approximate or precise GPS coordinates, used only to embed a geotag in document captures when you enable that feature. We do not track your movements.
- Device, usage and diagnostic data: device type, operating system version, app version, feature-usage telemetry and error logs, used to maintain and improve the service.
Why We Use It and Our Legal Bases
We process personal data for the following purposes and on the following legal bases under GDPR Article 6:
- Providing the service: processing data is necessary to fulfil our contract with you (Article 6(1)(b)).
- Document processing and posting: reading, classifying and posting documents to your accounting system - the core function of the service (Article 6(1)(b)).
- Customer support: responding to your help requests and resolving issues (Article 6(1)(b)).
- Security and fraud prevention: protecting the service, our users and the integrity of financial data (Article 6(1)(f) - legitimate interests).
- Legal compliance: meeting applicable legal obligations, including responding to lawful regulatory requests (Article 6(1)(c)).
Sub-processors
We use the following categories of third-party processors to deliver the service: cloud document processing and OCR services; cloud hosting and storage infrastructure. All processors are contractually bound to handle your data only on our instructions and to maintain appropriate security measures. We use providers based in the EU or covered by an adequacy decision or Standard Contractual Clauses. Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).
International Transfers
We store and process your data within the EU/EEA. Where any sub-processor operates outside the EEA, we ensure appropriate safeguards are in place under GDPR Chapter V, including Standard Contractual Clauses or reliance on an adequacy decision by the European Commission.
How Long We Keep Your Data
- Account data: retained for the duration of your subscription, plus 30 days after account closure, then permanently deleted.
- Uploaded documents and extracted data: retained according to your configured retention policy. The default is 7 years, aligned with Cyprus and UK statutory requirements for financial records.
- Backup copies: deleted within 90 days of the document's retention date.
- You may request earlier deletion at any time - see your rights below.
Your Rights
Under GDPR you have the right to access, correct, erase and port your data, and to object to or restrict certain processing. You can export or delete your account and documents in one step from within the platform. To exercise any right, contact us at [email protected] - we will respond within one calendar month. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (dataprotection.gov.cy) or with the supervisory authority in your country of residence.
Security
We protect your data with encryption in transit and at rest, role-based access controls, full audit logging of every data change, and security controls designed to ISO 27001 standards. We conduct regular security assessments and notify affected users of any breach as required by GDPR Article 33.
Children
RealScan is a professional accounting and document-management tool. It is not directed to children under the age of 18, and we do not knowingly collect personal data from children.
Mobile Application - Device Access
The RealScan Android app is built to request as little device access as possible.
- Camera: used to photograph documents. Capture is handled by Google's on-device document scanner (part of Google Play services), so the image is taken within that secure Google component. Captured images are uploaded to your account and are not kept on the device beyond the capture session.
- Local network: if you use the in-app scanner feature, the app looks for compatible scanners on your local network (for example an office multifunction printer/scanner) so it can import scanned pages. This traffic stays on your local network.
- Location (optional): requested only if you turn on Add GPS to scans in Settings, to tag captures with a location for audit trails. You can decline and the app works fully without it, and revoke it anytime in Android settings.
- Minimal permissions: the app does not request contacts, microphone or standalone storage permissions. On the network it declares only internet access.
Changes to This Policy
We may update this policy from time to time. We will note the new effective date at the top of this page. For material changes we will notify you by email at least 14 days before the change takes effect.