Privacy Policy

Last updated: May 7, 2026

Summary: Your documents stay on your device and are NEVER sent to our servers. We only collect your email and password for authentication. We never sell your data to third parties.

1. Introduction

Sigillarium ("we", "our", "us") is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, share, and protect your personal information when you use our Sigillarium mobile application.

2. Data Collected

2.1 Authentication Information (ONLY)

Email address: Used to create and manage your account
Password: Stored securely and encrypted via Firebase Authentication

2.2 Documents and files — LOCAL STORAGE ONLY

⚠️ IMPORTANT: Your documents, photos, and files remain EXCLUSIVELY on your device. We do NOT store them on our servers, we do NOT upload them, and we do NOT have access to them.

Documents: Stored in the app's private folder on your device
Photos and scans: Stored locally on your phone only
Watermarks/seals: Applied locally with no transmission to our servers
Metadata: Names, tags, categories remain on your device

2.3 Subscription data

Subscription data: Information about your premium subscription via RevenueCat (user ID, subscription status)

That's it! We do not collect any other data.

3. Camera Usage

Sigillarium requests access to your camera to allow you to:

Scan paper documents directly in the application
Take photos of documents to store them locally on your device
Apply watermarks/seals to captured images

Important: Photos taken with the camera are stored exclusively on your device. We never access your camera without your explicit permission, and images NEVER leave your phone. They are not uploaded or shared with us or third parties.

4. How We Use Your Data

We use your personal information (email and password) to:

Manage your account and authentication
Process your payments and manage your premium subscription via RevenueCat
Send you important notifications about your account or subscription
Ensure security and prevent fraud

We do NOT use your data to:

❌ Store your documents (they remain on your device)
❌ Analyse your documents
❌ Serve targeted advertising
❌ Sell your data to third parties

5. Data Sharing

We never sell your personal data. We share your information (email only) with:

5.1 Service Providers

Firebase (Google): Authentication only (email and encrypted password)
RevenueCat: Premium subscription management (user ID, subscription status)

Important note: Your documents are NEVER shared because they remain on your device.

5.2 Legal Obligations

We may disclose your information if required by law or to:

Comply with a legal obligation
Protect our rights or property
Prevent or investigate potential misconduct
Protect the safety of users or the public

6. Data Security

We implement security measures to protect your data:

Secure local storage: Your documents are stored in the app's private folder on your device, inaccessible to other apps
Strong authentication: Secure passwords with strict requirements (minimum 10 characters, including uppercase, lowercase, numbers, and special characters)
Local biometrics: Support for Face ID / Touch ID / fingerprint to unlock the vault
Firebase Authentication: Secure authentication via Google's certified infrastructure
No transmission: Your documents are never transmitted over the Internet

7. Data Retention

7.1 Data on our servers (email and password)

We retain your authentication data for as long as necessary to:

Provide access to your account
Comply with our legal obligations
Resolve disputes

If you delete your account, your email and password will be deleted from our servers within 30 days.

7.2 Documents on your device

Your documents remain on your device. You have full control over them:

Delete them at any time from within the app
Uninstall the app to remove all local documents
We have NO access to this data

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access: Obtain a copy of your personal data
Right to rectification: Correct inaccurate or incomplete data
Right to erasure: Request deletion of your data (see deletion terms)
Right to data portability: Receive your data in a structured format
Right to object: Object to the processing of your data
Right to restriction: Request restriction of processing

To exercise these rights, contact us at: privacy@sigillarium.app

To delete your account and all your data, visit our account deletion page.

9. Cookies and Similar Technologies

Sigillarium uses local storage technologies to:

Keep your session logged in
Store your app preferences
Improve app performance

No advertising tracking cookies are used.

10. Protection of Minors

Sigillarium is not intended for persons under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

11. International Transfers

Only your authentication data (email and encrypted password) may be transferred to and stored on servers located outside your country of residence, notably in the United States (Firebase servers). We ensure that these transfers comply with GDPR requirements.

Your documents are never transferred as they remain on your device.

12. Changes to This Policy

We may update this privacy policy periodically. We will notify you of any significant changes by email or via a notification in the app. The "last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For any questions about this privacy policy or your personal data, contact us:

Email: privacy@sigillarium.app
Support: support@sigillarium.app

GDPR Compliance

Sigillarium complies with the General Data Protection Regulation (GDPR) of the European Union. Your data is processed lawfully, fairly, and transparently, and only for the specific purposes for which it was collected.