Privacy Policy

Last updated: April 29, 2026

Overview

Data Wand helps you turn paper forms into structured data. You photograph a blank form to create a template, photograph filled forms to capture the handwritten values, and the results are pushed to the destination you choose (Google Sheets, or web apps via our browser extension).

This policy explains what we collect, where it goes, and the choices you have. If you have questions, email us at [email protected].

Quick summary

  • We collect the minimum data needed to run the product.
  • We use third-party services for things we don't build ourselves: Supabase (accounts and database), Cloudflare (backend infrastructure), Stripe (payments), Google (optional OCR and Sheets export), and Sentry (error reports).
  • Captured form values on your iPhone are encrypted locally, protected by Face ID and the iOS Secure Enclave.
  • OCR can run entirely on your iPhone (the default) or via our servers; you choose in Settings.
  • You can delete your account from Settings → Delete Account at any time. No email required.

What we collect

Account information

  • Email address — required to create an account and sign in. Stored via Supabase Auth.
  • Organization name — the name you give your workspace.
  • Member roles — who in your organization is an owner, admin, or member.

We do not collect names, phone numbers, physical addresses, or other personal details beyond your email.

Usage data

To enforce plan limits and calculate billing, we log metadata about AI calls you make through Data Wand:

  • Which provider and model were used (e.g., Google Gemini)
  • Token counts and estimated cost
  • HTTP response status and timestamp
  • The organization and user the call belongs to

We do not log the content of your prompts or the AI's responses.

Device registration

When you pair your iPhone with your browser extension, we store:

  • A device identifier (UUID)
  • Device type (iOS or Chrome extension)
  • Device name (e.g., "Marko's iPhone")
  • Last-seen timestamp

This lets you see and manage your connected devices from the dashboard.

Captured form data

  • Templates and field mappings — where you've told us each field lives on a paper form — are stored in your browser and synced to your Supabase workspace so you can use them across devices.
  • Scanned form values — the actual text extracted from filled forms on iPhone — are stored only on your iPhone, in an encrypted archive protected by Face ID and the iOS Secure Enclave (AES-256-GCM). They are not uploaded to our servers.
  • When you choose to export to a destination (Google Sheets or a web form), extracted values are sent to that destination on your command. We do not retain a copy.

Billing data

If you subscribe to a paid plan:

  • Stripe is our payment processor. Card details are entered directly into Stripe's interface and never touch our servers.
  • We store a Stripe customer ID, subscription ID, status, and price tier in our database so we know what plan you're on.
  • Billing address and payment method are held by Stripe under their terms and privacy policy.

Error reports

We use Sentry to monitor application errors. When something crashes or fails, Sentry may capture the error message, stack trace, your user ID, the page or URL where it happened, and browser or device metadata. We do not intentionally send form content or captured values to Sentry.

OCR processing: on-device vs cloud

Data Wand offers two OCR modes on iPhone, selectable in Settings → OCR:

On-device OCR (default)

Text recognition runs entirely on your iPhone using Apple's Vision framework. Image data never leaves your device. This is the default and recommended mode for privacy-sensitive forms.

Cloud OCR (optional)

When you enable cloud OCR, captured images are transmitted over TLS to our Cloudflare Worker backend, which forwards them to Google Cloud Vision for high-accuracy text recognition and to Google Gemini for automatic field classification. Neither we nor Google retain the image after processing; Google processes the request and discards the image per their API terms.

You can switch between modes at any time. Choose cloud OCR when on-device recognition isn't accurate enough for complex documents; choose on-device when privacy matters more than marginal accuracy gains.

Permissions we ask for

iOS app

  • Camera — required to photograph paper forms.
  • Local Network — required to connect your iPhone to the Chrome extension on your computer over your local Wi-Fi.
  • Face ID — protects your locally stored form data. Your biometric template never leaves the iOS Secure Enclave; we only ask iOS to verify your identity.

Chrome extension

  • Active tab — to read the structure of the web form you want to populate.
  • Storage — to save templates and authentication tokens.
  • Local network — to communicate with your paired iPhone over your local Wi-Fi.

Third-party services (subprocessors)

We use the following services to run Data Wand. Data flows to them only as described above.

  • Supabase — database and authentication. Stores your email, organization, usage metadata, and device records.
  • Cloudflare — serverless backend infrastructure (Workers). Handles API requests, auth validation, and rate limiting. Receives cloud-OCR image data when that mode is enabled.
  • Stripe — payment processing. Holds customer, subscription, and payment method data under their privacy policy.
  • Google Cloud Vision — optional cloud OCR. Receives image data only when cloud OCR is enabled.
  • Google Gemini — optional automatic field classification. Receives extracted text and bounding boxes only when cloud OCR is enabled.
  • Google Sheets — optional export destination. Receives extracted form field data that you explicitly choose to export.
  • Sentry — application error monitoring. Receives error messages, stack traces, and user IDs.
  • Apple — beta distribution via TestFlight. Apple handles device identifiers for app delivery under their terms.

Each of these services has its own privacy policy and terms. We choose providers who offer strong security and privacy practices.

Google API Services — Limited Use Disclosure

Data Wand's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We access Google Sheets only to write form extraction results that you explicitly choose to export — no data is read back or retained by us.
  • Google user data obtained through OAuth is used solely to provide the Data Wand service to you.
  • We do not use Google user data to serve advertisements or for any purpose unrelated to the service.
  • We do not allow humans to read your Google user data.
  • We do not share Google user data with third parties except as necessary to provide the service (Supabase for authentication; no Google data is passed to Supabase).
  • We do not use Google user data to train machine learning models.

Data storage and security

  • Data in transit is encrypted with TLS (HTTPS).
  • Your Supabase workspace data is protected by row-level security policies so members of one organization cannot read or modify data belonging to another.
  • Your iPhone-stored captured data is encrypted with AES-256-GCM; the encryption key is held in the iOS Secure Enclave and can only be unlocked with Face ID.
  • Session tokens between the extension and iPhone are cryptographically generated and time-limited.
  • We have not had a data breach. If we ever do, we will notify affected users by email.

Data retention

  • Account data — kept while your account is active. Deleted (or anonymized where legally required) when you close your account.
  • Usage logs — currently retained while your account is active so we can investigate billing disputes and debug issues. We plan to introduce a finite retention window as we scale; we will update this policy when we do.
  • Billing records — retained in Stripe per their retention policy, and in our database for as long as they remain relevant to active or recent subscriptions.
  • On-device data on your iPhone — you control this. You can delete individual captures or wipe the entire archive from within the app.

Your rights and choices

  • Access — you can view your account and organization data in the dashboard at any time. For a complete copy of the underlying data rows we hold about you (profile, memberships, usage records, devices), email [email protected] and we will send a JSON export within 30 days.
  • Correction — update your email, organization name, and member list directly from the dashboard.
  • Deletion — delete your account from Settings → Delete Account. See the Account deletion section below for what gets removed.
  • Data portability — export your captured form data to Google Sheets at any time from within the app. For a structured export of account data, email [email protected].
  • Object to processing — if you believe we are processing your data in a way that is not justified by a legitimate purpose, email [email protected].
  • OCR mode — choose on-device or cloud OCR from Settings → OCR on your iPhone.

Account deletion

You can delete your account yourself from Settings → Delete Account in the dashboard. Deletion is immediate and permanent — there is no grace period. If you cannot access your account, email [email protected] from the address associated with your account and we will process the request manually.

Deleting your account:

  • Removes your email and authentication record from Supabase
  • Cascades to your organization membership records and device registrations
  • Cancels any active Stripe subscription
  • Does not automatically delete data stored locally on your iPhone — you can delete that directly from within the app

Certain records may be retained where required by law (for example, Stripe keeps payment history for tax reporting obligations).

California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and its amendment (CPRA) give you the following rights:

  • Right to know — you have the right to know what personal information we collect, use, and disclose about you. This policy describes that in full. For a complete data export, email [email protected].
  • Right to delete — you can delete your account and all associated data from Settings → Delete Account. See Account deletion above.
  • Right to correct — you can update your email, organization name, and member roles from the dashboard at any time.
  • Right to opt out of sale or sharing — we do not sell or share your personal information with third parties for advertising or cross-context behavioral purposes. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise your rights, use the self-serve controls in the dashboard or email [email protected]. We will respond within 45 days as required by law.

EU and UK residents (GDPR / UK GDPR)

If you are in the EU or UK, you have the following rights under the GDPR and UK GDPR. Data Wand is operated from the United States; by using the service you acknowledge that your data is transferred to and processed in the US.

  • Right of access (Art. 15) — request a copy of the personal data we hold about you. Email [email protected] and we will send a JSON export within 30 days (extendable to 60 days for complex requests).
  • Right to rectification (Art. 16) — correct inaccurate data from the dashboard (email, organization name, member roles).
  • Right to erasure / right to be forgotten (Art. 17) — delete your account from Settings → Delete Account. This removes your authentication record, organization memberships, device registrations, and usage logs from our systems immediately.
  • Right to data portability (Art. 20) — export your captured form data to Google Sheets from within the app. For a structured export of account data in machine-readable format, email [email protected].
  • Right to object (Art. 21) — if you believe we are processing your data without a legitimate basis, email [email protected] and we will review your request.

To exercise any of these rights, use the self-serve controls in the dashboard or email [email protected]. We will respond within 30 days as required by GDPR Art. 12.

Children's privacy

Data Wand is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, email [email protected] and we will delete it.

International users

Data Wand is operated from the United States. If you use Data Wand from outside the US, your data is transferred to and processed in the US. We honor data subject requests from EU, UK, and California residents as described in the sections above. Email [email protected] for any request we cannot fulfill through the self-serve dashboard controls.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Email [email protected].

Data Wand is operated by DATAWAND LLC.