Document of Record
Privacy Policy
Effective 7 May 2026 · Last updated 7 May 2026 · Folio I
This Privacy Policy explains how the Muniment iOS application (“Muniment”, the “App”, “we”, “us”) collects, uses, and shares information when you use it.
Muniment is operated as a sole trader by Dmitrii Demin, an individual developer based in Georgia (the country). Throughout this policy “we” refers to that operator. For any privacy-related question, write to [email protected].
Plain-language summary
- Muniment is a personal warranty and receipt tracker. Most of your data lives only on your device and, if you enable iCloud, in your private iCloud account that we cannot access.
- We never ask for your name, email, address, phone number, or location.
- When you use AI Scan, the photo of your receipt or warranty card is sent over an encrypted channel to our server, which forwards it to OpenAI to extract structured fields. We do not retain the image; OpenAI’s enterprise data policy applies.
- We use Firebase Analytics and Crashlytics to understand how the app is used and to fix crashes. These send aggregated, pseudonymous events — not your warranty content.
- Subscriptions are processed by Apple. We use RevenueCat to receive subscription state. Apple, not us, processes your payment.
- You can delete your data at any time from inside the app or by uninstalling it and disabling iCloud sync for Muniment.
Information we collect
Information you create on your device
When you add a warranty, you may enter or attach: product name, brand, model, serial number, retailer, purchase date, price, currency, warranty length, free-text notes, and photographs of receipts or warranty cards. This information is stored locally using Apple’s Core Data framework. If you enable iCloud, the same records are mirrored to your private iCloud Database via CloudKit. Apple stores this data; we have no access.
Photographs you submit to AI Scan
When you tap “Scan with AI”, Muniment downsizes the photograph to a maximum of 1024 px on the longest side, JPEG-compresses it, and sends it over HTTPS to our backend at api.muniment.app. Our backend forwards the image to OpenAI’s Chat Completions API to extract structured fields, which are returned to your device and used to pre-fill the Add Warranty form. We do not store the image on our backend.
Subscription information
If you subscribe to Muniment Pro, Apple processes the transaction. Apple shares a transaction receipt with us through RevenueCat. We use this receipt to know whether you have an active subscription. We never receive your card or Apple Pay details.
Usage analytics
Muniment uses Google Firebase Analytics to record events such as: app opened, screen viewed, paywall viewed, scan started, scan completed, warranty added, settings viewed. Each event includes a Firebase-assigned installation identifier and basic device information (model, OS version, language, timezone). It does not include the content of your warranties or photos.
Crash diagnostics
Muniment uses Google Firebase Crashlytics. When the app crashes, it records: stack trace, device model, OS version, app version, language, free disk space, and pseudonymous identifiers. It does not include warranty content.
Device identifier for AI Scan quota
The first time you launch the app, Muniment generates a random UUID and stores it locally. It is sent to our backend with each AI Scan request so we can enforce a per-device monthly cap. The UUID is not linked to your Apple ID, Firebase ID, or RevenueCat ID; it resets if you reinstall the app.
Server logs
Cloudflare logs request metadata (IP address, timestamp, response code, user-agent) for routine reliability monitoring. These logs are retained per Cloudflare’s standard retention (currently up to 30 days) and are not joined with your warranty content.
How we use your information
| Purpose | Lawful basis (GDPR) |
|---|---|
| Run the app on your device | Performance of contract (Art. 6(1)(b)) |
| Sync your data via your private iCloud account | Performance of contract |
| Process AI Scan via OpenAI | Performance of contract; explicit user action |
| Manage subscription, trial eligibility, and entitlement | Performance of contract; legal obligation |
| Enforce per-device AI Scan quota | Legitimate interest in preventing abuse |
| Analytics on aggregate app usage | Legitimate interest (Art. 6(1)(f)) |
| Crash and stability diagnostics | Legitimate interest |
| Comply with applicable law | Legal obligation |
We do not sell your information. We do not run targeted advertising. We do not profile you for marketing purposes.
Sub-processors
| Provider | Role | What we share | Policy |
|---|---|---|---|
| Apple Inc. | iCloud sync, payments, push | iCloud-mirrored warranties; transactions | link |
| OpenAI | AI Scan | Single image per scan | link |
| Cloudflare | Backend host, KV, CDN | Request metadata; deviceId; scan count | link |
| Google (Firebase) | Analytics & Crashlytics | Usage events, crash logs | link |
| RevenueCat | Subscription management | Anonymous user ID, transaction state | link |
API submissions to OpenAI are not used to train OpenAI models. Default 30-day retention applies for abuse monitoring.
Data retention
| Data | Retention |
|---|---|
| Local Core Data records | Until you delete them or uninstall the app |
| iCloud-mirrored records | Until you delete them or remove Muniment from iCloud |
| AI Scan images on our backend | Not stored after response |
| AI Scan images at OpenAI | Up to 30 days for abuse monitoring |
| deviceId and monthly scan count | 35 days, auto-expires |
| Cloudflare server logs | Up to 30 days |
| Firebase Analytics events | 14 months |
| Crashlytics reports | ~90 days |
| RevenueCat subscription history | While active + 12 months |
Your rights
If you are in the EU/EEA, the UK, Switzerland, Georgia, California, or another jurisdiction granting these rights, you have the right to access, rectify, erase, restrict, object to processing, port your data, withdraw consent, and lodge a complaint with a supervisory authority. In Georgia: Personal Data Protection Service.
To exercise any of these, write to [email protected]. We will respond within 30 days.
Most rights you can also exercise yourself, immediately, in the app:
- Export your data: Settings → Permissions & Data → Export (PDF or CSV).
- Delete a record: open the warranty → trash icon.
- Delete everything local: uninstall Muniment.
- Delete iCloud copies: system Settings → [your name] → iCloud → Manage Storage → Muniment → Delete Data.
- Stop AI Scan submissions: simply do not use the AI Scan feature.
Children
Muniment is rated 4+ for content appropriateness, but the service is intended for users at least 13 years old (16 in jurisdictions where higher consent age applies under GDPR). We do not knowingly collect personal data from children under that age. Contact [email protected] if you believe a child has used the service.
International transfers
Where personal data is transferred from the EU/EEA, the UK, or Switzerland to the United States, transfers rely on Standard Contractual Clauses adopted by the European Commission, supplemented by each provider’s technical and organisational safeguards.
Security
Data in transit is protected by HTTPS/TLS. Data at rest on your device is protected by iOS file-system encryption when locked. iCloud-mirrored data is encrypted by Apple. Our backend stores no image content; secrets live in Cloudflare’s encrypted secret store. If we become aware of a breach, we will notify affected users and regulators within 72 hours.
Changes
We may update this Privacy Policy. The “Last updated” date reflects the most recent revision. For material changes, we will notify you in-app before the change takes effect.
Contact
| Privacy & data subject requests | [email protected] |
| Customer support | [email protected] |
| Legal | [email protected] |