Auto Redact — Privacy Policy
Last updated: July 2026
The short version: Auto Redact collects no data about you. The app has no user accounts, no analytics, no tracking, and no server of ours that your documents could ever reach. Everything — scanning, text recognition, and redaction — happens locally on your device.
1. Data Controller
Tavlo - German Entity
E-Mail: contact@tavlo.tech
This policy covers the Auto Redact mobile and web app. The policy for the tavlo.tech website itself is available at /privacy/.
2. What the App Does With Your Documents
When you scan a letter with the camera, import a photo, or open a PDF, all processing happens on your device:
- Text recognition (OCR) runs locally — Apple/Google ML Kit on your phone, or a WebAssembly engine in your browser.
- Detection of personal data (names, IBANs, phone numbers, and so on) runs locally.
- Redaction — the black boxes — is applied locally.
Your document photos, PDFs, and their text are never uploaded to Tavlo or anyone else by the app. We could not read your documents if we wanted to.
3. What Is Stored on Your Device
Documents you save appear in the app's library, stored only on your device. The mapping between redacted placeholders and the original values is encrypted at rest with AES-256-GCM; the encryption key is stored in your device's secure Keychain/Keystore. You can protect the app with Face ID, fingerprint, or a PIN — biometric data is handled entirely by the operating system and never reaches the app or Tavlo.
Deleting a document in the app deletes it from your device. Uninstalling the app deletes the entire library.
4. When Data Leaves Your Device
Data leaves your device only when you explicitly send it somewhere:
- Share & export. When you share a redacted image, PDF, or text via the share sheet, only the redacted version you approved is handed to the app you choose (e.g. ChatGPT, Claude, Gemini, email). From that point, the receiving app's privacy policy applies.
- Optional “Ask AI”. This feature is off by default and requires your own API key, which is stored encrypted on your device. When you use it, only the redacted text of your question and document is sent directly from your device to the AI provider you configured (e.g. Anthropic, OpenAI, Google). Tavlo operates no intermediary server and never sees these requests.
5. Component Downloads (Not Your Data)
On first use, the app may download software components: OCR language files and, if enabled, an on-device detection model (in the browser these come from public CDNs). These are downloads of program files only — none of your content is included in these requests.
6. Permissions
- Camera — to scan documents. Images are processed on-device.
- Photo library — to import pictures you pick. Read-only, processed on-device.
- Files — to import images and PDFs you pick, processed on-device.
7. Analytics, Advertising, Third Parties
The app contains no analytics, no advertising SDKs, and no tracking of any kind. No user profiles are created. No data is sold or shared with third parties.
8. Children
The app is not directed at children. Since the app collects no personal data, no data about children is collected either.
9. Your Rights
Because your data never reaches us, there is nothing for Tavlo to access, correct, export, or delete — you hold your data yourself, on your device. For any questions about data protection you can contact us at contact@tavlo.tech.
10. Changes
If the app's data handling ever changes, this policy will be updated here before such a change takes effect, with the “last updated” date above revised accordingly.